kamiran.asia

Hi Dears. Why Java Script Scanner did not turn off by disabling AV , ( EES ) For Example in Visiting : https://ssyqf.twithdiffer.xyz/RYNI?tag_id=737329&sub_id1=&sub_id2=2227852676712444495&cookie_id=da3b21e8-1815-4d76-a46d-606a571e9f87&lp=stanley&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Frovernments.xyz%2F%3Ftid%3D737329%26noocp%3D1&geo=DE&hop=7# even when EES is disabled we revive this incident : Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2022/08/03 10:52:09 ب.ظ;JavaScript scanner;file;https://ssyqf.twithdiffer.xyz/RYNI?tag_id=737329&sub_id1=&sub_id2=2227852676712444495&cookie_id=da3b21e8-1815-4d76-a46d-606a571e9f87&lp=stanley&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Frovernments.xyz%2F%3Ftid%3D737329%26noocp%3D1&geo=DE&hop=7;JS/Adware.Agent.AU application;blocked;KAMIRAN-PC\KAMIRAN;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (7D00AB6EB4212686FF96D7F6BA270011828AFD89).;D7C1F521EFB886C56CD512AF8B8249C0B6D00A53;

Ticket #00401625 is created. Notifikácia o novej servisnej požiadavke #00401625 - Problem With offline Reposiroty in ESET Protect 9.1 - ref:_00D0Y1lCTe._5001n1nHMIR:ref

Hi Dears. We are facing a bug in EES 9.1.2051. When Url Address Management policy are assign with Append - Append , we can not add addresses locally because there is no OK / Cancel buttons at the end of window when Show local rules is selected !!! You can see problem in these screenshots :

Done.

Hi dears , It seems that there is problem with offline repository in v9.1.1295.0 We create offline repository with newest mirror tool but can not create installers. this is the ESET protect log : 2022-07-28 20:44:02 Information: CRepositoryModule [Thread 13d4]: CMetadataProcessorV3: Downloading file from https://192.168.71.39:3128/com/eset/apps/business/eea/mac/v6/6.10.300.1/eea_osx_fin.pkg.eula/manifest.erm has failed 3 times. reposiroty server is set to hxxp://192.168.71.39:3128 , ESET Protect try to download from https !!?

Dear @Marcos Did you know this issue ?

Hi Dears. Deploy Agent task is missed in New ESET Protect Console ! When we want to deploy agent on un-managed , Wizard of creating Installer will appear. Agent install task is accessible just from server tasks. even when adding system from rogue , Agent install is not accessible. Is it bug or ... ?

Any Idea dear @Marcos ? Did you hear this issue from other ?

Yes , It seems to be FP. But we check 1.1.1.1 at https://whatismyipaddress.com/ for blacklist and find dnsbl.justspam.org mark 1.1.1.1 as blacklisted . may be ESET black list ips use these databases and these cause this FP.

Hi dears . From yesterday we revived this error from ESET Endpoint Security. It seems that 1.1.1.1 is marked as botnet . Event : Suspected botnet detected Detection name : Botnet.CnC.Generic Target address: 1.1.1.1 Port : 80

For more info we test the AD with software like LDAP Browser and all users group and users list work find. it seems that there is no problem in AD.

Hi Dears, We find this problem in over 4-5 ESET Protect Console that after upgrade to latest version Users Group of AD will not load with this error : Reading AD structure failed (check task configuration): Trace info: Failed to bind to the specified object (LDAP://192.168.3.2/DC=AAC,DC=LOCAL). Error code = 0x8007203a, The server is not operational. Error code: 0x8007203a While AD Users load properly ! Just " User Groups " not work ! It seems that there is a bug in new versions but not in all situations. what can we do for this issue ? Logs.zip

Thank you @Marcos for your rapid reply. No , They are installed from All-In-one Package Locally. also maybe installed with ESET remote Deployment tool ( Perhaps ) 99% installed locally with All-In-one installer.

