[Real-time protection on FILE SECURITY for LINUX server]

On 20/6/2017 at 10:45 AM, V2TW said:

On Linux, you have to enable real-time protection(on-access protection) for specific processes and folder you want to protect. ESET provides you with 2 options to do real-time protection, one is Dazuko kernel module which requires you to download the source code, compile and load the module yourself, generally speaking this is not a very good option for most people. Another one is using preload LIBC library, which doesn't require you to compile anything but you have to specify the processes you want to protect by setting LD_PRELOAD variable before running these processes(generally daemons)

For instance, a typical scenario is to protect Samba (smbd) by modifying its init script (/etc/systemd/system/multi-user.targets.wants/smb.service in CENTOS7) by adding 

LD_PRELOAD=/opt/eset/esets/lib64/libesets_pac.so

to Environment= configuration(see attached screenshot), then restarting the service:

systemctl daemon-reload && systemctl restart smb

This way when any user tries to copy infected files from shared folder, it gets detected and cleaned.

Likewise, if you want to protect wget, you have to set LD_PRELOAD everytime you call wget, for instance using wget to download Eicar:

LD_PRELOAD=/opt/eset/esets/lib64/libesets_pac.so wget hxxp://www.eicar.org/download/eicar.com

Check in /var/log/messages that eicar file is detected and quarantined.

Besides setting LD_PRELOAD variable, you also have to add the directories you want to monitor under [pac] ctl_intl in esets.cfg (I can see you already did it using the web interface Agent PAC). It's not necessary to set the one in Agent DAC if you're not using the Dazuko module.

Another option is to put LD_PRELOAD in /etc/ld.so.preload so that all processes are monitored globally on boot, but there might be a significant impact on performance and stability of the system according to the docs. Interestingly NOD32 for Linux Desktop uses /etc/ld.so.preload.

Hello,

great tutorial,

i want to ask, how about server that not use samba?

we want to protect our web server that have folder for web content and we want eset real-time protect it.

 

thank you

 

[How to Block Tethering Device]

Hello,

Our customer want to block tethering connection from usb smartphone with device control, but no luck.
Block modem, portable device and even All device type still cannot block the connection.

They said symantec can block tethering via device ID.

IS there anyway to block tethering device.

Thank you,

[Failed upgrade era ova]

hello MartinK,

thank you for help.

finnaly success migrate ova 6.4 to 6.5

here what i do:

1. deploy era 6.5 ova
2. pull database from era 6.4 ova

3. configure era appliance 6.5 ova, just setup the password.

4. and finallly, here the result.

[Failed upgrade era ova]

Hello,

currenty user use era 6.4 and want to upgrade to 6.5
acording to this tutorial hxxp://help.eset.com/era_deploy_va/65/en-US/index.html?va_recovery.htm
we try to upgrade to latest version, buat failed with this message

 

Restart ova, and this happen.

here appliance-configuration-log.txt
era-ova-log.txt

 

is there anyone is already success upgrade era ova with this method?

thank you,

[ERA ova Probing database connection failed]

Hello,

Our user use era ova for eset server.

yesterday they said cannot access web console with error Login failed"connection has failed with state 'not connected'

check Era service and apache is running, but mysql not running

 

try to start mysql manually, end with this error

try to add explicit_defaults_for_timestamp = 1 under  [mysqld] but no luck.

how to solved this problem?

 

here trace log from server.
trace - Copy.log.txt

 

thank you.

[Infected by ransomware gebdp3k7bolalnd4.onion._]

hello,

our user infected by ransomware and encrypt files to extention gebdp3k7bolalnd4.onion._
Eset already install in this computer and updated.

Quote

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

To decrypt your files you need to buy the special software. To recover data, follow the instructions!
You can find out the details/ask questions in the chat:
https://gebdp3k7bolalnd4.onion.to (not need Tor)
https://gebdp3k7bolalnd4.onion.cab (not need Tor)
https://gebdp3k7bolalnd4.onion.nu (not need Tor)

You ID:

If the resource is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button "Connect" (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address hxxp://gebdp3k7bolalnd4.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load

If you have any problems installing or using, please visit the video tutorial https://www.youtube.com/watch?v=gOgh3ABju6Q

 

is Eset already detect this ransomware?

Eset have decrypt tools for this ransomware?

i try use https://decrypter.emsisoft.com/cry128 but failed.

plese help

thank you,

[backup & restore of era server]

waiting for this one too lurr.

[Static Group Under Dynamic Group]

Hello,

 

Is there any plan to next era 6.5 user can create static group under dynamic group. Is there any reason why static group can be under dynamic group?

Here the case,
We have user that have 5 site with different location. I think the easy way to manage policy for all site is create 5 dynamic group (base on ip range) then create static group with spesific policy eg. block device under site name.

So if they want to move client from site 1 to static group called block device (under dynamic group site-1) is just click on dynamic group site-1 then move to static group block device.

