cyb

I am using ESET PROTECT and ESET Endpoint Security. One of my user has security alerts when accessing https://paolimoto.com website. Not our site but we can, if needed, suggest changes. ESET Endpoint Security complains about an "HTML/ScrInject.B (Trojan)". I see no issue for this website on Quterra : https://quttera.com/detailed_report/paolimoto.com On ESET PROTECT, I see 2 quarantined objects: https://paolimoto.com: 0c0ddd91f49c66de247c41e7d63fd8eb0ed2f909 https://paolimoto.com/maxxess-chambery : 90f9c7abffda694c4b788911d3d1b1084b437ddf How can I know/double check what is the real issue with this website and fix it?

It a (third-party owned) preproduction/staging web site. Accessed over the public Internet using a public FQDN (not an IP). TLS certificates looks OK: issued by Sectigo and USERTrust. The Qualys SSL Labs tests returns no special error on the certificates (content and path).

We have an issue were users cannot authenticate on an web page using: WWW-Authenticate: NTLM WWW-Authenticate: Negotiate When accessing the URL, the user gets the credentials prompt from it's browser (Firefox or Chromium) but gets re-prompted (occurs when the server rejects the credentials and tells the browser with a 401 HTTP response which re-ask for credentials). When I disable the "SSL/TLS filtering" authentication works fine. I have no issue authenticating on HTTP Basic Auth (WWW-Authenticate: Basic realm="foo"). I am not really used to NTLM authentication: is there something I can configure to keep filtering SSL/TLS but make NTLM auth work? Using: Windows 10 Pro ESET Endpoint Security v10.0.2045.0

Hello, I have a running ESET PROTECT instance on a server, accessible by the "eset.example.com" FQDN. I would like to make it also reachable, by the ESET Management Agents, under another FQDN (say "av.example2.com"). My agents are not showing up on the ESET PROTECT web console (ERA) and the logs contains: Looking a the certificate I get from port 2222: I think it's only a matter of adding SAN to the (issued by the ESET PROTECT Certification authority "CN = eset.example.com Server Certification Authority, C = US"): but how to do that?

Thanks.

(Private message sent) As a I said, I know theses URLs are seen as potentially bad (but I don't know why) but I think they are false-positive, and I thought I could use LiveGrid to avoid blocking for some of theses.

I can't really publicly share the URL (can do privately though). What actually happened is that Chrome attempted a GET on an URL which contains (in the query string) an URL which ESET think is bad. OK, so the display of LiveGrid reputation on the detection details window is misleading.

I am using ESET PROTECT and ESET Endpoint. One URL is blocked by the Web protection module (PUA blacklist) but is declared « Safe » by LiveGrid: is there a way to make the Web protection use LiveGrid's reputation? I am getting a few false positive like this one over the organization and if I could avoid such errors by trusting LiveGrid it would be great. The detection details follows (emphasis mine): ----- Web protection An attempt to connect to URL Occurred: November 3, 2022 17:12:35 Occurrences: * Total 4 * Resolved 4 * Handled by product 4 Cause: Blocked Hash: C0E20A0172694DF8441C75B848A86BEA97C2CE17 Uniform Resource Identifier (URI): ***redacted*** Process name: C:\Program Files\Google\Chrome\Application\chrome.exe Event: An attempt to connect to URL Rule: Blocked by PUA blacklist Scanner: HTTP filter Target address: ***redacted*** User: ***redacted*** ESET LiveGrid® Observed worldwide (ESET LiveGrid®) Reputation: Safe (8) Popularity: 10000000 - 99999999 computers (approximation) First seen: 2 weeks ago Detection observed in organization Count: 17 First time: November 3, 2022 11:33:29 Last time: November 8, 2022 15:20:18 -----