Jump to content

Cousin Vinny

Members
  • Posts

    52
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Cousin Vinny

  1. This is the hardware environment of the machine I was having trouble with (no USB 3.x devices):

    Audio inputs and outputs    Remote Audio    Microsoft    10.0.19041.1    12/6/2019
    Audio inputs and outputs    Speakers/Headphones (Realtek Audio)    Microsoft    10.0.19041.1    12/6/2019
    Batteries    HID UPS Battery    Microsoft    10.0.19041.1    6/21/2006
    Computer    ACPI x64-based PC    (Standard computers)    10.0.19041.1    6/21/2006
    Disk drives    KXG60ZNV256G NVMe TOSHIBA 256GB    (Standard disk drives)    10.0.19041.789    6/21/2006
    Display adapters    Intel UHD Graphics 630    Intel Corporation    27.20.100.8935    10/28/2020
    DVD/CD-ROM drives    HL-DT-ST DVD+-RW GU90N    (Standard CD-ROM drives)    10.0.19041.1023    6/21/2006
    Firmware    System Firmware    Microsoft    10.0.19041.1    6/21/2006
    Human Interface Devices    American Power Conversion USB UPS    American Power Conversion    10.0.19041.868    6/21/2006
    Human Interface Devices    HID-compliant consumer control device    Microsoft    10.0.19041.1    6/21/2006
    Human Interface Devices    HID-compliant system controller    (Standard system devices)    10.0.19041.868    6/21/2006
    Human Interface Devices    USB Input Device    (Standard system devices)    10.0.19041.868    6/21/2006
    Human Interface Devices    USB Input Device    (Standard system devices)    10.0.19041.868    6/21/2006
    Human Interface Devices    USB Input Device    (Standard system devices)    10.0.19041.868    6/21/2006
    Imaging devices    Brother DCP-7065DN    Brother    1.1.19.19    4/4/2013
    Imaging devices    ScanSnap S1300i    FUJITSU    2.0.3.1    1/31/2014
    Keyboards    HID Keyboard Device    (Standard keyboards)    10.0.19041.1    6/21/2006
    Mice and other pointing devices    HID-compliant mouse    Microsoft    10.0.19041.1    6/21/2006
    Monitors    Generic PnP Monitor    (Standard monitor types)    10.0.19041.488    6/21/2006
    Monitors    Generic PnP Monitor    (Standard monitor types)    10.0.19041.488    6/21/2006
    Network adapters    Intel Ethernet Connection (7) I219-LM    Intel    12.18.8.9    1/24/2019
    Network adapters    WAN Miniport (IKEv2)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (IP)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (IPv6)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (L2TP)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (Network Monitor)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (PPPOE)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (PPTP)    Microsoft    10.0.19041.1    6/21/2006
    Network adapters    WAN Miniport (SSTP)    Microsoft    10.0.19041.1    6/21/2006
    Ports (COM & LPT)    Communications Port (COM1)    (Standard port types)    10.0.19041.1    6/21/2006
    Ports (COM & LPT)    Intel Active Management Technology - SOL (COM3)    Intel    2042.0.13.0    10/14/2020
    Print queues    ABS PDF Driver v400    AMYUNI Technologies    10.0.19041.1    6/21/2006
    Print queues    Adobe PDF    Adobe    10.0.19041.1    6/21/2006
    Print queues    Brother DCP-7065DN Printer    Brother    10.0.19041.1    6/21/2006
    Print queues    Fax    Microsoft    10.0.19041.1    6/21/2006
    Print queues    Microsoft Print to PDF    Microsoft    10.0.19041.1    6/21/2006
    Print queues    Microsoft XPS Document Writer    Microsoft    10.0.19041.1    6/21/2006
    Print queues    OneNote    Microsoft    10.0.19041.1    6/21/2006
    Print queues    OneNote    Microsoft    10.0.19041.1    6/21/2006
    Print queues    Root Print Queue    Microsoft    10.0.19041.1    6/21/2006
    Print queues    Send To OneNote 2016    Microsoft    10.0.19041.1    6/21/2006
    Printers    Brother DCP-7065DN Printer    Brother    1.10.0.0    4/5/2013
    Processors    Intel Core i5-8600 CPU @ 3.10GHz            
    Processors    Intel Core i5-8600 CPU @ 3.10GHz            
    Processors    Intel Core i5-8600 CPU @ 3.10GHz            
    Processors    Intel Core i5-8600 CPU @ 3.10GHz            
    Processors    Intel Core i5-8600 CPU @ 3.10GHz            
    Processors    Intel Core i5-8600 CPU @ 3.10GHz            
    Security devices    Trusted Platform Module 2.0    (Standard)    10.0.19041.746    6/21/2006
    Software components    Intel Graphics Command Center    Intel Corporation    27.20.100.8935    10/28/2020
    Software components    Intel Graphics Control Panel    Intel Corporation    27.20.100.8935    10/28/2020
    Software components    Intel Optane Memory and Storage Management Component    Intel Corporation    18.0.0.1    3/2/2020
    Software components    Intel Optane Pinning Shell Extensions    Intel Corporation    18.0.1.1138    8/3/2020
    Software components    Intel Optane Pinning Shell Extensions    Intel Corporation    18.0.1.1138    8/3/2020
    Software components    Realtek Asio Component    Realtek    1.0.0.4    6/19/2017
    Software components    Realtek Audio Effects Component    Realtek    11.0.6000.686    5/21/2019
    Software components    Realtek Audio Universal Service    Realtek    1.0.0.172    5/20/2019
    Software components    Waves Audio Effects Component    Waves    3.2.0.81    11/29/2018
    Software devices    Microsoft Device Association Root Enumerator    Microsoft    10.0.19041.1    6/21/2006
    Software devices    Microsoft GS Wavetable Synth    Microsoft    10.0.19041.1    6/21/2006
    Software devices    Microsoft RRAS Root Enumerator    Microsoft    10.0.19041.1    6/21/2006
