kamiran.asia
-
Posts
306 -
Joined
-
Last visited
-
Days Won
1
Posts posted by kamiran.asia
-
-
On 7/29/2022 at 1:25 AM, Marcos said:
Since this will likely require deeper investigation, please open a support ticket so that the case is properly tracked.
Ticket #00401625 is created.
Notifikácia o novej servisnej požiadavke #00401625 - Problem With offline Reposiroty in ESET Protect 9.1 - ref:_00D0Y1lCTe._5001n1nHMIR:ref
-
Hi Dears.
We are facing a bug in EES 9.1.2051. When Url Address Management policy are assign with Append - Append , we can not add addresses locally because there is no OK / Cancel buttons at the end of window when Show local rules is selected !!!
You can see problem in these screenshots :
-
1 hour ago, Marcos said:
Since this will likely require deeper investigation, please open a support ticket so that the case is properly tracked.
Done.
-
Hi dears ,
It seems that there is problem with offline repository in v9.1.1295.0
We create offline repository with newest mirror tool but can not create installers.
this is the ESET protect log :
2022-07-28 20:44:02 Information: CRepositoryModule [Thread 13d4]: CMetadataProcessorV3: Downloading file from https://192.168.71.39:3128/com/eset/apps/business/eea/mac/v6/6.10.300.1/eea_osx_fin.pkg.eula/manifest.erm has failed 3 times.
reposiroty server is set to hxxp://192.168.71.39:3128 , ESET Protect try to download from https !!?
-
Dear @Marcos Did you know this issue ?
-
Hi Dears.
Deploy Agent task is missed in New ESET Protect Console !
When we want to deploy agent on un-managed , Wizard of creating Installer will appear. Agent install task is accessible just from server tasks. even when adding system from rogue , Agent install is not accessible.
Is it bug or ... ?
-
Any Idea dear @Marcos ?
Did you hear this issue from other ? -
Yes , It seems to be FP. But we check 1.1.1.1 at https://whatismyipaddress.com/ for blacklist and find dnsbl.justspam.org mark 1.1.1.1 as blacklisted . may be ESET black list ips use these databases and these cause this FP.
-
Hi dears .
From yesterday we revived this error from ESET Endpoint Security. It seems that 1.1.1.1 is marked as botnet .
Event :Suspected botnet detectedDetection name :Botnet.CnC.GenericTarget address:1.1.1.1Port : 80
-
For more info we test the AD with software like LDAP Browser and all users group and users list work find.
it seems that there is no problem in AD.
-
Hi Dears,
We find this problem in over 4-5 ESET Protect Console that after upgrade to latest version Users Group of AD will not load with this error :
Reading AD structure failed (check task configuration): Trace info: Failed to bind to the specified object (LDAP://192.168.3.2/DC=AAC,DC=LOCAL). Error code = 0x8007203a, The server is not operational. Error code: 0x8007203a
While AD Users load properly ! Just " User Groups " not work !
It seems that there is a bug in new versions but not in all situations.
what can we do for this issue ?
-
1 minute ago, Marcos said:
How was Endpoint initially installed? Wasn't it via GPO, SCSM, etc. or via a software task?
Thank you @Marcos for your rapid reply.
No , They are installed from All-In-one Package Locally. also maybe installed with ESET remote Deployment tool ( Perhaps )
99% installed locally with All-In-one installer.
-
Hi Dears , We have this problem in many clients (about 5-10 Clients per Customer network ), How We can find that where is the source of these problems ?
Upgrade EES from 8.0.2028.3 to 9.0.2046
As you can see it show "Detected broken previous installation" but how can this problem fix manually without using Removal Tools in safe mode ?
Will ESET Installation Fixer help in these cases ?
Action start 21:56:36: INSTALL. Action start 21:56:36: InstSuppCheckSha2CodeSigningSupport. Action ended 21:56:36: InstSuppCheckSha2CodeSigningSupport. Return value 1. Action start 21:56:36: LaunchConditions. Action ended 21:56:36: LaunchConditions. Return value 1. Action start 21:56:36: InstSuppForceCrossProductTypeUpgrade. ESET: Entering CA InstSupp!caForceCrossProductTypeUpgrade (limited: no) ESET: Previous product type and new product type are same. ESET: Returing from CA InstSupp!caForceCrossProductTypeUpgrade with status 0 (duration: 0.0) Action ended 21:56:37: InstSuppForceCrossProductTypeUpgrade. Return value 1. Action start 21:56:37: InstSuppValidateInstalledProduct. ESET: Entering CA InstSupp!caValidateInstalledProduct (limited: no) ESET: Detected broken previous installation ESET: Running fix MSI registry. ESET: Failed to fix MSI registry. ESET: Returing from CA InstSupp!caValidateInstalledProduct with status 1627 (duration: 21.125) CustomAction InstSuppValidateInstalledProduct returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 21:56:59: InstSuppValidateInstalledProduct. Return value 3. Action start 21:56:59: InstSuppFailed. ESET: Entering CA InstSupp!caOnFailed (limited: no) ESET: Analytics Report - Disabled by conditions. ESET: Failed to start InstHelper ESET: output file : C:\WINDOWS\Temp\eset\bts.stats\msi-20220328-172659.json ESET: Failed to start InstHelper (-1). ESET: Returing from CA InstSupp!caOnFailed with status 0 (duration: 0.16) Action ended 21:56:59: InstSuppFailed. Return value 1. Action ended 21:56:59: INSTALL. Return value 3. .... MSI (s) (7C:10) [21:56:59:721]: Product: ESET Endpoint Security -- Installation failed. MSI (s) (7C:10) [21:56:59:723]: Windows Installer installed the product. Product Name: ESET Endpoint Security. Product Version: 9.0.2032.6. Product Language: 1033. Manufacturer: ESET, spol. s r.o.. Installation success or error status: 1603. -
25 minutes ago, Marcos said:
ESET Endpoint v5 went EOL in Dec 2020 according to https://support.eset.com/en/kb3592.
