comunic
-
Posts
71 -
Joined
-
Last visited
-
Days Won
1
Posts posted by comunic
-
-
Hello,
i have a noticed that the WEB AND EMAIL MODULE is not installed when push install EFS to a server with an ERA software installation task, which is VERY anoying for RDS servers.
Even it is actived on my policy, the module not appears...
What can i do ?!
thank's for reply.
-
hi,
yep the kb is applied, exept the network drive analyse (useless in that case anyway)
fortunately i was able to restore the complete VMs with veeam, but i whish i could avoid that !
i already push an applocker policy on exe files but it seems to be a dll this time !
-
Well, thank you for repling !
the only things different with the kb is that i disable network drive scan.
I think this whould have not help me in this case because the crypto was executed on an rds session and encrypt everthing on the network (every shared folder) without being mapped as a network drive.
@gonzalo : if i could prevent users clicking on a big message like "just click here to encrypt all my files" i would do it
-
hi all
i am very disapointed of the ransomware protection on my RDS servers with EFS 6.4 and maximum security ERA6 profile.
it's been 6 times the same client have about 650gb on 3 VMS totally crypted, and eset doesn't do anything !
On the attachement, you can see that eset detect the responsible DLL but it simply unable to stop it (reboot is required to clean the threat...), which is impossible to manage on a RDS server !
What can we do to improve the efficiency against this ?!
thank's for your replies.
-
it seems to be a windows issue :
-
i think it's not java but the ask toolbar which is stoped but the eset anti PUA
-
hi,
following the previous bug report, it is also impossible to delete static groups on triggers...
when i select a group, and clic delete group, nothing happens.
i have to delete all the trigger and recreate it.
-
it seems that this piece of S**** was the responsible, for my part :
hxxp://www.virusradar.com/en/threat_encyclopaedia/graph/344004
Interesting to see that eset published an update to block it the 10th and my client was infected the 11th !
-
Hi,
i mentionned EFSW because it is an RDS 2008 R2 server ! So the malware ran directly on the server.
All the settings and fonctions are enabled and based on the maximum protection policy of ERA 6.4 !
I know that a user opened a word document received in outlook, lauching the crypto locker. i will PM you the log collector.
thank's
-
Of course i always let HIPS with all its feature enabled, but i never seen antyhing on the hips log, and yesterday one of my client with EFS 6.3 open a zepto locker, encrypting about 50 000 files before eset block it.
Sorry, but for me it is useless ! My goal is to improve the product, to but the more efficient it can.
-
Hi,
i serioulsy considering deploy hips because it seems to be the "ultimate" solution against crypto.
Following my experience, automatic mode is useless, it never stopped anything.
The mode "smart" seems interresting, but is it more efficient ?
Finally, the learning mode, is it really safe to deploy it ?
i would be very interested to have some feedbacks !
-
Hi,
i got a problem when i run shadow copies on servers, eset try to clean it, even with strict cleaning it is impossible, cf print creen.
Is there a way to disable the analyse of the shadowcopies ?
i try to make an exclusions of \DEVICE\* you think it will be ok ?
thanks
-
Hi,
everything is in the title, is there a way to clear the task history, it's not usefull to have hundreds of results of paste actions...
thanks.
-
Hi,
in fact no, i don't have this "all licences" view as it was in 6.3...
i only have a list, and i don't see in 1 view all the state, as in the picture, i have to expand all the licences to find which are in alter status.
-
hi,
i wanted to know if it's possible to customize the new licence manager.
because now we can't see on a single screen which licence is overused, to renew... it is SO unconvinient to clic on every licence to see the status...
it was SO easy on 6.3 i don't understand why this screen have been changed !
-
we are currently deploying ESET v6.4 for about 1000 clients.
the less i can say, it is a very very consumming time process, for "just" the antivirus.
most of the time, this works well, but sometime the uninstallation of Enpoint V5 and FS V4.5 is a real nightmare..
I really enjoy the web console, but in my opinion, the whole product is between a beta and a rtm version.
too much bug, to much unachieved are non present fonctions.
Saying that, we have very good results against cryptolockers with v6, unlike with v5, totally ineffective and nightmare for many clients....
-
hi
this bug-name happens with newly created computers with 6.4 agents and 6.4 ERA.
-
yep !
this works.
now i know which computers run rog antivirus, can i launch the UNINSTALL Third-party antivirus software task ? i hope this will not uninstall eset ?
-
ok but to create the tempate of the dynamic group, i have to use the filter "installed application" ?
because this report only the eset product, am i wrong ?
-
Workaround: If this happens, open the “Trigger” part, change something in the trigger (e.g. the “Use local time” checkbox), change it back and press “Finish”.
this works.
thanks
-
Nope, you can't click on finished, the message is systematically displayed and i have to discard the changes to exit the screen.
to reproduce:
- create a cron trigerered Product Activation task and add some static groups.
- edit the trigger to add a static group
- error message and impossible to apply
here is the details of version :
ESET Remote Administrator (Server), Version 6.4.295.0
ESET Remote Administrator (Web Console), Version 6.4.266.0
Copyright © 1992-2016 ESET, spol. s r.o. All Rights Reserved.END-USER LICENSE AGREEMENT
Microsoft Windows Server 2012 R2 Standard (64 bits), Version 6.3.9600
License used for module updates of this ERA:Public ID: 33D-2N7-JMF
Expires: 2037 Dec 31 13:00:00
Connected Clients: 646
Active Licenses: 15LICENSE MANAGEMENT
Installed Components:NAMEVERSIONUpdate module 1064 (20160324) Translation support module 1500 (20160623) Configuration module 1277.13 (20160616) SysInspector module 1259 (20160406) -
and it will correctly sinced with ELA ?
-
hi,
i have a big issue when i try to modify the trigger for any task, this is very annoying because i can't add or delete group or computer !
only workarround found : delete and recreate the trigger (duplicating doesn't work)
thanks
-
hi,
i wanted to know if there is a way to disable the licence when removing a computer from the ERA console ?
it would be very easy for the management !
thanks
Big problem : Agent is totally out of service on many devices...
in ESET PROTECT On-prem (Remote Management)
Posted
Hi all,
We manage about 850 devices on our ER6.
We have a large panel of windows OS from XP to 10 and from 2003 to 2012 R2.
Now we are facing a big issue, about 10% of the agents haven't joined the console since weeks, mounths... Ok some computers are quite never powered, some others are dead.
But we realise that most of those 10% never joins the console because agent is totally out of service and we have to reinstall it manully !
It seems that the push update of the agent (we start with 6.3 and update to 6.4) breaks many agents !
I am very affraid about that !! have you got some similar experience ?!