![](http://content.invisioncic.com/Meset/set_resources_11/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
thae
Members-
Posts
50 -
Joined
-
Last visited
-
Days Won
1
thae last won the day on June 23 2023
thae had the most liked content!
About thae
-
Rank
Newbie
Profile Information
-
Location
Germany
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Rule alert email and time window
thae replied to PaoloneCM's topic in ESET Inspect On-prem (Detection and Response)
In ESET Protect go to Notifications. In Configuration select ESET INSPECT alerts . Rule name as the Filter by and enter the rule name. In Advanced Settings - Throttling you select Time-based Criteria and add the period you want. -
D. Höfer | hcsystem reacted to a post in a topic: After VA (Rocky) Migration, cant login with SSH
-
I think this was shown when you enabled the management option... Yep, here's a screenshot of it: https://help.eset.com/protect_deploy_va/11.0/en-US/management_console.html?enable_disable_webmin_interface.html Other than that: https://help.eset.com/protect_deploy_va/11.0/en-US/index.html?passwords.html
-
D. Höfer | hcsystem reacted to a post in a topic: After VA (Rocky) Migration, cant login with SSH
-
It depends, if you want to overwrite settings for the "Performance exclusion" which might come from a higher hierarchy group, then yes. But if you want to keep the settings which were inherited by a higher hierarchy group then select "append".
-
Here's the scan: https://www.virustotal.com/gui/file/b1a8ee1222eea5f199028d90b9b77c2acf46d6d84a9e125403b2888c6f681c72 Intel Management Engine Driver version: 2336.5.2.0
-
Some of these events have to be false positives. It triggered on my PC with the latest driver from March 2024 and on an affected PC I updated the driver with a driver from February 2024 and it still triggered the event.
-
Downloaded the old file from the archived repo with SHA-1 20da70c2bb02e107cd85d8cc6957c2345140f27b and scanned it locally, no detections. Downloaded the old file from the active repo with SHA-1 500e26623522a4ef037924832366675616e4d39f and scanned it locally, no detections. The blocked SHA-1 hash from ESET Protect was DC303D4BE2BDBC54578676362C50900724132DFB So I don't know which script version the endpoints which have chocolately has.
-
JamesR reacted to a post in a topic: ESET Inspect On-Prem Update stuck
-
ESET Inspect On-Prem Update stuck
thae replied to thae's topic in ESET Inspect On-prem (Detection and Response)
Okay, so after 1:25h it finally finished. So if anyone else has this occurrence. Get some tea and wait patiently. 🙂 -
So I wanted to update to the latest ESET Inspect On-Prem and now it's stuck at 75% while updating the database. It's been there for about an hour and it never took that long. According to the changelog, it doesn't look like much new stuff was added and it says to not restart the installation. So, wait some more hours? During this time we won't get alerts though. Anything else I could do?
-
thae reacted to a post in a topic: ESET eated up 100+ Gb of space on disk and keep doing this.
-
ESET eated up 100+ Gb of space on disk and keep doing this.
thae replied to Karlend's topic in General Discussion
Do you have HIPS enabled and that it should log every blocked action? If yes, disable that, only use that for debugging. I had one PC where it took about 20 GB. If that isn't it, look in that folder which kind of files these are, maybe use TreeSizeFree to get a better overview of that folder. -
Can it be that the password of the EI_SERVER has expired? I don't know if I had the same error, but the problems you described with being randomly logged out was the same for me some time ago. I fixed it by firstly giving the EI_SERVER user a new password and then reran the installation script of ESET Inspect where you have to enter the user under which it should run and the password. Make sure to put in "ei_server" in small letters, even though the name's all in capitals. That was a problem for me at least.
-
BastianK reacted to a post in a topic: BingWallpaperApp.exe (MSIL/Microsoft.Bing.A) multiple warnings
-
Module update failed
thae replied to Morgane Daguanno's topic in ESET PROTECT On-prem (Remote Management)
Does your comment still hold true about manually upgrading the proxy from official Apache resources? https://forum.eset.com/topic/30598-apache-http-proxy-version-24481-is-out-of-date/?do=findComment&comment=143286 Because the ESET Apache HTTP Proxy is still version 2.4.56 -
Got another JS/Agent.RCW Trojan for www.sprintbox.de What do you look for in the raw details to determine if it might be a true positive? Something like obfuscated JS? For the named website I found function _0x9e23(_0x14f71d,_0x4c0b72){const _0x4d17dc=_0x4d17(); ...$andSoOn... Does this look like strange, obfuscated JS?
-
Hi there, so after the update to ESET Mail Security 10.1.10012.0 we got the error that HIPS is disabled, thus, events cannot be received. HIPS is enabled in policy and when I check on the server itself. Other events get shown in ESET Inspect, so EDR itself is working on the server. When I look into the EIConnector log I see an error "047f0 Error: WmiExecutionLog ProcessTrace failed. The instance name passed was not recognized as valid by a WMI data provider" at the same time which gets shown in ESET Protect. Anyone else having this?
-
santoso reacted to a post in a topic: ESET Endpoint products compatibility issue with Azure Code Signing (ACS) program