Georgi Stoychev

Hi Marcos, Yes, all of those settings are enabled. Just checked the endpoints on which the issue was present, and at the moment none of them have this warning.

Hello, From time to time, some of our colleagues receive the following warning on their endpoints, even though that we have disabled the notification in the ESET Protect console: The warning is also shown in the Protect Console. Any idea what is causing the warning, and how can we completely hide it on the endpoints?

Hello, In relation to CVE-2024-3661, we would like to know if it's possible to somehow block DHCP packets, which contain option 121 on the endpoints, through ESET Protect's Firewall?

Hello, Is there any progress on this issue, since we haven't officially received a response if the file has been whitelisted, but we tested it on a few laptops and ESET is no longer marking it as malicious.

Thank you for the explanation Marcos!

Hello, We have several employees who travel often and from time to time, they connect to client networks. Recently, one of them connected to such network and in our ESET protect on-prem console, we received multiple alerts from the Firewall module that Security vulnerability exploitation attempt was detected on the endpoint. There is a high chance that this really was such an attempt, but our employee was not aware of this, and he said that he hasn't seen such notification. Is there something we can do to show these notifications on the endpoints as well, since we couldn't find such option in our console?

We have already submitted the file on Friday, but we still haven't received a response.

We observe that this file is being blocked as well - https://github.com/chocolatey-archive/chocolatey/blob/master/src/helpers/functions/Get-ChocolateyWebFile.ps1

The signature of the file, which is being detected in our environment has signature 500E26623522A4EF037924832366675616E4D39F.

Here is some additional info on this case: We've copied the code in a .txt file + running a manual scan - the file is "clean" When the file is renamed to .ps1 + running a manual scan - the file is "bad" When half of the code is in the .ps1 file (tried with both halves) + running manual scan - the file is "clean" I am attaching the problematic file in .txt format. get-chocolateywebfile 1.txt

Hello, We are using Chocolatey in our corporate environment, and started to receive thousands of alerts about this file being malicious - "file:///C:/ProgramData/chocolatey/helpers/functions/Get-ChocolateyWebFile.ps1". For the moment, we have added an exclusion in our ESET Management Console, since we received about 1000+ alarms. Can you tell us how can we investigate further what could be the cause of it? It seems pretty serious.

Hi Marcos, The old certificate was about to expire next month. We just restarted the server and we can see that the clients are connecting again.

Hello, Couple of days ago, we changed our ESET Protect On-Prem server certificate, as it was about to expire, and the old certificate was revoked. Today we see that several computers, which were offline when we replaced the certificate, are not connecting to the server. We saw in the logs in "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs" an error message "Error: Remote server peer certificate is not trusted by this agent. Details: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x4, X509CSF_Revoked, certificate" We have a backup of the old server certificate, but would like to use the new one. Is there some step that we may have missed when we changed the old certificate? We haven't restarted the server after the change. Could that be the issue?

Okay, thank you. This is the first occurrence of such issue, since we are using ESET Protect (about 3 years), and we are not sure how we could reproduce it

Hi Marcos and thanks for the reply! Is there anything we should do on our side?