Jump to content

karsayor

Members
  • Content Count

    49
  • Joined

  • Last visited

Everything posted by karsayor

  1. That's what we did, it's an IIS server that has to be online on internet (443) but it sometimes detect those attacks which it's not vulnerable to. Its good that ESET blocks those attacks but if the server is not vulnerable to it, I don't need them to appear.
  2. Ok thanks, was looking at wrong place. What's the difference between Notify and Log in the Action section ? I want to remove alerts of CVE-2015-1635 from ESMC because the server is not vulnerable and they are blocked so I don't need them to appear but still have them blocked.
  3. Yes we are 😀 Do you know how / when it can be fixed ? Will you update this topic ?
  4. do you see anything wrong with my proxy conf ? thanks whats ports are used for the services ? Because our appliances can only do HTTP / HTTPS to any address on the internet.
  5. Is there anything we can do to exlude the detection of these ? As soon as I have confirmed the server is not vulnerable to CVE-2015-1635, it should be possible to exlude detection of this event but the "Create Exlclusion" is greyed out for these detections
  6. Yes we use the Apache HTTP Proxy of ESMC appliance and it works fine for the base product and agents. Our proxy.conf is as follows, maybe there is an issue with it ? # # Enable HTTP Cache # CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 200000000 CacheMaxExpire 604800 CacheQuickHandler Off CacheRoot /var/cache/httpd/proxy AllowCONNECT 443 2222 ProxyRequests On ProxyVia On SetEnv proxy-initial-not-pooled 1 ErrorLog "|/usr/sbin/rotatelogs -n 10 /var/log/httpd/error_log 1M" <VirtualHost *:3128> ProxyRequests On </VirtualHost> <VirtualHost *:3128> ServerName r.edtd.eset.com ProxyRequests Off CacheEnable disk / SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=10 smax=10 ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On </VirtualHost> <Proxy *> Deny from all </Proxy> #*.eset.com: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.eu: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.systems: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[s,S][y,Y][s,S][t,T][e,E][m,M][s,S](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Antispam module (ESET Mail Security only): <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Services (activation) <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #ESET servers accessed directly via IP address: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> Also, what are the required ports to connect to r.edtd.eset.com and d.edtd.eset.com ? It's not specified in the doc and might be the issue as well.
  7. Ok so endpoints should connect directly to these address ? They cannot use the http proxy on esmc ? that was not clear to me
  8. I successfully activated a Dynamic Threat Defense on a device, activate it through policy, now I get this : ESET Dynamic Threat Defense is not working. Connection to authentication servers failed. I wonder because we have a HTTP Proxy setup for Agents / Products, it seems that EDTD does not use the HTTP Proxy ? Or what could be missing ?
  9. OK indeed you are correct that's about an exception I did not make... Thanks !
  10. Hello I noticed that some servers reports that CVE has been blocked, some others allowed. What does it exactly mean and why does it block on some servers and not on others ? If someone could tell me how this works ? Would be nice. Thanks
  11. Ok I get it. But if I have a mix of both, for example I have all licences created in MSP console except Dynamic Threat Defense which is a normal license for now since not available in MSP, then waht shall I do ? Add the Dynamic Threat Licence to the same account in EBA and then add this account to ESMC -> will show MSP and Dynamic Threat license ?
  12. Hello @MichalJ Thank you, very helpful ! Is it normal then that the licence assigned to an EMA/EBA account in MSP console V2 doesn't appear in EBA ? Will it still appear in ESMC when adding the account ?
  13. Hello I'm having troubles figuring exactly how things works / are linked now between new MSP console and EBA. Is this correct ? If yes, whats the relation between the user created in MSP and EBA ? Because it seems the user created with MSP can be used for EBA using this assistant for country / company setup, but then it doesn't contain the licences that were created in MSP and allowed to be managed by the user. I'm not sure in what cases EBA would be necessary, AFAIK it would be to use Cloud Administrator or to group licences in one account, but what other reasons ? Thanks for the help, I'm trying to figure this out for a few days already. Maybe I just didn't look at the right place.
×
×
  • Create New...