Jump to content

j-gray

Members
  • Posts

    627
  • Joined

  • Last visited

  • Days Won

    5

j-gray last won the day on December 1 2022

j-gray had the most liked content!

About j-gray

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

5,625 profile views
  1. Circling back on this again to see if anyone has had any luck running agent installs remotely?
  2. I created an alert for EI Incidents of Medium or High severity affecting servers, added a recipient, selected the groups to monitor, enabled the rule and had a successful test. However, when systems in those selected groups trigger a Medium severity incident (no High severity have occurred yet), I get no email alert. I do get other alerts not related to Inspect. The rule is pretty basic, so I'm not sure what the issue is or where to look:
  3. Eset Inspect cloud version 2.2.4046.0 was released a few days ago, but the updated EI Connector is not available in the EP Console to create an install task. Is there any ETA when it will be there?
  4. Our Remote Desktop Server creates many detections daily for 'Injection into system process [F0413b]'. The triggering processes are different, but as far as I can tell, the event is always, "CodeInjection tssdis.exe(6864) (ApcQueue)" What would be the proper syntax to exclude any Event triggered by tssdis.exe? Appreciate any assistance.
  5. Thank you for the quick response! I'll give that a try. I thought I recalled having dynamic groups when on-prem, so thought I might be missing something now that we're in the cloud.
  6. In EI Console when I'm creating an exclusion, the only available Target groups are groups from EP Console that were created by syncing Active Directory. I'm not seeing any of the other groups from EP Console, particularly Dynamic Groups. I'd like to be able to assign exclusions by OS but currently can only do so by Active Directory org units. Is this possible?
  7. I've searched the various documentation with no success. When I run epi_win_live_installer.exe /silent it runs silently but fails with error 1602 Per some other documentation, I tried epi_win_live_installer.exe /silent /accepteula which does not run at all and logs nothing. Am I missing any other secret command line arguments that will get this to work?
  8. Description: Streamline licensing and ESET components Detail: Too many components and licensing is cumbersome. Currently, we have three cloud consoles (EP, EI, EBA) to manage all functionality. We have two agent installs (macOS and Win), two EI Connector installs (macOS and Win), three AV installs (macOS, Win desktop, Win Server). We need separate hosts and installs for RD Sensor, another install for the Bridge and another install for the Active Directory Scanner. All with constant updates, etc. Major competitors use a single agent install that can have any functionality enabled or disabled as needed. So much simpler to manage versus these myriad components.
  9. @Marcos Thanks for that --totally missed the licensing limitation. RD Sensor could provide functionality that we desperately need, but just isn't viable with the current model. There's no way we can deploy them at every site and on every subnet, particularly given there is no install for macOS. The manual install is painful, as well. It would be great if this functionality was built into the existing agent and could be enabled if/when needed on any client.
  10. The following seems to work: Install WinPcap then install RD Sensor Stop RD Sensor service Uninstall WinPcap and install Npcap (must choose the option to "Install Npcap in WinPcap API-compatible mode" Restart RD Sensor service Based on the trace.log file it appears to be working properly. The bigger issue is that we have 15 sites with 3-5 subnets each. I can't see doing this manual process a minimum of 45 times.
  11. That one hasn't been updated since 2015, wich gives me pause. It did install successfully on Windows 11, though RD Sensor looks specifically for WinPcap and won't proceed with the installation if it doesn't find it. I'm going to try installing WinPcap so I can complete the RD Sensor install. Then I'll remove it and install the current supported version of Npcap and see if that works.
  12. According to documentation, RD Sensor requires WinPcap wich was last updated in 2013, has been deprecated and is unsupported on current operating systems. It also has documented DLL hijacking vulnerabilities. I tried installing Npcap, the recommended alternative, but the RD Sensor did not detect WinPcap, so would not complete the installation. Is there any workaround for this or any plans for ESET to accommodate Npcap?
  13. @Marcos The underlying issue is that when it's unable to scan a file, it considers it an 'antivirus detection event'. Which then triggers a Malware Outbreak Alert to be sent, creating a false alarm. Is there a way to exclude 'unable to scan' from antivirus detections so that we only get notified of actual detections? In this most recent case it appears to be due to a password protected file, which generated 143 alerts.
  14. Hi @Marcos Here's an example we see frequently across our Macs. It's an ESET pkg file that triggers a critical alert in the EP Console. The specific detail is in the screenshot below. Another we see continuously is from pkg files in the OS X update repository where a bunch of pkg files live: file:///System/Volumes/Data/Library/Updates/
  15. We get a ton of these alerts flagged as critical. Always specific to OS X and frequently either dmg or pkg files. These are triggered by the on-demand scanner using the default archive scan settings. Assuming it's expected that ESET can't fully scan these archives is there a way to reduce the severity reporting in the console? We'd prefer not to exclude these files from scanning and it's not entirely limited to dmg and pkg files, though those are the bulk. Are there any best practices or ways to address this?
×
×
  • Create New...