Jump to content

Georgi Stoychev

Members
  • Posts

    30
  • Joined

  • Last visited

About Georgi Stoychev

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Bulgaria

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello, In relation to CVE-2024-3661, we would like to know if it's possible to somehow block DHCP packets, which contain option 121 on the endpoints, through ESET Protect's Firewall?
  2. Hello, Is there any progress on this issue, since we haven't officially received a response if the file has been whitelisted, but we tested it on a few laptops and ESET is no longer marking it as malicious.
  3. Hello, We have several employees who travel often and from time to time, they connect to client networks. Recently, one of them connected to such network and in our ESET protect on-prem console, we received multiple alerts from the Firewall module that Security vulnerability exploitation attempt was detected on the endpoint. There is a high chance that this really was such an attempt, but our employee was not aware of this, and he said that he hasn't seen such notification. Is there something we can do to show these notifications on the endpoints as well, since we couldn't find such option in our console?
  4. We have already submitted the file on Friday, but we still haven't received a response.
  5. We observe that this file is being blocked as well - https://github.com/chocolatey-archive/chocolatey/blob/master/src/helpers/functions/Get-ChocolateyWebFile.ps1
  6. The signature of the file, which is being detected in our environment has signature 500E26623522A4EF037924832366675616E4D39F.
  7. Here is some additional info on this case: We've copied the code in a .txt file + running a manual scan - the file is "clean" When the file is renamed to .ps1 + running a manual scan - the file is "bad" When half of the code is in the .ps1 file (tried with both halves) + running manual scan - the file is "clean" I am attaching the problematic file in .txt format. get-chocolateywebfile 1.txt
  8. Hello, We are using Chocolatey in our corporate environment, and started to receive thousands of alerts about this file being malicious - "file:///C:/ProgramData/chocolatey/helpers/functions/Get-ChocolateyWebFile.ps1". For the moment, we have added an exclusion in our ESET Management Console, since we received about 1000+ alarms. Can you tell us how can we investigate further what could be the cause of it? It seems pretty serious.
  9. Hi Marcos, The old certificate was about to expire next month. We just restarted the server and we can see that the clients are connecting again.
  10. Hello, Couple of days ago, we changed our ESET Protect On-Prem server certificate, as it was about to expire, and the old certificate was revoked. Today we see that several computers, which were offline when we replaced the certificate, are not connecting to the server. We saw in the logs in "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs" an error message "Error: Remote server peer certificate is not trusted by this agent. Details: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x4, X509CSF_Revoked, certificate" We have a backup of the old server certificate, but would like to use the new one. Is there some step that we may have missed when we changed the old certificate? We haven't restarted the server after the change. Could that be the issue?
  11. Okay, thank you. This is the first occurrence of such issue, since we are using ESET Protect (about 3 years), and we are not sure how we could reproduce it
  12. Hi Marcos and thanks for the reply! Is there anything we should do on our side?
  13. Hello, One of our colleagues received an alert that the update information is not consistent and that he should restart his computer. After the restart, the following notification appeared: After a few minutes, we checked the ESET Protect console and there wasn't anything disturbing about that particular computer and the status was OK. What could be the cause of this issue and should we be worried about it?
  14. Hi Marcos, Thank you for the suggestion. This occurs with all of our machines. There are users logged in, each time such notification is received. This is the current configuration of the notification:
×
×
  • Create New...