    Sound, video and game controllers    Intel Display Audio    Intel Corporation    10.27.0.9    2/25/2020
    Sound, video and game controllers    Realtek Audio    Microsoft    6.0.8710.1    5/22/2019
    Storage controllers    Intel Chipset SATA/PCIe RST Premium Controller    Intel Corporation    18.30.1.1138    8/3/2020
    Storage controllers    Microsoft Storage Spaces Controller    Microsoft    10.0.19041.1081    6/21/2006
    System devices    ACPI Fan    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Fan    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Fan    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Fan    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Fan    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Fixed Feature Button    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Power Button    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    ACPI Processor Aggregator    (Standard system devices)    10.0.19041.1    6/21/2006
    System devices    ACPI Thermal Zone    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    Charge Arbitration Driver    (Standard system devices)    10.0.19041.1    6/21/2006
    System devices    Composite Bus Enumerator    Microsoft    10.0.19041.1    6/21/2006
    System devices    High Definition Audio Controller    Microsoft    10.0.19041.1081    6/8/2021
    System devices    High precision event timer    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    Intel 300 Series Chipset Family LPC Controller (Q370) - A306    INTEL    10.1.16.3    7/18/1968
    System devices    Intel Gaussian Mixture Model - 1911    INTEL    10.1.7.2    7/18/1968
    System devices    Intel Host Bridge/DRAM Registers - 3EC2    INTEL    10.1.14.3    7/18/1968
    System devices    Intel Management Engine Interface    Intel    2102.100.0.1044    1/3/2021
    System devices    Intel PCI Express Root Port #4 - A33B    INTEL    10.1.16.3    7/18/1968
    System devices    Intel PCI Express Root Port #9 - A330    INTEL    10.1.16.3    7/18/1968
    System devices    Intel Power Engine Plug-in    Intel Corporation    10.0.19041.662    6/21/2006
    System devices    Intel Serial IO GPIO Host Controller - INT3450    Intel Corporation    30.100.1816.3    4/17/2018
    System devices    Intel Serial IO I2C Host Controller - A368    Intel Corporation    30.100.1929.1    7/15/2019
    System devices    Intel SMBus - A323    INTEL    10.1.16.3    7/18/1968
    System devices    Intel SPI (flash) Controller - A324    INTEL    10.1.16.3    7/18/1968
    System devices    Intel Thermal Subsystem - A379    INTEL    10.1.16.3    7/18/1968
    System devices    Microsoft ACPI-Compliant System    Microsoft    10.0.19041.964    6/21/2006
    System devices    Microsoft Hyper-V Virtualization Infrastructure Driver    Microsoft    10.0.19041.1052    6/21/2006
    System devices    Microsoft System Management BIOS Driver    (Standard system devices)    10.0.19041.1    6/21/2006
    System devices    Microsoft UEFI-Compliant System    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Virtual Drive Enumerator    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    Microsoft Windows Management Interface for ACPI    Microsoft    10.0.19041.1    6/21/2006
    System devices    NDIS Virtual Network Adapter Enumerator    Microsoft    10.0.19041.1    6/21/2006
    System devices    Numeric data processor    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    PCI Express Root Complex    (Standard system devices)    10.0.19041.964    6/21/2006
    System devices    PCI standard RAM Controller    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    PCI-to-PCI Bridge    (Standard system devices)    10.0.19041.964    6/21/2006
    System devices    Plug and Play Software Device Enumerator    (Standard system devices)    10.0.19041.1    12/6/2019
    System devices    Programmable interrupt controller    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    Remote Desktop Camera Bus    Microsoft    10.0.19041.1    6/21/2006
    System devices    Remote Desktop Device Redirector Bus    Microsoft    10.0.19041.1    6/21/2006
    System devices    Remote Desktop USB Hub    (Standard system devices)    10.0.19041.1023    6/21/2006
    System devices    System CMOS/real time clock    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    System timer    (Standard system devices)    10.0.19041.1081    6/21/2006
    System devices    UMBus Enumerator    Microsoft    10.0.19041.1    6/21/2006
    System devices    UMBus Enumerator    Microsoft    10.0.19041.1    6/21/2006
    System devices    UMBus Enumerator    Microsoft    10.0.19041.1    6/21/2006
    System devices    UMBus Root Bus Enumerator    Microsoft    10.0.19041.1    6/21/2006
    UCMCLIENT    Cypress UCM Client Peripheral Driver    Cypress Semiconductor Corporation    1.2.1.20    11/28/2017
    Universal Serial Bus controllers    Intel USB 3.1 eXtensible Host Controller - 1.10 (Microsoft)    Generic USB xHCI Host Controller    10.0.19041.1081    6/7/2021
    Universal Serial Bus controllers    USB Composite Device    (Standard USB Host Controller)    10.0.19041.488    6/21/2006
    Universal Serial Bus controllers    USB Composite Device    (Standard USB Host Controller)    10.0.19041.488    6/21/2006
    Universal Serial Bus controllers    USB Printing Support    Microsoft    10.0.19041.1081    6/21/2006
    Universal Serial Bus controllers    USB Root Hub (USB 3.0)    (Standard USB HUBs)    10.0.19041.964    4/22/2021

