Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Phydeauxdawg last won the day on November 13 2015

Phydeauxdawg had the most liked content!

About Phydeauxdawg

  • Rank

Profile Information

  • Gender
    Not Telling
  • Location
  1. When a user types in an address incorrectly, I get a Threat Alert triggered for the incorrect url, containing HTML/Refresh.BC trojan. Example, I type in hxxp://www.eset5.comwhich doesn't' exist, I get the threat notice. How do I stop this?
  2. Disregard this, I was testing a lot of network monitoring software. This file is to allow linux hosts to run commands on windows servers, one of them must have put it there. I deleted the files and the errors went away.
  3. Getting a lot of these notices from all my file servers this morning. 9/2/2016 8:23:01 AM - Module Startup scanner - Threat Alert triggered on computer XXXXXXXXX: C:\Windows\winexesvc.exe contains a variant of Win32/Winexe.B potentially unsafe application. Signature is at 14058. So far only the servers (ESET File Security 6.3.12010.0) are affected.
  4. Mine starts two scans so yes I have the same/similar issue. My scheduled job is supposed to start at 9am but starts after I login at 8am.
  5. Go to about:config search for security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha Set them both to false. ESET will definitely have to address their certificate in a future patch.
  6. I have two dynamic groups, one that has old agents and one that has old anti-virus. It simply queries the installed versions and returns those computers not matching a certain version. I have a task that executes each time a client joins the dynamic group for old antivirus, but I can't assign a server task to a dynamic group for the old agents task. How do I accomplish this? The new computers show due to the active directory sync. I am trying to make the process as automated as possible.
  7. Is it possible to schedule a monthly on-demand scan? Previously the workaround was to put in 44640 minutes, now the greatest I can go is 9999 minutes, which is just short a week. Scanning every week is overkill.
  8. Follow step II in this KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3637&actp=search&viewlocale=en_US&searchid=1425404913962 There isn't anything you need to do on the server, a proxy server just does that, it proxies (caches) requests from clients. So when client A requests an update, it goes to the proxy server and asks for a file from eset.com The proxy server will check it's own cache to see if it already has it and deliver it to the client. If it doesn't, it grabs it from eset.com, caches it, and distributes it to the client. So when Client B requests the same file, it should already be cached. This is a different process from the 5x version where it had a mirror of the updates. It's a similar process but less involved on the server side.
  9. I should also note there isn't any additional configuration necessary, Apache will cache any request it sees so most subsequent requests pull from its cache rather than the internet.
  10. All I did was run "/opt/apache/bin/apachectl start" I then checked the log files in the same location and it shows a lot of accesses from client computers for update checks as well as software upgrades (I pushed out a client upgrade). Watching my webfilter traffic shows that there is a great reduction in the number of clients accessing eset.com. It isn't easy to discern if all traffic had stopped as some use IP addresses instead of *.eset.com. No idea why, must be random from the client end. We still need someone from ESET to create this KB article on this to determine if it's the best practice. I haven't had time yet but from past experiences it's not difficult to create this as a "service" so it can be started on boot.
  11. There isn't a KB article about HTTP proxy for Centos or the appliance but the appliance already has it installed, it just needs to be started.
  12. I couldn't find one either, though I don't think there's anything special about eset's version, just find a setup guide on apache http proxy. For what it's worth, if you're running the appliance, it's already installed in /opt/apache. Just start using "/opt/apache/bin/apachectl start". You also have to open a port in the firewall (3128). Perhaps someone from ESET can clarify how to make it start on boot in addition to a permanent entry for iptables? "iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT" works until reboot. Editing /etc/iptables isnt' permanent either.
  13. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3637&actp=search&viewlocale=en_US&searchid=1425404913962 hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3639&actp=search&viewlocale=en_US&searchid=1425404913962
  14. The included policies have several predefined settings for maximum security, balanced security, etc.
  15. I fixed my own issue by looking at the server installation log under /var/log/eset/RemoteAdministrator/EraServerInstaller.log. Below is my command: ./Proxy-Linux-x86_64.sh --db-admin-password='password' --db-admin-username=root --db-driver='MySQL ODBC 5.3 Unicode Driver' --db-hostname= --db-name=era_proxy_db --db-port=3306 --db-type='MySQL Server' --db-user-password='password' --db-user-username=era --cert-path=/root/proxy.pfx --cert-password='certpassword' --cert-auth-path=/root/authority.der Also make sure you create a certificate for the proxy and export it to your machine from the web interface.
  • Create New...