Jump to content

FailedExpermient

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by FailedExpermient

  1. I did test the * in the middle of a path with EICAR, and it seems to work, although I don't really like that it's not officially supported. I can live with that as long as it continues to work. However, I haven't found a way to exclude processes that will be running from each users' %appdata%. Maybe not possible?
  2. I have read through: https://help.eset.com/ees/8/en-US/idh_performance_exclusion.html https://help.eset.com/ees/8/en-US/idh_config_processes_exclude.html I have an application (iManage Work) that primarily runs from the %appdata% directory of the users profile. This includes process executables that we need to exclude. After reading the documentation and discovering that user variables are not supported, it seems the only way to exclude directories is by using a wildcard character in the middle of a path (ex, "C:\Users\*\AppData\Roaming\iManage"). This is specifically warned against here: https://support.eset.com/en/kb7223-using-wildcards-in-the-middle-of-paths-in-file-and-folder-exclusions-in-eset-products The processes are also run from the user %appdata% directory, and so I cannot enter in a common path. When I try to use a wildcard, I cannot complete the entry at all. How can I accomplish the application exclusion requirements in ESET? I also need to make the exclusions on a terminal server where there will be multiple concurrent users. For reference, here are the exclusions the application requires: Directories: %appdata%\iManage %localappdata%\iManage %temp%\iManage %temp%\dotnetbrowser-chromium Processes: %appdata%\imanage\work\chromium\emm\GZipCompress.exe %appdata%\imanage\work\chromium\emm\64bit\browsercore64.exe %appdata%\imanage\work\chromium\adfs\GZipCompress.exe %appdata%\imanage\work\chromium\adfs\64bit\browsercore64.exe
  3. I just upgraded the server to the lastest version of ESMX. Now we've seen this event log warning pop up a few times: "Warning MSExchangeFrontEndTransport 1022 SmtpReceive Anti-spam agents are enabled, but the list of internal SMTP servers is empty. If there are any MTAs between this server and the Internet, populate this list by using the Set-TransportConfig cmdlet in the Exchange Management Shell." We did not see this occur when we installed the previous version. Edit: i should note that we have ESET's anti-spam feature disabled.
  4. Thanks. We are currently testing ESMX and so only one exchange server had it installed. If internal emails aren't being scanned this makes sense (except for the outlook plug-in not catching it) Maybe while I'm here i can ask one other question: In the settings, the help refers to Mail transport protection and enabling database protection. However, I don't see the database protection option.
  5. On this subject, we recently installed ESMX on your Exchange 2013 server. It mostly has default settings, but can provide specific ones upon request. My question is, we had an internal user forward some obvious phishing emails to mailboxes on the server with ESMX installed. ESMX didn't catch them. The ESET Outlook plugin didn't catch them. However a manual database scan did. Why the disparity? We have mail transport protection enabled. The whole idea was to catch infected emails before they even reach the user. Also, is it possible to quarantine the email from an on-demand database scan? I only see options to delete the object. We may not wish to do so automatically in case of false positives.
  6. I'm having the same issue across all of my clients. Is this tool freely available or do I need to call support to get it?
  7. Thanks Michal. I was afraid that was the case. I'm glad they are planning for it, I hope that it is released soon!
  8. As seen in hxxp://support.eset.com/kb3647/, how can I do this with ERA 6? I looked but didn't see an ERA 6 specific KB, sorry! Please note I'm not looking to enable/disable via policy, this instead would be used only when I want to do it for a specific machine on a temporary basis.
  9. the Remote Administrator appears to only export as a .dat file (presumably for importing back into RA). I need to export a policy I configured for use with non-RA managed clients, which appear to only accept xml files. I could configure the client itself and export from there, but that is undesirable since I'd always have to have client available to mess with when I need to make changes. It makes more sense to make the changes in RA and export from there. Is there a way to accomplish what I need to do remotely?
  10. Thanks Marcos. For now I've disabled the server, and the freezing on the clients has stopped. I'm not sure how to safely test if the hotfix works without exposing all my clients to the problem again, so hopefully others can reply to see if it worked for them.
  11. My client computers are having this issue now as well. I upgraded the components on my server only, and soon after I started getting calls about workstations freezing (windows 7 sp1 x64). Aside from a client side patch, is there anything I can do server side to prevent the crashing? I disabled the "eraserversvc" service in hopes that the freezing is caused when the clients connect to the server. It will take some time to create, test and roll out that hotfix to all of the clients (since wsus doesn't support msu) and in the mean time I cannot continue to have random freezing PC's.
  12. How do I change my Display Name? The FAQ said the option would be in your "My Settings", but I do not see it.
×
×
  • Create New...