For now, it's look like this

 

and user want group look like this,

 

Or is there any best practise to case like this?

 

thank you,

 

[http proxy era ova]

On 11/1/2017 at 3:48 PM, V2TW said:

On a side note, it seems that in the 6.4 appliance the  htcacheclean service isn't properly enabled regardless of whether ENABLE HTTP PROXY is selected during initial setup. I had to run following 2 commands to properly enable it:

 

mkdir -p /etc/systemd/system/httpd.service.requires

ln -s /usr/lib/systemd/system/htcacheclean.service /etc/systemd/system/httpd.service.requires

Thank you V2TW

Noted.

[All in one installer still need activation]

Hello,

 

Our customer have problem with all in one installer.

1. it only can download 32bit version. when download 64bit stuck at 25% then network time out

2. after install 32bit version, it still need activation.

ESET Remote Administrator (Server), Version 6.4.295.0
ESET Remote Administrator (Web Console), Version 6.4.281.0
ESET Endpoint Seccurity version 6.4.2014.0

how to solvee this problem?

Thank you,

 

[Can't access webconsole on virtual appliance]

menyimak.

[http proxy era ova]

Hello MichalJ,

Thank you for information.

[http proxy era ova]

hello,

ova is the best and fast way to have era server in network. good job to Eset team.

i want to ask something.

if we checklist option (Enables HTTP forward proxy for caching updates) in first time appliance configuration.

 

We need to to run this command or not?
hxxp://help.eset.com/era_deploy_va/64/en-US/index.html?enable_apache_http_proxy.htm

When i run that command, it says:

[root@era ~]# systemctl enable htcacheclean
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
   .wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
   a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
   D-Bus, udev, scripted systemctl call, ...).

 

Thank you,

[ESET Remote Administrator 6.5 private BETA signup]

hello,

i want to beta test era 6.5

 

thank you,

[Agent stop connect to era]

Hello,

 

We have a problem with agent cant connect to era server, all stop in exact time. Restart the era server can fix the problem. But it is not good option.

Use ERA 6.1

here agent trace.log

other question, how to upgrade era 6.1 to latest era with minimal problem.

 

thank you.

 

 

[Instalation end up prematurely]

Run combofix, detect several threat then install endpoint again with successful.

 

thank you.

[Instalation end up prematurely]

Yes i tried to run eset uninstaller in safe mode. But the problem persist.

[Instalation end up prematurely]

anyone can help?

[Instalation end up prematurely]

Hello,

 

try to clean with eset uninstaller but same result.

here install.log

 

install.log

 

thank you,

 

 

[Eset security for web server]

hello anyone..

[Eset security for web server]

hello,

 

is eset file security linux can implement for linux web server?

is it compatible with whm software?

 

thank you,

[Need libc6 file for ubuntu server 13]

Have you considered use of official Ubuntu old-releases repository (hxxp://old-releases.ubuntu.com/ubuntu/dists/saucy/)? You will find there packages: hxxp://old-releases.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i386_2.17-93ubuntu4_amd64.deb but I am not sure it is latest version available for this system.

thank you Martin for your help. now we can install EFS smoothly.

[Need libc6 file for ubuntu server 13]

Hello,

 

we try to install eset file security for old Linux ubuntu 13 code name saucy.

 

esets depends on libc6-i386 | libc6-i686; however: this error came out.
  Package libc6-i386 is not installed.
  Package libc6-i686 is not installed.
 

when we try to apt-get these file,

" Package libc6-i386 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source"

 

try to change repository and search from this site hxxp://packages.ubuntu.com, but no luck.

 

anyone have these file for ubuntu 3.11 so we can install it manually.

 

thank you,

[Login failed: Communication error]

sorry for late reply.

it seem the operating system problem.

 

so, we decide to use centos server and everything works fine.

 

thank you,

[Login failed: Communication error]

Hello,

 

we install era on ubuntu linux desktop 12.04

 

after all installation complete this error came up.

 

Login failed: Communication error

 

eraserver: running

tomcat: running

mysql: running

 

in the last error /var/log/eset/RemoteAdministrator/Server/last-error.html

 

CDatabaseModule

2016-Nov-22 11:12:00

Database connection down. Exception:[unixODBC][MySQL][ODBC 5.1 Driver]Can't connect to MySQL server on '127.0.0.1' (111) (2003)

CDatabaseModule

2016-Nov-22 11:12:00

Sending DatabaseStatusUpdate: isDbRunning=0

CDataMinersModule

2016-Nov-22 11:12:00

CDefaultWriteLogHandler: Failed to write log of type PERFORMANCE_SERVER_EVENT with error: [unixODBC][MySQL][ODBC 5.1 Driver]Can't connect to MySQL server on '127.0.0.1' (111) (2003)

 

how to solved this problem?

thank you.