[Exclusions Criteria Trigger Event]

ok thanks for the idea
I will try that!

[Exclusions Criteria Trigger Event]

Can nobody help me?

So I have a detection (it doesn't matter which one because it occurs with different ones).

The triggerin Event is: CodeInjection %PROGRAMFILES%\wsl\msrdc.exe (APC queue)

Event:  CodeInjectionmsrdc.exe (ApcQueue)

 

What I want now is that such detections with this trigger event are automatically resolved.Because for me these messages are finished, I know where they come from.

Do I now have to exclude this in the rules?

 

 

•  

 

[Exclusions Criteria Trigger Event]

Is it now clearer what I mean?

[Exclusions Criteria Trigger Event]

Ok thanks for the idea. Here again a description what I mean:

So I mean I have a detection (it doesn't matter which one because it occurs with different ones).

The triggerin Event is: CodeInjection %PROGRAMFILES%\wsl\msrdc.exe (APC queue)

Event:  CodeInjectionmsrdc.exe (ApcQueue)

 

What I want now is that such detections with this trigger event are automatically resolved.Because for me these messages are finished, I know where they come from.

Do I now have to exclude this in the rules?

[Exclusions Criteria Trigger Event]

Sorry, its ESET Inspect.

mh ok but what is the best way to deal with such detections? because they are not important but always appear and perhaps cover up other important things?
Is there an idea? or is that just the way it is?

[Exclusions Criteria Trigger Event]

Hi together

I think i have a simple question but i haven't found a solution anywhere.
We have detections and I want to create an exclusion for them.

But now my problem: The criteria for creating an exclusion for this detection is the trigger that triggers it.

So I want this detection to be seen as solved when the detection is triggered by a certain event.

When I create the extension, I can specify various things (cmd line, signer, process path starts) but not the trigger event. How could I do that?

 

Thank for the help!

Kind regards

 

[Injection into trusted process -- Detections]

Ok I think it has something to do with WSL. When it is open as terminal then these detections are generated. When the WSL terminal is closed, the no detections are generated.

 

[Injection into trusted process -- Detections]

So there are also other process (for example visual studio code)  who triggering this detection.

So you mean something is not as it should be?

 

[Injection into trusted process -- Detections]

Hello

We have the following Detections time to time:

Detection: Injection into trusted process

Triggering process: excel.exe

Event: CodeInjection msrdc.exe

The Triggering process can also be outlook.exe or winword.exe.

But we don't understand how these detections are triggered.

The msrdc.exe process has a connection to the local WSL (Windows Subsystem Linux). But why does it generate these detections  when an Excel file is opened or an Outlook mail is opened?
WSL runs in the background and actually has nothing to do with this.

Can you help me please?

 

Thanks!

 

[Automatic logout after a few minutes -- Eset Inspect]

Hello together

I have updated my Eset inspect server to version 1.11.2872.0.

Since then I have had the problem that I am suddenly logged out automatically (and not after the automatic logout time).

The following error message then appears:

You're not authorized to execute this action (this user has admin rights).

It happens most often when I am in the detections or rules section.
I have then created a new user, also with admin rights, but the same thing happens there.

Before the update, this worked without any problems.

 

Can anyone help me?

Thanks

[Exclusions Eset Inspect]

ok should this also work with exclusions?

I have tested it and I do not see the entry anywhere

[Exclusions Eset Inspect]

Hello

I have a question about exclusions.

If I make an exclusion for a rule, do I still see those messages somewhere in the logs?

Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). 

I use ESET Inspect 1.11.

I also dont see a Debug message in the EI Logfile on the client.

 

 

Thanks and kind regards!

[Update ESET Inspect Server]

ok,

but is there now update procedure?

do i need to reinstall it?
I have already updated eset protect

 

[Update ESET Inspect Server]

Hello together

Is there somewhere a tutorial how to update an existing eset inspect server?

Or how can we update eset inspect server?

 

Thanks for the help.

[Update ESET Protect // JDK11 to JDK17]

Yes, this helped (specially the last part ->"Migrate your existing ESMC/ESET PROTECT Web Console to use JDK"

I needed to change the Java Virtual Machine Path

Thanks!

[Update ESET Protect // JDK11 to JDK17]

Hello together
I need to update Java from JDK-11 to JDK-17 on my ESET Protect Server.
Now I have installed JDK-17 and also set the variables (JAVA home/path).
But when I go to the webconsole, I still get the message that Java 11 needs to be updated.
Where did I forget a setting?
I have restarted

 

Thanks for help!

[Exclusions logged]

Hello

I have a question about exclusions.

If I make an exclusion for a rule, do I still see those messages somewhere in the logs?

Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). 

 

Thanks and kind regards!