Jump to content

MartinK

ESET Staff
  • Content Count

    2,141
  • Joined

  • Last visited

  • Days Won

    63

Kudos

  1. Upvote
    MartinK gave kudos to Mauricio Osorio in Database server connection is not working   
    Hello guys,
    I think I found the problem and it really is not technical, the problem is with the translation into Spanish from Latin America. Let me show you:
    In the latin american user guide, you can see this instructions:

    Highlighted in yellow you can see that it indicates that for Linux MySQL version 8, the parameter log_bin_trust_function_creators = 1 must be added or modified. But it is indicated only for Linux environments. In the English manual this option is not conditioned to Linux:

    As I was working in a Windows environment, I chose not to make this modification, because the manual indicated that it should only be done in a Linux environment. Just to discard I decided to make the change and everything works correctly.
    Thank you very much for your collaboration and if you can please change the manual (Latin America Spanish) in this section as it may cause confusion.
    Regards.
  2. Upvote
    MartinK received kudos from pedro617 in Deploy ECA Live Installer Remotely to Macs   
    Requirement to target silent/mass deployment to macOS devices should be targeted in next major release.
  3. Upvote
    MartinK gave kudos to Daniel26 in Installing MDM: "Failed to run custom action ConfigInsertPeerCertFile."   
    Ok, Solution found: LC_ALL was not set. "export LC_ALL=en_US.UTF-8" did the trick.
     
    Regards
     
    Daniel
     
  4. Upvote
    MartinK received kudos from Mike_Kintaru in ESMC Syslog   
    If I recall correctly, only login&logout audit messages are actually exported, i.e. there is probably no way how to export other audit messages.
    There has been issue in one of previous releases (probably 7.1) where wrong delimiter was used in LEEF format, which caused issues when parsing messages - this is probably why they were not visible in QRadar as they were supposed to be.
  5. Upvote
    MartinK received kudos from Mirek S. in connection between ERA server and agents fail   
    Changing certificate to original in ESMC' settings should be enough:

    When you click "Open certificate list", you should be able to select original certificate, the one as shown in your previous screenshots. Just be aware that change will require restart of ESMC service.
  6. Upvote
    MartinK received kudos from Peter Randziak in selected package is not in repository   
    Any chance changing "legacy" filter in packages table helps? Also I would recommend to check ESMC's trace.log for possible synchronization (network) or database related errors. It is possible that repository synchronization is failing and list is not updated correctly.
  7. Upvote
    MartinK received kudos from kapela86 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Thanks for letting us know. First part is considered as an issue and should be targeted. Second part will be discussed as an possible improvements, which seems to be legit.
  8. Upvote
    MartinK received kudos from karlisi in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Thanks for letting us know. First part is considered as an issue and should be targeted. Second part will be discussed as an possible improvements, which seems to be legit.
  9. Upvote
    MartinK received kudos from Peter Randziak in ESET Security Management Center version 7.2.11.1 hotfix won't install   
    TLS connection is actually initiated by ODBC driver installed in system, so it is not in ESMC control. Could you please check what ODBC driver is actually used by ESMC and possibly install latest version. My best guess is that older version is used, which has no support for TLS 1.2. Also it seems that SQL Server 2014 in latest version you are using is supposed to fully support TLS 1.2: just for information, with recent versions we are installing SQL Server 2019 + all-in-one installer do even support upgrade of database server is supported by operating system, but ODBC driver is not installed nor upgraded.
    In order to check or change ODBC driver used by ESMC, please check DB connection string file as described in documentation. In referenced article, relevant parameter is Driver=SQL Server, i.e. in example, very old ODBC driver is used. In case it is also in your case, I would recommend to upgrade to Microsoft ODBC Driver 17 for SQL Server. It will also require to modify ESMC DB connection string, probably to Driver=ODBC Driver 17 for SQL Server, where exact name can be verified in ODBC Data Source control panel:

