Jump to content

StotheR

Members
  • Posts

    33
  • Joined

  • Last visited

Everything posted by StotheR

  1. A technical support told me steps how to fix this: -Deactivate HIPS -Restart -Update ESET Installation -Restart -Activate HIPS -Restart -ESET installation is happy like never before Worked for me
  2. All affected servers have File Security v9.0.12013.0 installed. And this was just the first wave of reboots due to Windows Update instllation. This night will come a lot more
  3. Yes, all affected servers have 9.0.12013.0 installed and rebooted last night. And there will be a lot more reboots this night. How can we fix this? File Security Update fails with Windows Eventlog messsage error 1922
  4. Hello, we have the exact same problem with many servers. First I guessed it had something to do with Windows updates, but according tho this thread here, it looks like it had somethin to do with a system restart (which happend after Windows update installation last night). Our Windows Server systems are all up to date, so they shouldn't missing the relevent ACS KB. Is there a easy way to fix this?
  5. Hello Community, we have a rather big amount of systems with problems with File Security v9 after installing current Windows updates. Every system which installed the freshly released Windows updates looks like: Windows server versions from 2016 to 2022 are affected like this. The update on Windows Server 2022 from yesterday is KB5033118, and on Windows Server 2016 it is KB5033373. Any help would be appreciated. Kind regards
  6. Hello everyone, today my ESET Endpoint Antivirus with version 10.0.2034.0 detected a potentially unwanted application with following message: CompuTrace seems to be some kind of protection again theft, that could not be turned off in a way ESET never detects it again. Google leads me to a ESET KB article https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection to create a detection exclusion. But how do I know, whether that message is really unproblematc? Couldn't it be real malware?
  7. How do I do that? Just export log entries from ESET Server Security on the remote system or export via ESET PROTECT?
  8. I did as you said and have Log Collector logs, but I cannot open a ticket because the logs are larger than 21MB
  9. Update: I just called with another customer, who works on the same remote server as the one mentioned above. She received the same mail but ESET detected the malicious attachement and cleared the mail.
  10. Hi there. A customer informed me about a suspicious mail with img file attachement. The customer works on a remote desktop environment with Windows Server 2019 Standard and ESET Server Security 9.0.12.13.0 installed. He received the mail via Outlook. When I download the mail with attachement or just the attachement to file system and start a manual ESET scan, it is cleaned by ESET. I uploaded the mail to virustotal.com and it was also detected malicious by seven checks. I asked him to forward the mail to me. I have ESET Endpoint Antivirus installed and as soon as the mail arrived in my inbox it was detected and cleaned by ESET. How is it possible, that there is a difference in detection??
  11. Clients connect directly to the internet, no proxy in use. Outgoing traffic is not limited, everything's open to the internet. It seems to me thats only a temporary issue, because it occurs only every now and then and I guess connection to the cloud is done more often. Here are occurences of the log message of two different Windows Server 2016 VMs at two different sites: System1: 01.09.22 10:30 -> update to ESET Server Security v9 01.09.22 13:49 -> first occurence ever on that system 30.09.22 15:04 -> last occurence on that system System2: 26.08.22 10:05 -> update to ESET Server Security v.9 26.08.22 14:20 -> first occurence ever on that system 02.09.22 13:28 09.09.22 19:13 14.09.22 7:23 -> last occurence on that system
  12. Hi there, since we updated a bunch of Windows servers from ESET Server Security v8.x to v9 (9.0.12013.0) we notice sporadic "limited cloud connectivity" messages in ESET event logs. Is there anything we should do about the messages? The systems run at differnt datacenters at different sites so I can rule out internet connectiviy issues, because systems were online at the time of occurence
  13. is antivirus protection active when a client is updated via automatic product updates and waits for reboot to install the new version?
  14. Indeed there was a policy that overwrote smtp settings. Fixed it. Thank you
  15. Hello everyone, recently I changed some policy settings of our default ESET Endpoint for Windows policy, that is assigned to all ESET clients on our hosted PROTECT server. To be specific I altered notification settings in terms of smtp server and smtp user and so on. Apparently the settings haven't been deployed. Yesterday I noticed coincidentally that a client sent a Mail with old smtp settings. After that I checked few other clients, all of them have old smtp settings. Do I have to deploy actively a policy after changes or am I missing something obvious? All checked clients are online and responded recently to ESET PROTECT and there is no other policy that overwrote my settings.
  16. Okay, thanks so far. How does it behave, if we deactivate a client and respectively its license on the ESET PROTECT on prem server when the client is already decommissioned at that time and will never connect to the ESET PROTECT server again? Should the license be freed than?
  17. Thank you for your answer. How does it work, when I add a customer license with dedicated ELA account to our central EBA account? Does the mail contact receive another mail to confirm the process?
  18. Thank you for your answers so far. I'm talking here about major version updates e.g. from 7.2 to 7.3 which require always a reboot as far as I know.
  19. Hi, many of our systems has to be online during daytime, so we do ESET updates at night. This is quite annoying because of late working hours. What are negative effects when we update an ESET client and plan the restart in the following night? Is ESET Antivir (Endpoint, File and Mail Security) still fully functional or is the system not secured by ESET until it's restarted? Regards
  20. Hi there, as IT service provider we administer the ESET licenses for our customers with hundreds of client licenses (Endpoint Antivirus/Security, File Security, Mail Security). Therefore we run an ESET PROTECT on prem server which contains all of the licenses. When a client was decommissioned, we removed it on ESET PROTECT while thinking that should be enough to free the relevant client license. Recently we noticed that client licenses are not freed through this process (anymore?). I came across ELA web interface and created accounts for some customer licenses. Looks like it's possible to free client licenses there. When I do that the client license/unit counter decrements in ELA but the change is not syncing to our ESET PROTEC server though. Besides ELA login page shows, that it's not fully supported an a legacy portal. So what is the correct way to manage ESET licenses and to free license seats? Regards
  21. Most of the source IPs differ. Every now and then one IP tries it multiple times. I also assume its some sort of brute force attack or a port scan. RAPs and CAPs are configured on the RDS Gateway. Only thing that made me wondering was that detections in ESMC weren't resolved and handled automatically and one had the possibility to resolve it manually. I just checked ESMC and since creation of my thread, detections of security vulnerability exploitation are handle and resolved automatically.
×
×
  • Create New...