karsayor

Hello New feature Ability to distinguish if BitLocker is activated on a specific machine does not seems to be working, or at least I do not know how to use it. I know for sure the agent has Bitlocker enabled on C drive, but I do not find the information anywhere. Anyone knows how this is supposed to work ?

This is rather a manual and painful solution. @MichalJnothing new about this matter ?

Thank you Peter.

Can someone explain whats needed to exploit the issue ?

Thank you guys. So it means it's not that bad because it only affects administrators or service accounts by default. If someone already has admin access to a computer, elevating to SYSTEM isn't anymore useful, right ? Of course it's best to patch asap

Hello I followed procedure Advanced security | ESET PROTECT | ESET Online Help to enable Advanced Security. I have an issue with the step 8 below because if I exchange the certificate with the new one and also do the point 9, clients that were not connected between steps 6 and 8 will no longer connect because they cannot validate certificate chain (as they did not yet download the NEW CA and immediately changed the agent certificate) I hope I am clear enough ? Am I doing something wrong or is the documentation missing a point that Agents must connect to server before replacing agent and server certs ?

I saw on the changelog of ESET Server Security 8.0.12010.0 that a security vulnerability was fixed, but I cannot find any info about it (how critical, etc..) Can we have info about this CVE-2021-37852 ?

Ok I don't know why, I redid the process and it works now.. Thanks the the hint !

Ok, thank you. What is the difference in the two settings you showed and the settings from the new policy Auto-updates that has appeared in Protect v9 ?

Hi I tried to setup LDAPS authentication & sync task in ESMC Virtual Appliance. I did according to this : Configure LDAPS connection to a domain | ESET PROTECT | ESET Online Help and this Synchronization mode - Active Directory/Open Directory/LDAP | ESET PROTECT | ESET Online Help It works fine for domain authentication in the console, but for the AD Sync task it doesn't. When setting up the task using Active Directory, it shows the following error. If I select LDAP instead of AD, it works fine but of course not secured. The task was working fine before enable LDAPS in virtual appliance settings so I think it's all good. The appliance is domain joined, has been upgraded through years (version 9.0 now installed) Any idea what is going on ? I am trying to solve bind integrity verification issue on Domain Controllers :

OK will go through distributor in the future. Honestly how was I supposed to know that i's antispam related ? It's reported in the firewall module with no mention of the issue. Is there a way to check whether an IP is in the blacklist anywhere ? It has been unblocked ? Sorry but I really feel like it's a blackbox and have no idea how it works and how to troubleshoot without having to contact ESET everytime

Just sent, thanks for being so fast Marcos

Hello We have our load balancers that have been blocked by EsetIpBlacklist. The reason of the block is unknown. How can we dig ? How was the IP added to the list ? What is the way to remove it's IP from the blacklist ? There might have been an attack but what kind of and on which server who triggered the add to the blackList ?

If I understand correctly release notes of Protect v9, PCU updates have been set to work only from v9 of endpoint ?

Also on Server Security 8.0, the behaviour is still the old, it activates though policy and tells about missing license. Which I think is better than having no info at all 🙄

ok

I have same issue to identify devices without EDTD now since the change. How can I identify them with the on-premise console ?

With version 7 when EDTD was activated by policy without a license, it would then come with a warning. I then used this rule to catch & activate them This doesn't seem to work with latest version of Endpoint Security as long as EDTD licence is not activated on the device, it doesn't even show (and take policy into account) EDTD features in the settings.

I have a policy that enables Dynamic Threat Defense on computers : But on the Endpoint, Dynamic Threat Defense is not visible in the settings nor seems activated. We have latest version of Endpoint Security (8.1.2037). I made a dynamic group for computers that reports EDTD license missing to activate it, but no computers pops in. Has anything changed with the way EDTD must be activated ?

OK. I relied on KB2256 but it seems wrong then. What in case of update to v9 for example, will it also auto-update via uPCU updates ? While I think auto-update is great for bugfix and security issues, I'm afraid of it deploying newer version with new features and changes automatically without any control over it ?

Hi Marcos, Sorry to interfer in this thread, but I don't get it. I tought uPCU updates were for updates in the same version (8.1.2031 to 8.1.2037) while PCU were for upgrades (8.0.2039 to 8.1.2037). Is this incorrect ? Also, how do we manage both type of updates / upgrades in ESET Protect ? AFAIK there is only one setting for this.

Ok so I checked, and there was a filter set on the access group... feeling so dumb sorry. 😅 Now I see them The thing is that if I select the root Access Groupe called "All" then it doesn't show Policy that are in a child item, only policies that are in the root Access Group itself, that mislead me.

I have an issue with ESET protect 8.1 where some policies are not showing in the console in Policies tabs while I can see them or edit them when I open the Applied Policies tab in a computer. Anyone encountered this as well ?

Hum ok... Never noticed this ! The change is at ESMC level not on endpoint level ?

Hi, I cannot find the exact name of it but until a few months, AFAIK, when you set up a policy in ESMC / Protect and assign it to the client and then unassign it, it did not revert settings back to default on the client. Today I tried something with the HTTP Proxy settings and I saw that it did revert itself to original settings after I unassigned the policy. Is this a new behaviour or so ? Thanks