MHRSFI
-
Posts
30 -
Joined
-
Last visited
Kudos
-
MHRSFI gave kudos to thae in ESET Protect migration from 11.0 to 11.1+ ( CentOS -> Rocky) failed
As I remember it's not possible to upgrade from CentOS to Rocky on the same system. You'd have to create a new VM and migrate. It was an easy task though.
https://help.eset.com/protect_deploy_va/11.1/en-US/va_upgrade_migrate.html
-
MHRSFI gave kudos to thae in EDR Purchase Without Security Team
I'm a solo security person. I've gotten a better look into what's happening on the end devices. You can define which events you want to see. For example only the most critical, warning or informational events. It's obviously a learning curve but it's worth it in my opinion.
You could also think about MDR.
-
MHRSFI gave kudos to AZ Tech in ESET Home fails ransomware test
Based on my previous experience and tests I conducted myself, I have found that ESET excels in signature detection and web protection.
However, in the area of behavior-based detection, it seems to lag behind other solutions, which is concerning.
I understand that the representatives in this forum, including ESET employees, may be limited in what they can acknowledge due to company policy.
Nevertheless, as a paying customer, it can be frustrating when the responses seem to sidestep valid concerns rather than address them directly.
I believe that if ESET were to focus on improving its behavior-based detection capabilities, rather than defending shortcomings, it would not only enhance the product but also strengthen trust with its customer base.
This shift in focus would benefit both the company and its users.
-
MHRSFI gave kudos to itman in URL/Urlik.AAR Object - pastebin - virus?
Change the rule to the following;
1 . In the Source applications window, delete C:\Windows\System32\cmd.exe. In the top window, select "All applications."
2. In the Applications section, in the top window select "Specific applications." Then add C:\Windows\System32\cmd.exe and C:\Windows\SysWOW64\cmd.exe.
This will show what is running cmd.exe. I suspect it will show svchost.exe which really tell us nothing since we need to know what service is being used.
Post a screen shot of the Eset alert. I believe that might show the service being used.
-
MHRSFI received kudos from MarcFL in PC Security Channel claims Ransomware Shield Doesn't work - Asks for Eset Comment
In my experience with multiple commercial products, I find ESET one of the most reliable and easy to use product (I don't mean its prefect at all) but I do think HIPS setting of the product it's a little bit confusing! For example, it's not clear what Smart/Auto filtering modes do differently!
Or having a webpage for some manual rule to protect against ransomware! Shouldn't this be part of the options in product?
https://support.eset.com/en/kb6119-configure-hips-rules-for-eset-business-products-to-protect-against-ransomware
https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware
Even in these 2 webpages, there isn't a lot of explanation why you should set these rules.
-
MHRSFI gave kudos to itman in Firewall isn't available in Server Security
My guess is something is screwed up with the installer's validation of Eset Protect existence;
https://help.eset.com/efsw/11.0/en-US/idh_config_epfw_basic_group.html