karsayor
Members-
Posts
116 -
Joined
-
Last visited
-
Days Won
3
Everything posted by karsayor
-
Hi Since update to ESET Protect 8.1 on several customers consoles, I have the issue that I can only log in once and then if the login times out I cannot relogin I get : Login failed: Invalid username or password If I open the page inprivate then it works, but subsequents logons fails as well I need to close browser and reopen. Computer has been reinstalled yesterday. Happens with Edge and Chrome.
-
ESET Management Agent Upgrade Warning
karsayor replied to T3chGuy007's topic in ESET PROTECT On-prem (Remote Management)
Hi Same issue here for us. -
Deactivate seats not connected to ESET for MSP Licenses
karsayor replied to karsayor's topic in ESET Licensing for Business
Both would be nice, having the ability to set a default for all existing customers once and when a new is created, and also then set a different expiration time per customer could be helpful in some rare cases. -
Detection being automatically resolved now ?
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
All clear thanks I missed it. By the way, thank you for your products, you are doing great job ! -
Deactivate seats not connected to ESET for MSP Licenses
karsayor replied to karsayor's topic in ESET Licensing for Business
Very good news thank you. Do you think it will be activated by default or a way to activate this for all MSP users we have already created ? It would be nice. -
Detection being automatically resolved now ?
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
Ok in this case it is a good move, it makes much more sense that a successful block / remove / clean is auto resolved. Before it was unclear whether we still had something to do or not sometimes. I just regret that I wasn't aware of this change, I don't remember having seen it in the changelog - or maybe I missed it ? -
Detection being automatically resolved now ?
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
In this case, how do you check / change / know what type of event is auto resolved and what isn't ? -
Detection being automatically resolved now ?
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
Hum ok, I really feel like it has changed last weeks / months even though we had version 7 for a very long time and I always had to resolve a lot of these manually, I'm suprised. -
Hello Until a few weeks / months, I had to go in the detection tab to resolve most events like web control blocking URL, or pua connection terminated, incoming generic attack blocked, etc.. Now these detections seems to be auto resolved and in detection details it's written "Resolved" and "Handled by product". Is this normal and can it be explained because I could not find if it's a change or any issue in our console
-
Help needed for a dynamic group
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
No one has an idea ? 😔 -
I try to create a dynamic group with following settings. My goal is to install a software if its not installed nor in it's MSI version, and if one of the NIC has one of the specific DNS address. It does take into account the DNS settings but it does not work detecting application. I saw the warning but honestly I do not understand it : I also saw the examples on the docs, but none of them seem to help me when it comes to use two different conditions.
-
Description: Automate the "rerun on failed" trigger Detail: When upgrading Endpoint or Agents to latest version, often it might fail on some computers due to many reasons. It would be nice to have the ability to automate the trigger on these because as of now you have to constantly monitor and rerun many times the task. Using a dynamic group also doesn't work since the task will run when computers joins group but if it fails it will not run again.
-
Thanks ! I did.
-
Hello It would be a nice add to ESMC / Agent to have the ability to create Dynamic Groups with System Uptime. I do not know where to place a feature request...
-
Security vulnerability exploitation actions
karsayor replied to karsayor's topic in ESET Endpoint Products
That's what we did, it's an IIS server that has to be online on internet (443) but it sometimes detect those attacks which it's not vulnerable to. Its good that ESET blocks those attacks but if the server is not vulnerable to it, I don't need them to appear. -
Security vulnerability exploitation actions
karsayor replied to karsayor's topic in ESET Endpoint Products
Ok thanks, was looking at wrong place. What's the difference between Notify and Log in the Action section ? I want to remove alerts of CVE-2015-1635 from ESMC because the server is not vulnerable and they are blocked so I don't need them to appear but still have them blocked. -
Dynamic Threat Defense Proxy
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
Yes we are 😀 Do you know how / when it can be fixed ? Will you update this topic ? -
Dynamic Threat Defense Proxy
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
do you see anything wrong with my proxy conf ? thanks whats ports are used for the services ? Because our appliances can only do HTTP / HTTPS to any address on the internet. -
Security vulnerability exploitation actions
karsayor replied to karsayor's topic in ESET Endpoint Products
Is there anything we can do to exlude the detection of these ? As soon as I have confirmed the server is not vulnerable to CVE-2015-1635, it should be possible to exlude detection of this event but the "Create Exlclusion" is greyed out for these detections -
Dynamic Threat Defense Proxy
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
Yes we use the Apache HTTP Proxy of ESMC appliance and it works fine for the base product and agents. Our proxy.conf is as follows, maybe there is an issue with it ? # # Enable HTTP Cache # CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 200000000 CacheMaxExpire 604800 CacheQuickHandler Off CacheRoot /var/cache/httpd/proxy AllowCONNECT 443 2222 ProxyRequests On ProxyVia On SetEnv proxy-initial-not-pooled 1 ErrorLog "|/usr/sbin/rotatelogs -n 10 /var/log/httpd/error_log 1M" <VirtualHost *:3128> ProxyRequests On </VirtualHost> <VirtualHost *:3128> ServerName r.edtd.eset.com ProxyRequests Off CacheEnable disk / SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=10 smax=10 ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On </VirtualHost> <Proxy *> Deny from all </Proxy> #*.eset.com: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.eu: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.systems: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[s,S][y,Y][s,S][t,T][e,E][m,M][s,S](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Antispam module (ESET Mail Security only): <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Services (activation) <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #ESET servers accessed directly via IP address: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> Also, what are the required ports to connect to r.edtd.eset.com and d.edtd.eset.com ? It's not specified in the doc and might be the issue as well. -
Dynamic Threat Defense Proxy
karsayor replied to karsayor's topic in ESET PROTECT On-prem (Remote Management)
Ok so endpoints should connect directly to these address ? They cannot use the http proxy on esmc ? that was not clear to me -
I successfully activated a Dynamic Threat Defense on a device, activate it through policy, now I get this : ESET Dynamic Threat Defense is not working. Connection to authentication servers failed. I wonder because we have a HTTP Proxy setup for Agents / Products, it seems that EDTD does not use the HTTP Proxy ? Or what could be missing ?