Thank you guys for instant and high-quality help.
Problem been solved by turning HIPS logs off and deleting the logfile in problematic folder trough safe-mode.
Love you all ❤️
You can just download the latest version from the download page, run the installer and it will perform the upgrade for you. (fields such as database credentials and connection settings for ESET PROTECT should already be pre-filled)
As I understand ESET Bridge is only useful if you have a homogeneous environment with Endpoint Security 10+, is that correct?
So if I have some Endpoints with version 9, I cannot use Bridge?
Hi @thae, thanks for replying. I eventually did it like so:
<operations>
<operation type="UserLogin">
<operator type="AND">
<condition component="DoneByUser" property="Sid" condition="is" value="SYSTEM SID HERE" />
</operator>
</operation>
</operations>
<definition>
<process>
<operator type="AND">
<condition component="Module" property="SignatureType" condition="greaterOrEqual" value="90"/>
<condition component="FileItem" property="FileName" condition="is" value="lsass.exe"/>
<condition component="Module" property="SignerName" condition="is" value="Microsoft Windows Publisher"/>
</operator>
</process>
<operations>
<operation type="UserLogin">
<operator type="AND">
<condition component="UserLogonData" property="LogonType" condition="is" value="0" />
<condition component="Enterprise" property="ComputerGroupHierarchy" condition="contains" value="value" />
</operator>
</operation>
</operations>
</definition>
How about this rule?
I'm not sure if you can set exclusion without specifying a process and I'm not sure if your rule would even work.
Just from reading your rule I'd say it would exclude every logon type 0 event or if the device it happened on is in a specific OU/Group.
You can also change the last AND to OR in my example if you don't want both conditions to be met.
For those managing multiple computers via ESET Protect, and would like a more streamline way of removing this software from all computers, this can be done for the installed software, but not for the browser plugins. Browser plugins are managed by the individual browsers, and not directly by the OS.
These steps are not working 100% for the Bing Software mentioned in this thread. If I can improve upon this, I will post later.
Here are the steps to use ESET Protect to uninstall 3rd party software which can be seen by ESET:
This will guide you through the following:
Ensure ESET Protect can see installed non-ESET Applications
Create a dynamic group to group all computers with unwanted applications
Create tasks that will run...
...anytime a computer has the undesired software installed and shows up in the dynamic group (thus uninstalling the unwanted software anytime a new computer joins this group)
...one time run of the tasks on computers that already joined the group while you created the tasks (to uninstall the unwanted software from computers that had already joined this group)
I. Setup ESET Management Agent to report non-ESET Applications (only needed if not already configured)
In ESET Protect, navigate to "Policies > New Policy"
Name the policy "Report Non-ESET Applications"
In "Settings" ensure you select "ESET Management Agent" from the drop-down at the top
Expand "Advanced Settings" and locate and turn on "Report non-ESET-installed applications"
Assign to either the "All" group, or to specific groups/computers of desire.
Continue and finish creating the policy
At this point, it may take a bit for the non-ESET software to be reported to ESET Protect. Your endpoints will need to check in once to get the policy, then check in again to supply the new info, then ESET Protect will need to parse and put the info into the database. Default check in times are 10 minutes. So you should start seeing the non-ESET applications in about 30 minutes in the following area:
II. Check to see if ESET Protect sees the 3rd party applications:
In ESET Protect, open the details of an individual computer, then click on "Installed Applications"
If you can see Non-ESET applications, your settings are applied and working.
You can also check to see if you see your undesired software is visible and has a "Yes" in the column "Agent supports uninstall" which means ESET can attempt to uninstall this software
III. Create a dynamic group to group all computers with undesired software (this will help you see how many computers you have with the unwanted software, and allow for a quick way to uninstall the software)
In ESET Protect, click on Computers on the left, locate "Windows Computers" in the list of Groups.
Click on the gear to the right of this, and select "New Dynamic Group"
Name the group "Has Unwanted Software"
in the "Template" section, choose "New" and set the following:
Name: Unwanted Software
Expression:
Operation: AND (All conditions have to be true)
Click Add Rule and choose: "Installed Software > Application Name", and click OK
Click Add Rule and choose: "Installed Software > Application Vendor", and click OK
For Application Name, set to "is one of" and fill in the name "Microsoft Bing Service"
In the Application Name section, click "Add" and then fill in the name "Bing Wallpaper"
For Application Vendor, set to "is one of" , and fill in "Microsoft Corporation"
Should look like this:
Click Finish
Over a short time, you will see computers start to appear here. Next we will make a task to remove the undesired software.
IV. Create a task to start uninstalling unwanted software
In ESET Protect, click on Computers on the left, then locate your newly made dynamic group named "Has Unwanted Software"
Click the gear next to the group name and click "Tasks > New Task..."
Name the task "Uninstall unwanted software - Microsoft Bing Service" and in the "Task" drop down, select "Software Uninstall" and click "Continue"
In this Settings section, click on "<Select package to uninstall>" and select the first piece of software to uninstall "Microsoft Bing Service"
You may desire to click on "Uninstall all versions of package" to ensure any version gets removed.
Click "Continue" to get to the targets and ensure your desired target group "Has Unwanted Software" is showing in the list and then click "Continue"
In the "Trigger section" set the trigger type to "Joined Dynamic Group Trigger" (this will run this task on any computer as it gets added to our dynamic group, but not on computers already in this group. We will remedy this shortly.)
Continue and finish.
On your group "Has Unwanted Software" click the gear and choose "Tasks > Run Tasks"
Click on "Add Tasks" and find and checkmark your "Uninstall unwanted software - Microsoft Bing Service" and click OK
For the "Trigger" section, ensure trigger type is "As Soon As Possible" and click finish.
Repeat steps 1 through 11 but:
in step 4 select "Bing Wallpaper"
in step 3 and 10 use the task name "Uninstall unwanted software - Bing Wallpaper"
Hey ESET-Forum,
since today we got multiple PCs with a warning of BingWallpaperApp.exe from Module scan of system boot area and Module extended memory check. It's being declared as a variant of MSIL/Microsoft.Bing.A PUA.
Anybody else getting this? I'm pretty sure that's a false positive, never have gotten this before.
Description: Users can send request to allow a device
Details: When users plug in a blocked USB device, a pop up is shown to send an e-mail to the administrators for a request to allow this device. The Manufacturer, Model and Serial Number should be in this e-mail.
This was possible in our last Endpoint product, but in ESET it's kinda complicated. You have to enable diagnostics log, so that we can see all the device control info of a PC on the ESET server and the devices are marked with warnings, because that's enabled.