  2. I've been experiencing this issue as well and am about to rebuild the affected PC.

    Sorry Marcos but I don't have the time to get you guys any crash dumps, I have limited time to get this machine back up and running.

    BSOD in eamon.sys, seems to happen on file access.  It persistently worsened throughout the day yesterday to the point that the machine was unuseable for the most part.

    This is a Win10 box on 20H2, 9th gen i7, 8gb RAM, nvme ssd, domain enviro running the most current version of Endpoint Security.

    It seems to have been caused by the emergency patch for the print spooler vulnerability.  Any time I tried uninstalling the update it would result in a BSOD.  Attempting to uninstall from ESMC/ERA/Protect/whatever its called today was resulting in a BSOD as well.  I was able to manually uninstall ESET locally on the box; it reported back correctly and then I ran an install task.  Everything completed without issue and I made it through the initial scan.  Handed the machine back over to the user and blammo - BSOD.

    I did also before reinstalling ESET manage to get the update removed then reapplied through WSUS with all active components of ESET temporarily disabled and this did not remedy the problem either.

    I'm going to go reimage that box now, i'm out of solutions for the limited time I have to deal with this.

  3. The issue is the Detections column in the Computers section reporting on blocked websites which began after the most recent upgrade.  Not the Detections section as indicated in your original reply to me.  The change caught me off guard because when I was interviewed, a portion had to do with what screen do administrators have open most often.  For me, it's the Computers section which now constantly looks like an outbreak since there is no way to filter by detection category.

  4. Now that it's been a few days I just wanted to reiterate - this is a major oversight and I do not like how i've lost such a great deal of insight into my network due to the constant reporting of blocked websites.

    This feels like i've essentially lost one of the tools I use to monitor for infections and outbreaks since it's constantly accumulating web blocker detection that are completely useless to me are reported at the same level as an actual detection that I would care about.

    This really sucks and I was one of the people that was interviewed by ESET last year.

