Jump to content

karsayor

Members
  • Content Count

    55
  • Joined

  • Last visited

  • Days Won

    1

karsayor last won the day on December 23 2020

karsayor had the most liked content!

Profile Information

  • Gender
    Not Telling
  • Location
    Switzerland

Recent Profile Visitors

736 profile views
  1. I try to create a dynamic group with following settings. My goal is to install a software if its not installed nor in it's MSI version, and if one of the NIC has one of the specific DNS address. It does take into account the DNS settings but it does not work detecting application. I saw the warning but honestly I do not understand it : I also saw the examples on the docs, but none of them seem to help me when it comes to use two different conditions.
  2. Description: Automate the "rerun on failed" trigger Detail: When upgrading Endpoint or Agents to latest version, often it might fail on some computers due to many reasons. It would be nice to have the ability to automate the trigger on these because as of now you have to constantly monitor and rerun many times the task. Using a dynamic group also doesn't work since the task will run when computers joins group but if it fails it will not run again.
  3. Description: Retrieve system uptime to ESMC with agent Detail: Send system uptime with ESMC Agent to ESMC so that this can be used for Dynamic group (or task eventually). For example a dynamic group with all computers with uptime more than X hours. That would allow to run task on those computers.
  4. Hello It would be a nice add to ESMC / Agent to have the ability to create Dynamic Groups with System Uptime. I do not know where to place a feature request...
  5. That's what we did, it's an IIS server that has to be online on internet (443) but it sometimes detect those attacks which it's not vulnerable to. Its good that ESET blocks those attacks but if the server is not vulnerable to it, I don't need them to appear.
  6. Ok thanks, was looking at wrong place. What's the difference between Notify and Log in the Action section ? I want to remove alerts of CVE-2015-1635 from ESMC because the server is not vulnerable and they are blocked so I don't need them to appear but still have them blocked.
  7. Yes we are 😀 Do you know how / when it can be fixed ? Will you update this topic ?
  8. do you see anything wrong with my proxy conf ? thanks whats ports are used for the services ? Because our appliances can only do HTTP / HTTPS to any address on the internet.
  9. Is there anything we can do to exlude the detection of these ? As soon as I have confirmed the server is not vulnerable to CVE-2015-1635, it should be possible to exlude detection of this event but the "Create Exlclusion" is greyed out for these detections
  10. Yes we use the Apache HTTP Proxy of ESMC appliance and it works fine for the base product and agents. Our proxy.conf is as follows, maybe there is an issue with it ? # # Enable HTTP Cache # CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 200000000 CacheMaxExpire 604800 CacheQuickHandler Off CacheRoot /var/cache/httpd/proxy AllowCONNECT 443 2222 ProxyRequests On ProxyVia On SetEnv proxy-initial-not-pooled 1 ErrorLog "|/usr/sbin/rotatelogs -n 10 /var/log/httpd/error_log 1M" <VirtualHost *:3128> ProxyRequests On </VirtualHost
  11. Ok so endpoints should connect directly to these address ? They cannot use the http proxy on esmc ? that was not clear to me
  12. I successfully activated a Dynamic Threat Defense on a device, activate it through policy, now I get this : ESET Dynamic Threat Defense is not working. Connection to authentication servers failed. I wonder because we have a HTTP Proxy setup for Agents / Products, it seems that EDTD does not use the HTTP Proxy ? Or what could be missing ?
  13. OK indeed you are correct that's about an exception I did not make... Thanks !
×
×
  • Create New...