BlueBear

Hi, We wanted to perform some checks for seat allocation, however, when running a report to export all devices and their last connected time, the report is missing 56 devices in comparison to our license consumption. This leads me to believe some devices have been removed from the Protect Console but not deactivated. Could you please provide guidance on how I can identify these missing seats to reclaim them? Thank you

I believe it is stating that 11.x is also impacted by this for the server products, but the CVE is also affecting the desktop Endpoint Protection and AV's. Indeed, I have seen this. I was hoping we could get some more information from the ESET team to confirm criticality so we can align resources for updating and testing etc..

Hi, Could you please provide the CVSS for these? Ideally we need to know if they're high/critical in the first instance to plan remediation. Are these fixed in module updates for Endpoint Protection versions nearing their end of life support? Thanks,

Hi, We just recently started the migration from 11.x.x.x to 12.0.2045.0 and achieved a certain percentage to see 12.0.2049.0 was released (this happened last time during our planned upgrade window and we had to start again 😔). Looking at the ESET changelog, I can see the changes are relatively minor and we are not sure whether to start again and redeploy this version. We seen that the version on devices was listed as 'servicing update' which I believe ESET recommends updating, especially if critical. Is this service updating important, and should we begin testing 12.0.2049.0 and start the upgrade process again? Thanks,

Hi, I noticed when backing up certificates to perform an upgrade that the action is not logged within the audit events. Although it is not necessary, it sure would make sense to log such an action. Are there any plans to add this? Thanks,

Sorry for the delay. There's no explicit open inbound ports to the devices but we do have some local trusted groups for local IP's of attached peripherals. All connections are outbound and allowed back in. The 'target port' of these scans varies, the IP's are just scanning every single TCP port (mainly common known, 80, 443, 445, 21, 22, 23, 3389 etc..). Thanks for the suggestion. Is it possible to block the attempts, log for 1 week, and export the alerts to a CSV or similar (using a scheduled report). Whilst I can do the scheduled export, I do not know how to maintain 1 week of particular firewall alerts, and delete older, is it possible at all? I do not want the noise in the console but also want to know what is happening, even if it's exported out the console. The era DB is growing quite quickly. Thanks

Hi, We have 5 devices that are sitting on a mobile network using an integrated SIM card. The APN these devices use is provided by the network provider, so is public. Ever since connecting these 5 devices to the internet, we are receiving A LOT of scanning attempts. Within the 7 days, there's been 17,801 ESET Firewall alerts for 'Security vulnerability exploitation attempt' and 'TCP Port Scanning attack'. ESET is blocking the 1,386 unique IP connections via the 'EsetIpBlacklist.A. Although ESET is doing it's job well and appears to be blocking all these attempts, I just wanted some guidance on the best way of managing this using ESET. At the moment all these alerts are being sent to the ESET Protect console, which of course, over a year will increase the ESET DB size more than we want. We have run a test on a different providers private APN and these bad IP's no longer scan the devices. I am waiting for a private APN to be provided by the current provider. Is it anything to be concerned about with all this traffic, will it have any negative impact on modules, reporting, or the console after a year or so? Thanks

Do you have any public documentation for upcoming releases? It would be great if we could have something for us to see what new or existing feature changes will bring to our protection. Is there anything you could share about v12? Thanks.

We are receiving the same notification for pmxdrv.sys (9E5FCAEA33C9A181C56F7D0E4D9C42F8EDEAD252). Does anyone know if there's been any newly released driver? There's hardly any other info online and Google primarily provides this thread as the most relevant.

commons-text-1.10 is deployed with ESET Protect Server 11.0.14.0. We had this detection because of a rogue backup file within the recycle bin! Thank you for the responses.

Hi, Our vulnerability management tool is detecting CVE-2022-42889 on our ESET Protect On-Prem server. We have tried to track this down and believe it is ESET using the affected version. I understand from this topic that it was to be resolved last year, however, we're still getting alerts with the below versions. Versions installed: ESET Protect Server 11.0.14.0 MySQL 8.1 Apache Tomcat 9.0.86 Amazon Corretto 21 MySQL ODBC Driver 8.1.0 MySQL Workbench 8.0.36 Could you please confirm how we can address this CVE? Thank you.

We are receiving the same alert for Win64/Intel.N potentially unsafe application - 9E5FCAEA33C9A181C56F7D0E4D9C42F8EDEAD252.

Hi, We are trying to create a scheduled report of 'Functionality/Protection problems . Problem', however, not all 'problems' are available within the dropdown list when we are choosing 'is not one of'. We have some legacy devices that we want to exclude within our automated problem report. We are specifically looking to exclude 'Missing support for Azure Code Signing'. Could you kindly confirm if this could be added? Thanks,

Thank you @kurco for your swift response and assistance. This has now been resolved. For those that have a similar issue, you can resolve it by following this article https://support.eset.com/en/kb8571-eset-service-fails-to-start-when-installing-eset-server-security-or-eset-endpoint-antivirus-for-linux-on-ubuntu-2204-or-mint-21?ref=esf.

I have sent the logs as requested via a PM. Thanks