  10. Upvote
    MartinK received kudos from offbyone in Management protocol + reverse proxy   
    As AGENT->ESMC protocol currently used gRPC on application layer (not guaranteed to the future), there are many small projects and proxies that can be used to routing, but in case of security, most reliable solution might be standard TLS termination and forwarding of requests on TCP layer, i.e. without interpreting data and requests itself. This is supported by most of the commonly used proxies ad mentioned previously. It would just require some basic "magic" with certificates. In this configuration, proxy should be just "repacking" TCP traffic from one TLS channel to another, instead of interpreting it + it is possible to configure proxies to be transparent for AGENTs. This kind of configuration is very often used for load balancing.
    Your case would be probably best matched by something like TLS pass-through with additional client certificate checks, but it is probably not supported by common proxies, I think it not possible to validate client certificate before connection to backend service (ESMC in this case) is opened, so it would somehow reduce security benefits.
  11. Upvote
    MartinK received kudos from offbyone in Management protocol + reverse proxy   
    ESMC Agent are using mutually authenticated TLS (both endpoints do have to present with it's certificate), which is protecting underlying HTTP2 requests, so technically it is HTTP2 over TLS.
  12. Upvote
    MartinK received kudos from Peter Randziak in Number of pending logs increased after ESMC upgrade to 7.2   
    Indeed ESMC 7.2 introduced mechanisms for throttling connections and received data -> its purpose is to limit load and prevent service exhaustion for temporary peaks, mostly detected during work time hours start. This change was definitely not supposed to increase number of pending logs, but during development, it was discovered that counters were previously not accurate, which might explain increase you are seeing.
    Regarding performance, most crucial is performance of database, which is connected to performance of underlying storage. I would recommend to check whether storage performance is not hitting its limits. In case of cloud, I would recommend to check IOPS limits on storage and database.
    Could you also provide number of managed / actively connected endpoints just for statistical purpose? We are interested in such numbers as it would enable us to adapt mentioned settings.
  13. Upvote
    MartinK received kudos from Peter Randziak in Mirror Tool Problem   
    There has been a few changes implemented in DNS servers that should possibly help with this case, as problematic data center should be used only as a fallback for connections from Germany.
  14. Upvote
    MartinK received kudos from Cameron in ESMC Server Migration and Licencing   
    Just be aware, that if testing instance will be created on top of your existing ESMC database (as described in migration scenario), your original and new ESMC instances will share synchronized licenses in a way that when you modify list of synchronized licenses in one instance, it will impact also original/production servers, so my recommendation is to deploy completely new testing ESMC instance, instead of re-using existing database.
  15. Upvote
    MartinK received kudos from Peter_J in Import has failed (certificate)   
    Indeed only DER format is supported for both import and export of CA certificates. We will have to check whether it is clearly communicated.
  16. Upvote
    MartinK received kudos from MichalJ in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  17. Upvote
    MartinK gave kudos to rpremuz in GUI language of ESET AV installed with a client task   
    On https://help.eset.com/eea/7/en-US/installation_command_line.html I've found parameters that can be used for specifying GUI language with MSI file that is used in the client task: PRODUCT_LANG and PRODUCT_LANG_CODE
    I successfully tested the following settings in my client task specification that installs ESET Endpoint Antivirus in US English:

  18. Upvote
    MartinK received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  19. Upvote
    MartinK received kudos from igi008 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  20. Upvote
    MartinK received kudos from santoso in Installing Third Party App via Console   
    There are technically two possible ways:
    Using "Software installation task" which can install arbitrary MSI installer files. IT has to be available locally on target system or via HTTP, which will be entered into task configuration. In case of network share, permissions has to be set in a way that local service can access shared installer (this causes most common issues). Using "Run command task". In this case it might be more complicated, as whole installation logic, including package download and execution has to be written as command. But If I recall correctly there are few powerhshell snippets to be found on the forum that might help.
  21. Upvote
    MartinK received kudos from mxp in ESMC | Filter for agents last connection   
    It is possible to create custom report with current data set:

    and with filter configured as follows:

    which will filter devices that has not performed scan for some time, or devices that has never performed as scan:

  22. Upvote
    MartinK received kudos from TCH in Alerts details are not visible   
    Please remove sorting from column "Problem detail": Unfortunately there was an issue in console that results in such state where alerts without problem detail are not visible.
  23. Upvote
    MartinK received kudos from MichalJ in Alerts details are not visible   
    Please remove sorting from column "Problem detail": Unfortunately there was an issue in console that results in such state where alerts without problem detail are not visible.
  24. Upvote
    MartinK received kudos from roga in server not in contact with itself   
    I am not certain but it seems that HW fingerprint of this device change in a way that ESMC requires manual approval for this device - it might have been evaluated as cloned.
    Could you please check this client's details in console, whether there is no "Question" in respective subsection? It should be indicated by blue number. Also such questions from whole network should be listed in "Status overview" dashboard, if there are any.
    If question will be reported for this device, please check documentation for it and resolve -> once done, device should be connecting. 
  25. Upvote
    MartinK received kudos from HSW in mapped domain security group -> no user sync   
    Could you be please more specific? You have created mapping for AD security group but users from this group are not able to log in? Asking because it is not clear, as users won't be automatically shown until they first log-in into ESMC, nor they will be removed from ESMC once removed from AD.
×
×
  • Create New...