tgr
Members-
Posts
13 -
Joined
-
Last visited
-
Sorry, its ESET Inspect. mh ok but what is the best way to deal with such detections? because they are not important but always appear and perhaps cover up other important things? Is there an idea? or is that just the way it is?
-
Hi together I think i have a simple question but i haven't found a solution anywhere. We have detections and I want to create an exclusion for them. But now my problem: The criteria for creating an exclusion for this detection is the trigger that triggers it. So I want this detection to be seen as solved when the detection is triggered by a certain event. When I create the extension, I can specify various things (cmd line, signer, process path starts) but not the trigger event. How could I do that? Thank for the help! Kind regards
-
Ok I think it has something to do with WSL. When it is open as terminal then these detections are generated. When the WSL terminal is closed, the no detections are generated.
-
So there are also other process (for example visual studio code) who triggering this detection. So you mean something is not as it should be?
-
Hello We have the following Detections time to time: Detection: Injection into trusted process Triggering process: excel.exe Event: CodeInjection msrdc.exe The Triggering process can also be outlook.exe or winword.exe. But we don't understand how these detections are triggered. The msrdc.exe process has a connection to the local WSL (Windows Subsystem Linux). But why does it generate these detections when an Excel file is opened or an Outlook mail is opened? WSL runs in the background and actually has nothing to do with this. Can you help me please? Thanks!
-
j-gray reacted to a post in a topic: Automatic logout after a few minutes -- Eset Inspect
-
Hello together I have updated my Eset inspect server to version 1.11.2872.0. Since then I have had the problem that I am suddenly logged out automatically (and not after the automatic logout time). The following error message then appears: You're not authorized to execute this action (this user has admin rights). It happens most often when I am in the detections or rules section. I have then created a new user, also with admin rights, but the same thing happens there. Before the update, this worked without any problems. Can anyone help me? Thanks
-
ok should this also work with exclusions? I have tested it and I do not see the entry anywhere
-
Hello I have a question about exclusions. If I make an exclusion for a rule, do I still see those messages somewhere in the logs? Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). I use ESET Inspect 1.11. I also dont see a Debug message in the EI Logfile on the client. Thanks and kind regards!
-
Update ESET Inspect Server
tgr replied to tgr's topic in ESET Inspect On-prem (Detection and Response)
ok, but is there now update procedure? do i need to reinstall it? I have already updated eset protect -
Hello together Is there somewhere a tutorial how to update an existing eset inspect server? Or how can we update eset inspect server? Thanks for the help.
-
Update ESET Protect // JDK11 to JDK17
tgr replied to tgr's topic in ESET PROTECT On-prem (Remote Management)
Yes, this helped (specially the last part ->"Migrate your existing ESMC/ESET PROTECT Web Console to use JDK" I needed to change the Java Virtual Machine Path Thanks! -
Update ESET Protect // JDK11 to JDK17
tgr posted a topic in ESET PROTECT On-prem (Remote Management)
Hello together I need to update Java from JDK-11 to JDK-17 on my ESET Protect Server. Now I have installed JDK-17 and also set the variables (JAVA home/path). But when I go to the webconsole, I still get the message that Java 11 needs to be updated. Where did I forget a setting? I have restarted Thanks for help! -
tgr joined the community
-
Hello I have a question about exclusions. If I make an exclusion for a rule, do I still see those messages somewhere in the logs? Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). Thanks and kind regards!