Jump to content

tgr

Members
  • Posts

    13
  • Joined

  • Last visited

About tgr

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Switzerland
  1. Sorry, its ESET Inspect. mh ok but what is the best way to deal with such detections? because they are not important but always appear and perhaps cover up other important things? Is there an idea? or is that just the way it is?
  2. Hi together I think i have a simple question but i haven't found a solution anywhere. We have detections and I want to create an exclusion for them. But now my problem: The criteria for creating an exclusion for this detection is the trigger that triggers it. So I want this detection to be seen as solved when the detection is triggered by a certain event. When I create the extension, I can specify various things (cmd line, signer, process path starts) but not the trigger event. How could I do that? Thank for the help! Kind regards
  3. Ok I think it has something to do with WSL. When it is open as terminal then these detections are generated. When the WSL terminal is closed, the no detections are generated.
  4. So there are also other process (for example visual studio code) who triggering this detection. So you mean something is not as it should be?
  5. Hello We have the following Detections time to time: Detection: Injection into trusted process Triggering process: excel.exe Event: CodeInjection msrdc.exe The Triggering process can also be outlook.exe or winword.exe. But we don't understand how these detections are triggered. The msrdc.exe process has a connection to the local WSL (Windows Subsystem Linux). But why does it generate these detections when an Excel file is opened or an Outlook mail is opened? WSL runs in the background and actually has nothing to do with this. Can you help me please? Thanks!
  6. Hello together I have updated my Eset inspect server to version 1.11.2872.0. Since then I have had the problem that I am suddenly logged out automatically (and not after the automatic logout time). The following error message then appears: You're not authorized to execute this action (this user has admin rights). It happens most often when I am in the detections or rules section. I have then created a new user, also with admin rights, but the same thing happens there. Before the update, this worked without any problems. Can anyone help me? Thanks
  7. ok should this also work with exclusions? I have tested it and I do not see the entry anywhere
  8. Hello I have a question about exclusions. If I make an exclusion for a rule, do I still see those messages somewhere in the logs? Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). I use ESET Inspect 1.11. I also dont see a Debug message in the EI Logfile on the client. Thanks and kind regards!
  9. ok, but is there now update procedure? do i need to reinstall it? I have already updated eset protect
  10. Hello together Is there somewhere a tutorial how to update an existing eset inspect server? Or how can we update eset inspect server? Thanks for the help.
  11. Yes, this helped (specially the last part ->"Migrate your existing ESMC/ESET PROTECT Web Console to use JDK" I needed to change the Java Virtual Machine Path Thanks!
  12. Hello together I need to update Java from JDK-11 to JDK-17 on my ESET Protect Server. Now I have installed JDK-17 and also set the variables (JAVA home/path). But when I go to the webconsole, I still get the message that Java 11 needs to be updated. Where did I forget a setting? I have restarted Thanks for help!
  13. Hello I have a question about exclusions. If I make an exclusion for a rule, do I still see those messages somewhere in the logs? Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). Thanks and kind regards!
×
×
  • Create New...