Jump to content

Cousin Vinny

Members
  • Content Count

    41
  • Joined

  • Last visited

  • Days Won

    1

Cousin Vinny last won the day on August 29

Cousin Vinny had the most liked content!

Profile Information

  • Gender
    Male
  • Location
    USA

Recent Profile Visitors

617 profile views
  1. Cousin Vinny

    ESMC claims all PCs are running outdated software?

    Is ESMC reporting that these outdated machines have the 6.5 Agent still installed? If that's the case, there are just two registry keys that need to be deleted that the v7 agent installation fails to remove. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"
  2. There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711 You will have to know the AES Key in order to use this tool to decrypt your files. The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
  3. I assume you're running Office 365 Outlook with the email service (Exchange Online) that is included with your E3 subscription and not a local Exchange server while the "malware, connection and spam filtering" you mentioned is EOP. I have not had to deal with this issue myself but it is something that MS has had trouble with for years. In the past, some people (not specifically ESET users) have commented that by deleting and recreating your email account on the problem computer solves this issue. This is a common solution to many of Outlook's weird behaviors and you might want to give this a shot.
  4. Cousin Vinny

    Hardware report for RAM incorrect

    Try running the "Computers with their RAM details" report instead of the "Count of computers grouped by total RAM capacity" report. It's in the same section.
  5. Cousin Vinny

    Hardware report for RAM incorrect

    Yeah I don't necessarily see this as something wrong, it's just displaying exactly what each machine reports. The OP probably wants to run the "Computers with their RAM details" report instead if he just wants a raw count of hosts with total ram installed.
  6. Cousin Vinny

    Hardware report for RAM incorrect

    I just ran the same report myself and can see what's going on here. Machines with less than 8192MB RAM will report each DIMM as an individual computer if they are from mixed manufacturers. Machines with greater than 8192MB will report each DIMM as it's own machine. E.g., my workstation with 8x4GB matched sticks appears in the report 8 times, each one having 4096MB RAM.
  7. I use PDQ Inventory running on my local workstation and after upgrading to v7 it has begun blocking loopback connections to the local admin share. I added an IDS exception to the assigned policy and verified that it did apply: It does not appear to be working however, PDQ is unable to connect to the admin share and I am still receiving alerts in ESMC about the blocked threat: This might be related to another issue I have yet to uncover, but just wanted to check if there is something in my ESET config that I am missing here? Not sure why it's even showing an ipv6 loopback address since that's disabled on this machine's network adapter but I added it to the IDS exceptions anyway.
  8. Confirming that this is the same issue and solution affecting my agent upgrades; the two reg keys just need to be deleted. edit: Just deployed agent update to 9 machines using PDQ Deploy rather than a Run Program task in ESET or a manual install and none exhibited this behavior. I am going to continue deployments using this method.
  9. Speaking as someone who is hands-on IT management rather than a reseller or MSP: That is how I would expect it to behave and should. My endpoints are configured for strict cleaning so I have not dealt with this issue, however if end users were greeted with option dialogs during an av scan without any way for the admin to suppress I would be quite aggravated with the product.
×