Hi Dears , We have this problem in many clients (about 5-10 Clients per Customer network ), How We can find that where is the source of these problems ? Upgrade EES from 8.0.2028.3 to 9.0.2046 As you can see it show "Detected broken previous installation" but how can this problem fix manually without using Removal Tools in safe mode ? Will ESET Installation Fixer help in these cases ? Action start 21:56:36: INSTALL. Action start 21:56:36: InstSuppCheckSha2CodeSigningSupport. Action ended 21:56:36: InstSuppCheckSha2CodeSigningSupport. Return value 1. Action start 21:56:36: LaunchConditions. Action ended 21:56:36: LaunchConditions. Return value 1. Action start 21:56:36: InstSuppForceCrossProductTypeUpgrade. ESET: Entering CA InstSupp!caForceCrossProductTypeUpgrade (limited: no) ESET: Previous product type and new product type are same. ESET: Returing from CA InstSupp!caForceCrossProductTypeUpgrade with status 0 (duration: 0.0) Action ended 21:56:37: InstSuppForceCrossProductTypeUpgrade. Return value 1. Action start 21:56:37: InstSuppValidateInstalledProduct. ESET: Entering CA InstSupp!caValidateInstalledProduct (limited: no) ESET: Detected broken previous installation ESET: Running fix MSI registry. ESET: Failed to fix MSI registry. ESET: Returing from CA InstSupp!caValidateInstalledProduct with status 1627 (duration: 21.125) CustomAction InstSuppValidateInstalledProduct returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 21:56:59: InstSuppValidateInstalledProduct. Return value 3. Action start 21:56:59: InstSuppFailed. ESET: Entering CA InstSupp!caOnFailed (limited: no) ESET: Analytics Report - Disabled by conditions. ESET: Failed to start InstHelper ESET: output file : C:\WINDOWS\Temp\eset\bts.stats\msi-20220328-172659.json ESET: Failed to start InstHelper (-1). ESET: Returing from CA InstSupp!caOnFailed with status 0 (duration: 0.16) Action ended 21:56:59: InstSuppFailed. Return value 1. Action ended 21:56:59: INSTALL. Return value 3. .... MSI (s) (7C:10) [21:56:59:721]: Product: ESET Endpoint Security -- Installation failed. MSI (s) (7C:10) [21:56:59:723]: Windows Installer installed the product. Product Name: ESET Endpoint Security. Product Version: 9.0.2032.6. Product Language: 1033. Manufacturer: ESET, spol. s r.o.. Installation success or error status: 1603.

Thank you @Marcos for your -as usual - rapid reply , these are industrial system that can not be upgrade to win 7 or 10 , if they upgrade to XP Sp3 , V6.5 will be installed but it has a red alert now that can not be disable from console. Any Solution or advice for these cases ?

Hi Dears, We have some legacy system with XP SP2 with Endpoint Security 5.0.2272.7 it's about many week that it can not update with any ESET Business User/Pass. it show User/Pass Error. It seems that there is a problem in ESET update Servers for ver 5.0

Hi Dears, We have find these logs from one of our customers ESET PROTECT Console. Both target and source device is protected with ESET Endpoint Security V9.0 without any infection. How can we find the source of these attacks at source device ? Exported CSV is attached :

😍

No . in This project there is not any problem , Network Protection is not enable by default in 2008 R2, But our question is is there any way to enable it remotely ? or user must enable it one by one by modify FS ?

This is another project . Network Protection was off and they not enable it by Modify till now. Now is there any way to enable it remotely by msiexec parameters ?

At one of our enterprise network our customer have more that 20 2008R2 Server that now Network protection is disable (V7.3) .Is there any way to enable network Protection remotely ? For Example by msiexec parameters. We test add local but it not work or may be the parameters was not correct.

We deploy V8.0 Msi with software install task. Or with some deployment tools like PDQ Deploy.

Disabled Network Protection after Upgrade is another Bug in many Version of FS in Win2008 R2. in this case after upgrade NP will be disabled and because of that mentioned bug, it can not be enabled any more.

Hi Dears, We find a bug in Server Security V8.0 on Server 2008 R2. In These two situations Network Protection will not work any more : 1- Upgrading FS 7.3 (with Enabled Network Protection) to 8.0 => it will remove Network Protection Module and even modify installer will not work any more. 2- Installed Server Security V8 : if we modify an installed Version to enable Network protection , it will not work any more. Notice : If we install Server Security 8.0 manually in modify mode , Network protection will work . But in 2 above situation Network protection will not work any more and the message "Anti-phishing protection is not Functional " will appear. We must remove Server Security and Restart Server and Install it manually to Enable Network protection. info : Update Patch Windows6.1-KB2664888-v2-x64.msu in installed

Thank you dear @Marcos , As we mentioned , We block all incoming TCP and UDP port in windows Server Firewall. So in this case ESET Firewall scan traffics before windows firewall. So we are waiting for any update to enable IDS again.