karsayor

Indeed, it works Thanks !

Hi Since update to ESET Protect 8.1 on several customers consoles, I have the issue that I can only log in once and then if the login times out I cannot relogin I get : Login failed: Invalid username or password If I open the page inprivate then it works, but subsequents logons fails as well I need to close browser and reopen. Computer has been reinstalled yesterday. Happens with Edge and Chrome.

Hi Same issue here for us.

Both would be nice, having the ability to set a default for all existing customers once and when a new is created, and also then set a different expiration time per customer could be helpful in some rare cases.

All clear thanks I missed it. By the way, thank you for your products, you are doing great job !

Very good news thank you. Do you think it will be activated by default or a way to activate this for all MSP users we have already created ? It would be nice.

Ok in this case it is a good move, it makes much more sense that a successful block / remove / clean is auto resolved. Before it was unclear whether we still had something to do or not sometimes. I just regret that I wasn't aware of this change, I don't remember having seen it in the changelog - or maybe I missed it ?

In this case, how do you check / change / know what type of event is auto resolved and what isn't ?

There is a feature "Deactivate seats not connected to ESET Business Account" in EBA that can be set to deactivate seats when they do not connect for a long time. In MSP console this feature is not available, I think it should because it's useful imo.

Hum ok, I really feel like it has changed last weeks / months even though we had version 7 for a very long time and I always had to resolve a lot of these manually, I'm suprised.

Hello Until a few weeks / months, I had to go in the detection tab to resolve most events like web control blocking URL, or pua connection terminated, incoming generic attack blocked, etc.. Now these detections seems to be auto resolved and in detection details it's written "Resolved" and "Handled by product". Is this normal and can it be explained because I could not find if it's a change or any issue in our console

No one has an idea ? 😔

I try to create a dynamic group with following settings. My goal is to install a software if its not installed nor in it's MSI version, and if one of the NIC has one of the specific DNS address. It does take into account the DNS settings but it does not work detecting application. I saw the warning but honestly I do not understand it : I also saw the examples on the docs, but none of them seem to help me when it comes to use two different conditions.

Description: Automate the "rerun on failed" trigger Detail: When upgrading Endpoint or Agents to latest version, often it might fail on some computers due to many reasons. It would be nice to have the ability to automate the trigger on these because as of now you have to constantly monitor and rerun many times the task. Using a dynamic group also doesn't work since the task will run when computers joins group but if it fails it will not run again.

Thanks ! I did.

Description: Retrieve system uptime to ESMC with agent Detail: Send system uptime with ESMC Agent to ESMC so that this can be used for Dynamic group (or task eventually). For example a dynamic group with all computers with uptime more than X hours. That would allow to run task on those computers.

Hello It would be a nice add to ESMC / Agent to have the ability to create Dynamic Groups with System Uptime. I do not know where to place a feature request...

That's what we did, it's an IIS server that has to be online on internet (443) but it sometimes detect those attacks which it's not vulnerable to. Its good that ESET blocks those attacks but if the server is not vulnerable to it, I don't need them to appear.

Ok thanks, was looking at wrong place. What's the difference between Notify and Log in the Action section ? I want to remove alerts of CVE-2015-1635 from ESMC because the server is not vulnerable and they are blocked so I don't need them to appear but still have them blocked.

Yes we are 😀 Do you know how / when it can be fixed ? Will you update this topic ?

do you see anything wrong with my proxy conf ? thanks whats ports are used for the services ? Because our appliances can only do HTTP / HTTPS to any address on the internet.

Is there anything we can do to exlude the detection of these ? As soon as I have confirmed the server is not vulnerable to CVE-2015-1635, it should be possible to exlude detection of this event but the "Create Exlclusion" is greyed out for these detections

Yes we use the Apache HTTP Proxy of ESMC appliance and it works fine for the base product and agents. Our proxy.conf is as follows, maybe there is an issue with it ? # # Enable HTTP Cache # CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 200000000 CacheMaxExpire 604800 CacheQuickHandler Off CacheRoot /var/cache/httpd/proxy AllowCONNECT 443 2222 ProxyRequests On ProxyVia On SetEnv proxy-initial-not-pooled 1 ErrorLog "|/usr/sbin/rotatelogs -n 10 /var/log/httpd/error_log 1M" <VirtualHost *:3128> ProxyRequests On </VirtualHost> <VirtualHost *:3128> ServerName r.edtd.eset.com ProxyRequests Off CacheEnable disk / SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=10 smax=10 ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On </VirtualHost> <Proxy *> Deny from all </Proxy> #*.eset.com: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.eu: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.systems: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[s,S][y,Y][s,S][t,T][e,E][m,M][s,S](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Antispam module (ESET Mail Security only): <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Services (activation) <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #ESET servers accessed directly via IP address: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> Also, what are the required ports to connect to r.edtd.eset.com and d.edtd.eset.com ? It's not specified in the doc and might be the issue as well.

Ok so endpoints should connect directly to these address ? They cannot use the http proxy on esmc ? that was not clear to me

I successfully activated a Dynamic Threat Defense on a device, activate it through policy, now I get this : ESET Dynamic Threat Defense is not working. Connection to authentication servers failed. I wonder because we have a HTTP Proxy setup for Agents / Products, it seems that EDTD does not use the HTTP Proxy ? Or what could be missing ?