Jump to content

Cousin Vinny

Members
  • Content Count

    45
  • Joined

  • Last visited

  • Days Won

    1

Cousin Vinny last won the day on August 29 2018

Cousin Vinny had the most liked content!

Profile Information

  • Gender
    Male
  • Location
    USA

Recent Profile Visitors

1,395 profile views
  1. I suspect the site works fine from a private browser on the problem machine if it is working fine on every other machine. You probably just have to clear the browsers' cache on the admin laptop.
  2. The issue is the Detections column in the Computers section reporting on blocked websites which began after the most recent upgrade. Not the Detections section as indicated in your original reply to me. The change caught me off guard because when I was interviewed, a portion had to do with what screen do administrators have open most often. For me, it's the Computers section which now constantly looks like an outbreak since there is no way to filter by detection category.
  3. Now that it's been a few days I just wanted to reiterate - this is a major oversight and I do not like how i've lost such a great deal of insight into my network due to the constant reporting of blocked websites. This feels like i've essentially lost one of the tools I use to monitor for infections and outbreaks since it's constantly accumulating web blocker detection that are completely useless to me are reported at the same level as an actual detection that I would care about. This really sucks and I was one of the people that was interviewed by ESET last year.
  4. How do I stop web protection from generating detections in ESMC? Every URL that gets blocked is now adding to the detections number and it's like the boy who cried wolf. Super annoying.
  5. Is ESMC reporting that these outdated machines have the 6.5 Agent still installed? If that's the case, there are just two registry keys that need to be deleted that the v7 agent installation fails to remove. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"
  6. There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711 You will have to know the AES Key in order to use this tool to decrypt your files. The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
  7. I assume you're running Office 365 Outlook with the email service (Exchange Online) that is included with your E3 subscription and not a local Exchange server while the "malware, connection and spam filtering" you mentioned is EOP. I have not had to deal with this issue myself but it is something that MS has had trouble with for years. In the past, some people (not specifically ESET users) have commented that by deleting and recreating your email account on the problem computer solves this issue. This is a common solution to many of Outlook's weird behaviors and you might want to
  8. Try running the "Computers with their RAM details" report instead of the "Count of computers grouped by total RAM capacity" report. It's in the same section.
  9. Yeah I don't necessarily see this as something wrong, it's just displaying exactly what each machine reports. The OP probably wants to run the "Computers with their RAM details" report instead if he just wants a raw count of hosts with total ram installed.
  10. I just ran the same report myself and can see what's going on here. Machines with less than 8192MB RAM will report each DIMM as an individual computer if they are from mixed manufacturers. Machines with greater than 8192MB will report each DIMM as it's own machine. E.g., my workstation with 8x4GB matched sticks appears in the report 8 times, each one having 4096MB RAM.
  11. I use PDQ Inventory running on my local workstation and after upgrading to v7 it has begun blocking loopback connections to the local admin share. I added an IDS exception to the assigned policy and verified that it did apply: It does not appear to be working however, PDQ is unable to connect to the admin share and I am still receiving alerts in ESMC about the blocked threat: This might be related to another issue I have yet to uncover, but just wanted to check if there is something in my ESET config that I am missing here? Not sure why it's even showing an ipv6 loopbac
  12. Confirming that this is the same issue and solution affecting my agent upgrades; the two reg keys just need to be deleted. edit: Just deployed agent update to 9 machines using PDQ Deploy rather than a Run Program task in ESET or a manual install and none exhibited this behavior. I am going to continue deployments using this method.
  13. Checking firewall logs, I do not see any connections to epns.eset.com or anything over port 8883. I do see the ESMC server sending a broadcast packet to udp/9 255.255.255.255. Regarding the issue with policies not displaying correct status - they actually were. I just noticed that somehow I managed to knock almost every machine out of their group. Adding machines back to the respective groups, the applied policies (by group) are now indicating the correct status. So the one remaining issue is the wake-up call thing.
  14. Performed the ESMC upgrade yesterday and ran into a few growing pains. Please advise if there are known solutions. Upgrade as per the KB went without any major issues. Restoring the keystore and server.xml files was preventing me from accessing the console. Omitting this step and everything appeared to be working fine. Contacted ESET and spoke with support - it was determined that this step is not necessary for my deployment. So far so good. Having a little trouble updating the agents from 6.5 to 7 (it's leaving both versions and the 'stop managing' task breaks everything) but
×
×
  • Create New...