Jump to content

Miami

Members
  • Posts

    43
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Miami

  1. There is an article about new ransomware "Karmen" on the BleepingComputer . According to Karmen author, it's undetectable by most of AV software, except Eset :). But looking close to VirusTotal ... there are more of them. Still good work guys.
  2. In your case it should be 10.100.8.65 (ERA Server), like you wrote in on of your previous comments. Anyway, check if your "ERA Proxy" policy is correctly deployed to ERA PROXY (10.100.8.67).
  3. I would just add that it's good to create a separate static group just for testing purposes (with attached FW - learning mode policy). For testing/learning purposes, you would move a computer into this group, check learned rules and when everything is fine, just change the main (default) FW policy and move that computer back to it's default group.
  4. Check Agent configuration of that ERA Proxy. Maybe it's not correctly assigned.
  5. I have used MDM cert. from ERA "Peer certificates". EDIT: Problem is probably with the cert. itself. I have used the one created for MDM server, which is wrong.
  6. Is it working for you now? I have same problem and HTTPS cert. import wasn't helpful for me.
  7. For us its working with this configuration: Task type: static group synchronization Settings: Objects to synchronize: Computers and Groups Computer creation collision handling: MOVE Computer extinction handling: SKIP Group extinction handling: SKIP Ignore disabled computers (only in AD): NO
  8. OK. I just wanted to point out that there is difference between 6.4 and 6.5.
  9. Yes, I got same error message on upgrade. For me it took 10-15 minutes and I was able to log-in back again.
  10. In ERA V6.4 I was able to create one "genereal" report with Access Group "All". Users with restricted access to subgroups below "All" could use this report. When using this report, only data relevant to current user were visible. For example only computers from a subgroup where user had access. With ERA V6.5 if I need set access to different groups for different users I have to create a separate report for each of all these groups? This looks like step back from ver. 6.4. Update: I have done following test 1, Created report group: All\Reports , without any computers inside it. 2, Moved report to Access group: All\Reports 3, Added access rights for user to group All\Reports . User additionaly had access to his group All\Domain\Location_1 User was able to display this report with data only from Location_1 group. This way its working, but I am wondering what is the reason for this "functionality".
  11. Upgrade is still running in the background, please check following link ... Upgrade to ERA 6.5 may take some time to complete
  12. It looks like it could have something to do with enabled logging for available HIPS rules. What we have tried was dissabling logging on custom HIPS rules => it wasn't very helpfull. Then we changed minimum logging verbosity for all logs from Informative to warning and still nothing. After these chages we tried restart (disable/enable) HIPS and problem was gone. So right now, I'm not sure which from described was helpfull. We will try to do some more testing on problematic clients.
  13. I will just add that override mode can be activated from client side through "Advanced setup". There is a "Override policy" button down on the left side.
  14. Is there any possibility to move such non domain computers to domain structure (static group) automatically? Currently we move computers manually.
  15. Similar problems here. HIPS causing around 25% CPU load. On some computers is this just temporary on some almost all the time.
  16. Wouldn't be easier to do advised solution with static/dynamic group? You set it just once and don't need to think about. On the other side ... in more structured environments and the fact that computer can belong only to one static group, this could get more complex.
  17. There is import (XML) option for static group in ERA V5. Import group with computers. Here is example: <?xml version="1.0" encoding="utf-8"?> <ESET> <RA> <EXPORT SERVERVERSION="5000002"> <STATICGROUPS> <GROUP NAME="StaticGroupName/" DESCRIPTION=""> <CLIENT PRIMARYSERVER="Servername01" COMPUTERNAME="Computername01" MACADDRESS="000000111111" /> <CLIENT PRIMARYSERVER="Servername01" COMPUTERNAME="Computername02" MACADDRESS="aaaaaa222222" /> </GROUP> </STATICGROUPS> </EXPORT> </RA> </ESET>
×
×
  • Create New...