  5. Is ESMC reporting that these outdated machines have the 6.5 Agent still installed?

    If that's the case, there are just two registry keys that need to be deleted that the v7 agent installation fails to remove.

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}"

  6. 11 hours ago, Alex TSK said:

    I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty.

    There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711

    You will have to know the AES Key in order to use this tool to decrypt your files.

    The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/

  7. I assume you're running Office 365 Outlook with the email service (Exchange Online) that is included with your E3 subscription and not a local Exchange server while the "malware, connection and spam filtering" you mentioned is EOP.

    I have not had to deal with this issue myself but it is something that MS has had trouble with for years.  

    In the past, some people (not specifically ESET users) have commented that by deleting and recreating your email account on the problem computer solves this issue.  This is a common solution to many of Outlook's weird behaviors and you might want to give this a shot.

  8. 6 minutes ago, Justin said:

    Hi,

    16gb is correctly shown i i click on user details.Only while generating reports it gets split for each DIMM which is not helpful.

    Try running the "Computers with their RAM details" report instead of the "Count of computers grouped by total RAM capacity" report.  It's in the same section.

  9. I just ran the same report myself and can see what's going on here.

    Machines with less than 8192MB RAM will report each DIMM as an individual computer if they are from mixed manufacturers.

    Machines with greater than 8192MB will report each DIMM as it's own machine.  E.g., my workstation with 8x4GB matched sticks appears in the report 8 times, each one having 4096MB RAM.

  10. I use PDQ Inventory running on my local workstation and after upgrading to v7 it has begun blocking loopback connections to the local admin share.  I added an IDS exception to the assigned policy and verified that it did apply:

    image.thumb.png.ee2284e41c6d4655ac6e410796182898.png

    It does not appear to be working however, PDQ is unable to connect to the admin share and I am still receiving alerts in ESMC about the blocked threat:

    image.thumb.png.d5af196c37b3d0390899ab57fcdbd2d4.png

    This might be related to another issue I have yet to uncover, but just wanted to check if there is something in my ESET config that I am missing here?  Not sure why it's even showing an ipv6 loopback address since that's disabled on this machine's network adapter but I added it to the IDS exceptions anyway.

  11. Confirming that this is the same issue and solution affecting my agent upgrades; the two reg keys just need to be deleted.

     

    edit:  Just deployed agent update to 9 machines using PDQ Deploy rather than a Run Program task in ESET or a manual install and none exhibited this behavior.  I am going to continue deployments using this method.

  12. Checking firewall logs, I do not see any connections to epns.eset.com or anything over port 8883.  I do see the ESMC server sending a broadcast packet to udp/9 255.255.255.255.

    Regarding the issue with policies not displaying correct status - they actually were.  I just noticed that somehow I managed to knock almost every machine out of their group.  Adding machines back to the respective groups, the applied policies (by group) are now indicating the correct status.

    So the one remaining issue is the wake-up call thing.

  13. Performed the ESMC upgrade yesterday and ran into a few growing pains.  Please advise if there are known solutions.

    Upgrade as per the KB went without any major issues.  Restoring the keystore and server.xml files was preventing me from accessing the console.  Omitting this step and everything appeared to be working fine.   Contacted ESET and spoke with support - it was determined that this step is not necessary for my deployment.  So far so good.

    Having a little trouble updating the agents from 6.5 to 7 (it's leaving both versions and the 'stop managing' task breaks everything) but i've managed to get around that by manual uninstall and then reinstall from a new agent installer created in ESMC.

    Here is what I am currently troubleshooting:

    I can not send a wake-up call to any machine.  When I try to, I am greeted with this pop-up message:

    image.png.9b8f9934bb4f8354e1f7616286351b7b.png

    Also, in the Computers list, it is showing random machines as having a policy applied and others without any policy.  I did verify looking at the local config on a machine that does not show a policy applied that yet, it actually is, it just isn't reporting as such.  None of the machines that I have more than 1 policy applied to indicate as such.

    Anyone have any ideas about these two hiccups?

  14. I've caught this showing up on my ERA dashboard a couple times now.  It only lasts for maybe a minute or so but don't recall ever noticing it previously.

    Dashboard -> Computers -> Last Update

    "Future / Out of defined interval"

    I was going to attach a screenshot but like an idiot I copied the error text to paste here before I pasted the screenshot and now it's gone.

    What does this message indicate?

×
×
  • Create New...