Jump to content

MHRSFI

Members
  • Posts

    29
  • Joined

  • Last visited

About MHRSFI

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. How does the vulnerability and patch management module work in an offline environment? Does ESET download updates to its server and then push them to client, or do the clients need to download updates from the internet through a proxy?
  2. How can I prevent a Linux user in the sudoers group from uninstalling ESET?
  3. We are considering purchasing an EDR but we currently do not have a dedicated security team I'm uncertain if this purchase would improve our security I would appreciate any thoughts or advice
  4. Is there a way to stop ESET LiveGuard from uploading some of my files to the cloud?
  5. I don't see anything wrong with the log in your picture. Could you try adding another rule similar to the previous one? For step 5, instead of adding cmd.exe, select All applications. On the next page, enable All application operations. Then, click Add and enter C:\Windows\System32\cmd.exe If you find these rules unhelpful, you should remove them.
  6. I believe we can use HIPS rules to identify which file is executing the command to connect to pastebin.com Here's how you can do it: 1. Navigate to Settings > HIPS > Rules 2. Click Add 3. Enter a name for the rule 4. For the action, select Block 5. Enable the Application toggle, the Enable toggle, and the Notify user toggle 6. Set the logging severity to Warning 7. In the Source applications window, click Add and enter C:\Windows\System32\cmd.exe 8. On the next page, enable the Start new application toggle 9. Select All applications from the drop-down menu and click Finish After this, you will be able to see in the HIPS logs which application is executing cmd.exe
  7. For inbound connections, specifying source IPs can significantly reduce the attack surface without the same performance concerns. For example, if only one IP address needs to connect to RDP on a server, the firewall should ideally restrict the rule to only allow that IP. This practice enhances security by ensuring only authorized sources can initiate connections to critical services.
  8. When I enable learning mode in the firewall, it primarily adds a rule with the application selected and often sets other parameters to "any". Occasionally, it will select a specific destination port if it's a single port rather than multiple ports. This raises the question: why doesn't the firewall also select the source IP to minimize the attack surface? For instance, if only one IP address is meant to connect to RDP on a server, why doesn't the firewall restrict the rule to only allow that specific IP? This approach would significantly enhance security by limiting access to only known and trusted IP addresses.
  9. I am experiencing a problem with the learning mode on my firewall. I have the latest version of Server Security (11.0.12012.0) installed, and the policy for firewall learning mode is set to force. When it tries to create firewall rules, it fails and gives an error.
  10. Is it possible to support other mail servers such as MDaemon, SmarterMail, and KerioConnect?
  11. It is worth pointing out that I just enabled the use of a proxy server on the client policy and enabled the proxy on the server (Rocky appliance) without installing a bridge application or configuring a bridge policy. Is this correct?
  12. I don't disagree with you about how bad Psiphon is as a product. However, all I'm saying is that Psiphon does what it claims to do. Similarly, Internet Explorer has numerous problems such as performance issues, security vulnerabilities, infrequent updates, and more. While these issues are significant, they aren't enough to classify IE as a PUA, they are simply reasons why no one should use it.
  13. I've enabled "Use proxy server" in the policy for the clients and entered the server address, but it didn't work. Did I miss something?
  14. I don't have internet on some of my workstations. How can I activate ESET? The console has internet; can I use a proxy?
  15. I don't want to defend Psiphon, but I don't think bad performance alone makes it a PUA. If the application does what it claims, it shouldn't be labeled as such. It's like listing all the cons of Internet Explorer and flagging it as a PUA because of that.
×
×
  • Create New...