Jump to content

Mohsen Ghaffari

Members
  • Posts

    34
  • Joined

  • Last visited

About Mohsen Ghaffari

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Germany

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thank you for the reply. would be nicer if it could be incorporated to the Audit Logs, since they get ingested to the SIEM easily without having to install any agents on the ESMC. sounds like a nice feature request to me
  2. Hi, I’m trying to find out the source host (IP address) from which a user has logged into the ESMC console. When I checked the audit logs, I noticed that they don’t seem to record the source IP of the login attempts or sessions. This makes it difficult to trace back where a login originated from. Given the importance of tracking this information for security audits, I’m wondering if anyone has come across a way to retrieve this data. Thank you.
  3. Hello ESET Community, After updating to the lastest 2.x version of eset inspect getting the following in the trace logs on the clients. appreciate any help. 2024-01-11 06:45:16 Warning: CSystemConnectorModule [Thread 26c0]: GetEsetProductQueryParameters: Detected unknown ESET Application 'ESET INSPECT Connector' (GUID: {2B0D8111-1B8E-45EE-A09C-B8AFC56EEF60})
  4. Hello ESET Community, I've been using ESET for a while now and I'm interested in understanding which modules are licensed and available for me to use. Can anyone provide guidance on how to check for the licensed modules in my ESET software? I appreciate any assistance or insights! Thank you in advance.
  5. Thank you for your feedback. I uploaded the requested logs. eea_logs.zip
  6. Hello ESET Community, I'm reaching out today because we've been experiencing a persistent issue with our ESET that's causing a lot of frustration. Specifically, we're having problems with ekrn.exe causing extremely high CPU usage when using the Webex application. Here's a bit more detail about the problem: Problem Description: Whenever we open the Webex application, start a meeting, or someone shares their desktop, our virtual machine (win10) becomes almost entirely unresponsive due to the high CPU usage of ekrn.exe. This problem is significantly impacting our productivity, as you can imagine. System Information: - Operating System: Windows 10 (VM) - ESET Product Version: ESET Endpoint Antivirus - Webex Application Version: Webex version 43.8 with VDI plugin As part of our troubleshooting efforts, we've taken the following steps: · Enabled Advanced Operating System Logging. · Started the Webex application and let it run for approximately 2-3 minutes. · Collected the logs(ALL) using the ESET Log Collector. Thank you in advance for your help, and I look forward to hearing from you.
  7. Hello ESET Community, I was wondering if someone could help me figure out how to add some user-specific process exclusions. Is the limitaion only specific to the scan exclusion according to the ESET Knowledge Base? I need to exclude the following processes from real-time protection: C:\Users\%USERPROFILE%\AppData\Local\WebEx\CiscoWebExStart.exe C:\Users\%USERPROFILE%\AppData\Local\WebEx\WebexHost.exe Thank you.
  8. I performed the update by sending the software install task. the version in the gui is 10.1.2050.0.
  9. Hello ESET Community, I wanted to share an issue I encountered yesterday while updating 20 test machines to ESET Endpoint Antivirus version 10.1.2050.0. Unfortunately, it seems that there was a hiccup during the update process, and I'd like to discuss the problem and seek assistance. Issue Description: After updating these 20 test machines to ESET Endpoint Antivirus version 10.1.2050.0, I observed that 5 of them ended up in an unusual situation. The problem is that although the endpoint antivirus was successfully updated, the application itself does not appear in either the Windows programs list or the ESET management (on-prem ESET Protect)under Product and Licenses, as shown in the attached screenshot. Affected Systems: - Operating System: Windows 10 22H2 - ESET Endpoint Antivirus Version: 10.1.2050.0 Troubleshooting Steps Taken: 1. Checked for any errors or warnings in the Windows Event Viewer, but found no relevant entries. Checked the software-install.log and found lots of errors regarding not enough privilege, which should not be the case, since the update was rolled out via ESET protect. 2. Attempted to manually uninstall ESET Endpoint Antivirus from one of the affected machines, but was not able to boot into safemode.(virtual desktop) Has anyone else encountered a similar issue when updating to version 10.1.2050.0? Any insights, recommendations, or solutions would be greatly appreciated. If you require any additional information or logs from the affected machines, please let me know, and I'll be happy to provide them to help diagnose and resolve this issue. Thank you for your time and assistance. software-install.log
