Jump to content


  • Content Count

  • Joined

  • Last visited


  1. Upvote
    santoso gave kudos to offbyone in Disable EPNS   
    There is a permanent connection held open to a host outside the corporate network from every client for triggering actions on that client. This is something not being tolerated and I really can understand that point of view. This is even more senseless if your clients are on the same network segment as ESMC server. This should be configurable similar to cloud based feature. It seems that customer will choose a different product for this reason.
  2. Upvote
    santoso gave kudos to Embercide in Why does Management Center still show the wrong IP after all these years?   
    When is it going to start showing the correct primary IP address???
    I'm finding topics of this back in 2018 (eg here).
    ESET Security Management Center (Server), Version 7.1 (7.1.717.0)
    ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)

  3. Upvote
    santoso gave kudos to MartinK in Installing Third Party App via Console   
    There are technically two possible ways:
    Using "Software installation task" which can install arbitrary MSI installer files. IT has to be available locally on target system or via HTTP, which will be entered into task configuration. In case of network share, permissions has to be set in a way that local service can access shared installer (this causes most common issues). Using "Run command task". In this case it might be more complicated, as whole installation logic, including package download and execution has to be written as command. But If I recall correctly there are few powerhshell snippets to be found on the forum that might help.
  4. Upvote
    santoso gave kudos to Aryeh Goretsky in Are Old Version of Orbit Downloader Free from DDoS Weapon ?   

    I am the author of the Orbital Decay: the dark side of a popular file downloading tool article on ESET's WeLiveSecurity blog.

    Given the nature of the what was reported, I would caution against using any version of the software.


    Aryeh Goretsky
  5. Upvote
    santoso gave kudos to Marcos in How To Know Infected PC   
    You can use nmap, see https://nmap.org/nsedoc/scripts/smb-vuln-ms17-010.html
  6. Upvote
    santoso gave kudos to itman in How To Know Infected PC   
    I would be careful using this tool. Appears results are a bit ambiguous and can be misinterpreted:
    For example:
    Developer's response:
  7. Upvote
    santoso received kudos from arusconi in ESET Security Management Center 7 deployment in Proxmox VE   
  8. Upvote
    santoso gave kudos to Nightowl in How To Know Infected PC   
    The worm is replicating itself from one of the computers or shares in the Network , ESET won't be able to remove it from the remote location , it will only be able to protect the computer that it's installed on
    You need to clean the worm from the infected PC/share , first of all you should disconnect it from the network to prevent it from keep trying replicate itself to others, then you try to clean it off and make sure the machine is fine and then you put it back to the network.
  9. Upvote
    santoso gave kudos to itman in How To Know Infected PC   
    A very useful tool in diagnosing suspect auto run entries on a device is SysInternal's Autoruns utility which can be downloaded from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . It has a number of optional settings including having all entries scanned at Virus Total.
    Note that there are a few FPs in this utility when run on Win 10; namely flagging non-existent Win system processes for which registry entries exist.
  • Create New...