kamiran.asia

Does ESET protect me from the Hafnium zero-day exploit in Microsoft Exchange? https://support.eset.com/en/kb7855-does-eset-protect-me-from-hafnium Exchange servers under siege from at least 10 APT groups https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/

Thank you very much dear @Marcos. Our Customer again create a ticket ,mentioned your help and they are waiting for ESET response. I will inform you if they can not help them. Case #501795 - "Extended update support for EOLed products" has been created for you. ESET North America Technical Support.

Any update dear @Marcos about this topic ?

Hi Dears, As You know in this week we have this vulnerability : https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ and ESET did not detect IOC : b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0 097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e 2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1 65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5 511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1 4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea 811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d 1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944 For Example this one special : https://www.virustotal.com/gui/file/b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0/detection What is ESET reaction about this kind of hack ? is there any IDS detection included these days or not ? And we think that ESET must Detect Mentioned IOC. Best Regards.

ESET file Security 6.5 is currently supported for XP. Why it is become yellow and alert users to upgrade on Server 2008? While it will work on windows Xp after April 15th 2021. It seems that this alert in windows 2008 is not correct because it will not facing problem after April 15th 2021. Am i right or not ?

Thank you dear , We contact Distributor, They Said there is noway to support non updated WinServer2008 ! right now ESET support winXP with ver 6.5 , Why 2008Server will not support with FS 6.5 ? What can we do right now ?

Hi Dears. Many of our customers have Windows Server 2008 or 2008R2 that Sha2 Updates can not be installed. ( because of Technically problem or Rollback SHA2 updates) Version 6.5.12018.0 just became yellow this week ! While support-eol.eset.com show that FS 6.5.12018 wil not have SHA2 problem on Server 2008 (Not Updated) What can we do ?

just AntiRansomeware Rulles is setup in HIPS Rules as mentioned in ESET website. No other HIPS rules . you mean if we disable Endpoint Self Defense it will solve this problem ?

Hi dear ESET Admins. In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 ) MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Full Log is Attached. What can we do remotely for this problem ( except safemode and uninstaller tool ) ? For more info : Upgrade task did not work in this network because of this problem in below link so we are using a deployment software to install new MSI, this solution success at 98% of endpoint but about 5 system has proble. https://forum.eset.com/topic/26914-agent-v7-show-as-updated-in-eset-protect-v8/ Log.txt

Ok , Yes we use Run Command . But it was a special problem . Thank You.

No All Version was Enu.

Hi Dears. We have a problem in upgrading agent 7.0.579 to V8 in one of our customers network. ESET Protect V8 show Agent v7.0.579 as Updated ! So Upgrade task will finish successfully without any changes !! Repository in Online. We install a New Server and transfer Database to new server , Problem is persist. Upgrading with GPO will work ! but Upgrade Task will not work because ESET says it is up-to-date !

It seems that there is a problem in ISP , We will work on this problem , Thank You Very Much.

Hi Dear Marcos and thank you for your rapid response as usual 😍 the Log is attached. logs.txt

Hi Dear ESET Support. We have problem in our Mail Security For Exchange. As You can see in Screen Shot of Mail Security , Anti-Spam Connection is limited. We have ping connection to all these servers : h1-ars01-v.eset.com 91.228.166.61 h1-ars02-v.eset.com 91.228.166.62 h1-ars03-v.eset.com 91.228.166.63 h1-ars04-v.eset.com 91.228.166.64 h1-ars05-v.eset.com 91.228.166.65 h3-ars01-v.eset.com 91.228.167.36 h3-ars02-v.eset.com 91.228.167.67 h3-ars03-v.eset.com 91.228.167.68 h3-ars04-v.eset.com 91.228.167.74 h3-ars05-v.eset.com 91.228.167.116 h5-ars01-v.eset.com 38.90.226.21 h5-ars02-v.eset.com 38.90.226.22 h5-ars03-v.eset.com 38.90.226.23 h5-ars04-v.eset.com 38.90.226.24 h5-ars05-v.eset.com 38.90.226.25 What can cause this problem ? ( As you see the problem is temporary in some hours of a day ) anydesk00000.zip

As our test in our company ESET IDS can block Zerologon as this detection and block attacker IP for 1 hour :

No Dear , Problem is Why IDS in 2008R2 did not block communication from attacker ip . attack will block but communication will not block for 1 hour for attacker IP. So hacker can attack over and over again. As you know when IDS block an IP address , All communications is block for 1 hour ( Ping , ... ) It seems that it is a bug or may be a lake of security in 2008 R2.

Yes Dear , As you can see in the picture we have Network section and attack is detected and Attacker Ip is listed in Black list of IDS.

Dear ITMan , This problem is just in 2008 R2 , In 2012 , 2016 , 2019 , ESET IDS Detect CVE-2020-1472 , and The Attacker ip Blocked ! while other Security vendors like kaspersky , bitdefender and mcaffe ( As we tested ) did not detect this attack. we use picuslabs tool for this attack test . https://github.com/picussecurity/picuslabs/tree/master/CVE-2020-1472 Zerologon Also we test Other CVE-2020-1472 scripts and the result was the same as picuslabs tools. the Question is why at 2008 R2 Attack is blocked but attacker IP not blocked even when it is listed in Blacklist IP list ?

No Fresh Windows installation and then ESET installed with all in one installer. No items in questions .

Full Screen Shot ... Attacker Pc : 192.168.235.1 Server : 192.168.235.132

192.168.235.1 is the attacker and CMD is from attacker PC. Attacker PC is my PC and Server is a VM. these two windows mix in one screen. 😊

Hi Dears. We find s.th in file security v7 - 7.2 . If attacker blocked by IDS ( for Example Zerologon attack ) Ip will not block for 1 hour ! is this a bug or a problem in 2008R2 ? Best regards.

No this ESMC was always at a Windows Server. Other Clients are Connected , This new installation did not connect. 😟

Hi Dears. We have Client with agent 7.2.1266.0 could not connect to ESMC. The Logs is attached . The error is : AUTHENTICATION_FAILED (Error description: unable to authenticate entity) Best Regards. Logs.zip