  10. copied the the ca cert to /etc/pki/ca-trust/source/anchors and did an update-ca-trust afterwards. the agent started successfully.
  11. we actually use on-prem ESET Protect. Do I need to add the Digicert Global Root G2 to the trusted cert store too? where does eraagent store and access the agent and ca cert?
  12. Hello ESET Community, I have encountered a certificate trust issue with one specific agent on RHEL out of a group of 2500. While the majority of agents are working perfectly fine, this isolated incident has left me scratching my head. Issue Description: One of our agents is experiencing a certificate trust problem. We are receiving the following error message: Error: CAgentSecurityModule [Thread 7f9d66670700]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x0, X509CSF_NoError, certificate: [Subject='CN=Server at *, OU=***, O=****, L=****, S=NRW', Issuer='CN=**-******, OU=****, O=***, L=****, S=***', NotBefore=2021-Jun-01 22:00:00, NotAfter:2031-May-30 22:00:00, Serial=01d3da62fe1dab43008b274a19efe1029901, SHA256=d5801adae786af6987838b61c4a84b5ff9127528aecf754989946f192d17a6ad, SubjectKeyIdentifier=212b12601936b997d44efae7e8ab355e23d9d13b, AuthorityKeyIdentifier=2f2fd47cde0486750146f4df43aef26b832d4acc] EraGrpc [Thread 7f9d5ca3e700]: EraGrpc: EraTsiHandshaker::VerifyCertChainHandler untrusted certificate Peer: *****:2222 Code This is puzzling to us, as the affected agent is the only one experiencing this problem out of our substantial agent pool. Troubleshooting Steps Taken: We have taken the following steps in an attempt to resolve the issue: Agent Reinstallation: We uninstalled the ESET agent from the affected machine and then reinstalled it in hopes of resolving any potential installation-related problems. Unfortunately, the issue persisted. Network and Firewall Checks: We have reviewed our network settings and firewall rules to ensure that they are not causing any interference with the agent's communication. All settings appear to be in line with the rest of the agents. Time Synchronization: We verified that the system time on the affected machine is accurate and synchronized with the network time. Openssl version check: in line with other agents (openssl 1.1.1) Exporting the ca cert and importing under /etc/ssl/certs Despite our efforts, we have not been able to pinpoint the exact cause of the certificate trust issue on this specific agent. Thank you in advance for your assistance.
  13. Hello ESET community, We are in the process of migrating from Apache to ESET Bridge, and we're currently facing a challenge related to configuring thread limits in Nginx. In our existing Apache configuration, we have been using the following directives: ThreadLimit 8000 ThreadsPerChild 8000 These settings have been essential for optimizing our server performance under heavy loads. However, since we are transitioning to Nginx along with the ESET Bridge, we're uncertain about the equivalent settings and where to configure them in the Nginx setup. Could someone please guide us on how to achieve similar thread limit configurations in Nginx? We want to ensure that our new setup can handle the same level of concurrent connections without compromising performance and stability. Your insights and expertise are highly appreciated. Thank you for your assistance!
  14. Hey , I was wondering if there are any features within ESET that can help us achieve the above goal. like password-protecting the agent responsible for the Inspect Connector to prevent any tampering by unauthorized individuals. Cases for example where staff have admin rights on their machines. I'd greatly appreciate your insights. Thanks in advance for your time and assistance.
  15. HI, we have been observing a lot of the following error message in trace logs of ESET Protect Server. Any ideas on what the cause could be? currently we cannot confirm any general dns issues in the enviornment. Path of trace log: C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs\trace Error: NetworkModule [Thread 1df8]: Error reported by JobScheduler[Name:Dns job scheduler for network operation]. Error message is:Sending dns request failed with: The network location cannot be reached. For information about network troubleshooting, see Windows Help. Thanks
×
×
  • Create New...