Jump to content

abbotti

Members
  • Content Count

    3
  • Joined

  • Last visited

Profile Information

  • Location
    Great Britain
  1. Thanks for the clue! Enabling mac address spoofing makes a difference. I have a VM running the CentOS ERA v6 server appliance and another VM running Ubuntu 14.04 with a component installation of ERA. I have turned on Mac Address Spoofing on both. The trace.log on both VMs now shows 9 probes out of 12 returning for a typical Windows 7 desktop machine, or 8 out of 12 for a Linux Samba server, and the machines are now showing up as rogue computers on the ERA web interface. Thanks again for your help! (Now I just need to work out what to do with them!) For the curious, mac address spoofing
  2. I also tried using an unsupported locale (en-GB in my case) the first time I installed the appliance, so having them documented would be good. Here are a couple of other things I found useful: If installed under Hyper-V, run: yum install hyperv-daemons to make keyboard input behave properly in the Hyper-V RDP session to the Linux text console. Otherwise it's a bit random whether a character typed on the keyboard gets seen by the Linux kernel. (This seems to be a problem with Linux on Hyper-V in general - it's even worse on systems where there is no feedback when typing a password!)
  3. I have been struggling to get rogue computer detection working with the ERA v6 virtual appliance on Hyper-V. I have been looking at the logs in /var/log/eset/RogueDetectionSensor/trace.log to try and figure it out. The first problem was a lot of errors similar to this: 2015-07-03 09:34:27 Trace: OSDetector: 10.0.0.182 [Thread 7f0460dfa700]: Port number: 139 is closed. Failed with error: Permission denied. System error code: 13 2015-07-03 09:34:27 Trace: OSDetector: 10.0.0.182 [Thread 7f0460dfa700]: Port number: 22 is closed. Failed with error: Permission denied. System error code: 13
×
×
  • Create New...