santoso
-
Posts
130 -
Joined
-
Last visited
Posts posted by santoso
-
-
-
-
-
Thank you for help Marcos
We want to know what kind web that user access, after that we will block it and turn off allowed policy
Regards,
-
-
-
Hello,
Is there any setting in esmc so our esmc agent only report last connected and for apply policy
we won't agent send threat, firewall or any logs to esmcThank you,
-
-
Hello Peter,
I would like to test this linux beta version.
Thank you,
-
On 2/14/2020 at 2:26 PM, MichalJ said:
You have hidden the relevant information - your license ID, that would allow us to explore the problem further. Can you please send me a private message with your PLID, so we can take a look at the issue? How many devices in total have you connected / activated with the license?
Hi MichalJ,
I send you private message
Thank you for help,
Regards
-
On 2/12/2020 at 9:02 PM, itman said:
I would be careful using this tool. Appears results are a bit ambiguous and can be misinterpreted:
For example:
Developer's response:
Thank you itman for warning me. will be careful next time
Is there any tool or a way that we can scan our computer vulnerability in network without run one by one in each computer
-
-
15 hours ago, itman said:
Actually, Eset also has one which I would trust as more reliable: https://help.eset.com/eset_tools/ESETEternalBlueChecker.exe
Yes Eset have that, but it must run on client computer one by one
This one can check all vulnerable computer remotely
https://omerez.com/eternalblues/ -
12 hours ago, itman said:
Make that PC and anything else on your network has been patched against the SMBv1 protocol vulnerability: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
Ref.: https://blog.malwarebytes.com/101/2018/12/how-threat-actors-are-using-smb-vulnerabilities/
Thank you for remind me this vulnerability and yes when i scan our network with this tools there is some pc with vulnerability status YES
-
-
On 2/4/2020 at 5:50 PM, Rami said:
The worm is replicating itself from one of the computers or shares in the Network , ESET won't be able to remove it from the remote location , it will only be able to protect the computer that it's installed on
You need to clean the worm from the infected PC/share , first of all you should disconnect it from the network to prevent it from keep trying replicate itself to others, then you try to clean it off and make sure the machine is fine and then you put it back to the network.
On 2/5/2020 at 3:07 AM, itman said:A very useful tool in diagnosing suspect auto run entries on a device is SysInternal's Autoruns utility which can be downloaded from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . It has a number of optional settings including having all entries scanned at Virus Total.
Note that there are a few FPs in this utility when run on Win 10; namely flagging non-existent Win system processes for which registry entries exist.
Thank you guys fo response
I use wireshark, procmon, process explorer and still hard to know where is infected pc.😅So, i decide to create folder sharing with permission for everyone then watch Eset endpoint - tools - network connection. Finally found it when there is connection to this pc use 445 port. Find that infected pc then install Eset and now our network clean again.
Thanks,
-
Hello Marcos,
I send you private message fo log collector link
Thank you,
-
Hello,
We have Eset Endpoint Security installed in our network.
Since January 30 It detected Win32/AutoRun.Agent.UD worm from folder sharing in PC and our WD My Cloud EX2 Ultra
From dashboard - Firewall threat - Top sources of firewall detected events in last 7 days. only two IP appear, its our router and our WD My Cloud EX2 Ultra
Can anyone know how to solved it by know who's pc was infected and spead it to our folder share in network
Thank you,
-
We use this command to backup and restore database, no need to repair esmc
-
49 minutes ago, Marcos said:
We will try this. all i know, it will download the installer from Eset server
Installer will cache in http proxy? so other client will download installer from http proxy
Or all client need to connect to internet and download installer one by one -
Thanks Marcos,
For clarify, the error came when we try upgrade agent from 6.5 to 7.1
Endpoint upgrade run perfectly with run command task.
Thank you,
-
Try this one
Installed software . Application version = 6.0
-
Hello,
Yesterday we upgrade era to latest esmc, server upgrade run smoothly
Then we want to upgrade agent 6.x and andpoint to our 1000 and more clientsFirst, we try software install. It failed and say try manual instalation, we dont want manual installaiton.
Then we try Run Command task, the task is run but agent still not upgrade, try the task to other machine and get same result
We found out in event viewer that problem Error 1921 'Service ESET Remote Administrator Agent' (EraAgentSvc) could not stopped. Verify that you have sufficient priviledges to stop system services.Computer login with local administrator account, and era agent doesn't have password
How to fix this, please help
Thank you,
-
Hello,
I will check about "same hardware fingerprint"
All of them connecting with recent date
Thank You,
Eraserver not cannot running
in ESET PROTECT On-prem (Remote Management)
Posted
hello,
here the log
thank You,