thae

In ESET Protect go to Notifications. In Configuration select ESET INSPECT alerts . Rule name as the Filter by and enter the rule name. In Advanced Settings - Throttling you select Time-based Criteria and add the period you want.

I think this was shown when you enabled the management option... Yep, here's a screenshot of it: https://help.eset.com/protect_deploy_va/11.0/en-US/management_console.html?enable_disable_webmin_interface.html Other than that: https://help.eset.com/protect_deploy_va/11.0/en-US/index.html?passwords.html

With Rocky Linux the usernames changed for Webmin/SSH access. For Webmin it's root. For SSH it's admin. Seems like that's the reason, since you mentioned root

It depends, if you want to overwrite settings for the "Performance exclusion" which might come from a higher hierarchy group, then yes. But if you want to keep the settings which were inherited by a higher hierarchy group then select "append".

Here's the scan: https://www.virustotal.com/gui/file/b1a8ee1222eea5f199028d90b9b77c2acf46d6d84a9e125403b2888c6f681c72 Intel Management Engine Driver version: 2336.5.2.0

Some of these events have to be false positives. It triggered on my PC with the latest driver from March 2024 and on an affected PC I updated the driver with a driver from February 2024 and it still triggered the event.

Downloaded the old file from the archived repo with SHA-1 20da70c2bb02e107cd85d8cc6957c2345140f27b and scanned it locally, no detections. Downloaded the old file from the active repo with SHA-1 500e26623522a4ef037924832366675616e4d39f and scanned it locally, no detections. The blocked SHA-1 hash from ESET Protect was DC303D4BE2BDBC54578676362C50900724132DFB So I don't know which script version the endpoints which have chocolately has.

Okay, so after 1:25h it finally finished. So if anyone else has this occurrence. Get some tea and wait patiently. 🙂

So I wanted to update to the latest ESET Inspect On-Prem and now it's stuck at 75% while updating the database. It's been there for about an hour and it never took that long. According to the changelog, it doesn't look like much new stuff was added and it says to not restart the installation. So, wait some more hours? During this time we won't get alerts though. Anything else I could do?

Do you have HIPS enabled and that it should log every blocked action? If yes, disable that, only use that for debugging. I had one PC where it took about 20 GB. If that isn't it, look in that folder which kind of files these are, maybe use TreeSizeFree to get a better overview of that folder.

Can it be that the password of the EI_SERVER has expired? I don't know if I had the same error, but the problems you described with being randomly logged out was the same for me some time ago. I fixed it by firstly giving the EI_SERVER user a new password and then reran the installation script of ESET Inspect where you have to enter the user under which it should run and the password. Make sure to put in "ei_server" in small letters, even though the name's all in capitals. That was a problem for me at least.

Does your comment still hold true about manually upgrading the proxy from official Apache resources? https://forum.eset.com/topic/30598-apache-http-proxy-version-24481-is-out-of-date/?do=findComment&comment=143286 Because the ESET Apache HTTP Proxy is still version 2.4.56

Got another JS/Agent.RCW Trojan for www.sprintbox.de What do you look for in the raw details to determine if it might be a true positive? Something like obfuscated JS? For the named website I found function _0x9e23(_0x14f71d,_0x4c0b72){const _0x4d17dc=_0x4d17(); ...$andSoOn... Does this look like strange, obfuscated JS?

Hi there, so after the update to ESET Mail Security 10.1.10012.0 we got the error that HIPS is disabled, thus, events cannot be received. HIPS is enabled in policy and when I check on the server itself. Other events get shown in ESET Inspect, so EDR itself is working on the server. When I look into the EIConnector log I see an error "047f0 Error: WmiExecutionLog ProcessTrace failed. The instance name passed was not recognized as valid by a WMI data provider" at the same time which gets shown in ESET Protect. Anyone else having this?

There's no KB for 1903, only for 2004 and upwards. You have to update your Windows 10.