Updates for EOL versions were stopped. Is it a bigger customer who plans to upgrade the OS to a support one in the near future?
Thank you @Marcos for your -as usual - rapid reply , these are industrial system that can not be upgrade to win 7 or 10 ,
if they upgrade to XP Sp3 , V6.5 will be installed but it has a red alert now that can not be disable from console.
Any Solution or advice for these cases ?
-
Hi Dears,
We have some legacy system with XP SP2 with Endpoint Security 5.0.2272.7
it's about many week that it can not update with any ESET Business User/Pass. it show User/Pass Error.
It seems that there is a problem in ESET update Servers for ver 5.0
-
Hi Dears,
We have find these logs from one of our customers ESET PROTECT Console.
Both target and source device is protected with ESET Endpoint Security V9.0 without any infection.
How can we find the source of these attacks at source device ?
Exported CSV is attached :
-
6 minutes ago, Marcos said:
Ah, I see. Network protection is not installed at all on Windows Server 2008 by default unless you run a component installation and choose to install also Network protection. It cannot be enabled remotely since it's not installed. ESET Server Security needs to be reinstalled and Network protection selected as a component to install.
Just make sure that KB2664888 is installed prior to installing Network protection to prevent the system from getting unresponsive.
😍
-
No . in This project there is not any problem , Network Protection is not enable by default in 2008 R2,
But our question is is there any way to enable it remotely ? or user must enable it one by one by modify FS ?
-
21 minutes ago, Marcos said:
When did it happen? After upgrade (without a restart) or after a restart? Does restarting the server make a difference? Should the problem persist, we'll need you to enable advanced network protection logging, reboot the server, disable logging and collect logs with ESET Log Collector.
This is another project . Network Protection was off and they not enable it by Modify till now.
Now is there any way to enable it remotely by msiexec parameters ?
-
At one of our enterprise network our customer have more that 20 2008R2 Server that now Network protection is disable (V7.3) .Is there any way to enable network Protection remotely ? For Example by msiexec parameters.
We test add local but it not work or may be the parameters was not correct.
-
9 minutes ago, Marcos said:
Did you run a component installation? The thing is that neither Network protection nor Web access protection is installed on Windows Server 2008 by default.
We deploy V8.0 Msi with software install task. Or with some deployment tools like PDQ Deploy.
-
Disabled Network Protection after Upgrade is another Bug in many Version of FS in Win2008 R2.
in this case after upgrade NP will be disabled and because of that mentioned bug, it can not be enabled any more.
-
Hi Dears,
We find a bug in Server Security V8.0 on Server 2008 R2.
In These two situations Network Protection will not work any more :
1- Upgrading FS 7.3 (with Enabled Network Protection) to 8.0 => it will remove Network Protection Module and even modify installer will not work any more.
2- Installed Server Security V8 : if we modify an installed Version to enable Network protection , it will not work any more.
Notice : If we install Server Security 8.0 manually in modify mode , Network protection will work . But in 2 above situation Network protection will not work any more and the message "Anti-phishing protection is not Functional " will appear. We must remove Server Security and Restart Server and Install it manually to Enable Network protection.
info : Update Patch Windows6.1-KB2664888-v2-x64.msu in installed
-
8 hours ago, Marcos said:
As I assumed, the performance issue is caused by too many attacks / IDS detections which invoke memory scanning. We will make certain optimizations to address the overhead.
Thank you dear @Marcos ,
As we mentioned , We block all incoming TCP and UDP port in windows Server Firewall. So in this case ESET Firewall scan traffics before windows firewall.
So we are waiting for any update to enable IDS again.
Java Script Scanner Issue
in ESET Endpoint Products
Posted
Hi Dears.
Why Java Script Scanner did not turn off by disabling AV , ( EES )
For Example in Visiting :
https://ssyqf.twithdiffer.xyz/RYNI?tag_id=737329&sub_id1=&sub_id2=2227852676712444495&cookie_id=da3b21e8-1815-4d76-a46d-606a571e9f87&lp=stanley&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Frovernments.xyz%2F%3Ftid%3D737329%26noocp%3D1&geo=DE&hop=7#
even when EES is disabled we revive this incident :
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
2022/08/03 10:52:09 ب.ظ;JavaScript scanner;file;https://ssyqf.twithdiffer.xyz/RYNI?tag_id=737329&sub_id1=&sub_id2=2227852676712444495&cookie_id=da3b21e8-1815-4d76-a46d-606a571e9f87&lp=stanley&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Frovernments.xyz%2F%3Ftid%3D737329%26noocp%3D1&geo=DE&hop=7;JS/Adware.Agent.AU application;blocked;KAMIRAN-PC\KAMIRAN;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (7D00AB6EB4212686FF96D7F6BA270011828AFD89).;D7C1F521EFB886C56CD512AF8B8249C0B6D00A53;