Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by WilliamT

  1. Hello atorres, If the old server is still up and the clients are checking in to it still then you can go into Tools>Policy manger and select the policy that is in control of the clients you want to move. In that policy go to the area designated for the endpoint version you wish to move (Windows product line v3 and v4 or Windows desktp v5). Go to Kernel>Settings>Remote administration and add the new server address under Primary server address. As the clients check in they will get the new setting and should populate in the new server within the check in time you have set (default is 10 mins). Once all of the clients have checked in and received the new setting the old server can be taken down. The setting for servers version 4.5 is under Windows server v4.5>%product%>General Settings>Miscellaneous>Remote administration>Primary server. If this takes too long and you need to decommision the server now you can always go into the DNS server and create an alias that takes the old server name and redirects it to the new server IP address. You should goin the the same areas in the new server I have listed above and add the new server name so after check in they will have the correct information and then once all systems have the new server host name you can remove the alias.
  2. Hello Everyone, We have realeased a new version of the OVA. It will be released on the US site soon but here is the link to the internaltional site where it is already available. We suggest you try using this version as there are several fixes that were applied that may resolve the issues you are all seeing. hxxp://www.eset.com/int/download/business/detail/family/259/ We have also been able to document the best way to get the AD sync to work properly and allow full access to the domain. With the OVA and Linux Remote Administrator builds, the Active Directory sync does not happen automatically. In order to get it to sync correctly, you must create a new sync task and sync manually with the following steps: Navigate to ADMIN > Tasks > Server Tasks > Static Group Synchronization and click on New at the bottom to create a new sync task. Give the task a name, and make sure that the Task option is set to Static Group Synchronization. Then check the "Run task immediately after finish" checkbox. Select the static group you would like to have the AD groups fill, then enter your server connection information. Check the "Use LDAP instead of Active Directory" checkbox. Then click on Presets and select Active Directory in the drop down. This should fill all of the domain attribute and filter settings with default values for Active Directory. Make sure that the "Use Simple Authentication" checkbox is checked. From there, you should be able click on the Browse button next to the Distinguished Name field, where you will be able to view your AD tree. If you would like, you can select only certain groups for the task. If you select the top AD tree entry, it will sync all groups, but you will not see anything fill in within the field. Click Finish at the bottom, then the task should run within a few moments and populate your AD tree as static groups in the Computers menu. Finally there is still testing going on, however we know this OVA does not work with ESXi versions prior to V5. There is more documentation available today and most can be found at hxxp://help.eset.com. This is a new online usermanual that will make troubleshooting much easier.
  3. Hello DmitryP, Can you resolve the host names of the systems from the appliance?
  4. Hello DmitryP, Is this our ESET Virtual Appliance or are you installing the ERA on to a stand alone CentOS instance?
  5. Hello pstoric, From what I can tell it sounds like you are not able to completly resolve the server from those workstations. Please PM me a copy of the client side trace log located in c:\Programdata\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs as well as a screenshot of the output from the status.html file located in the same location.
  6. Hello William Neves, The idea for passing through an environment variable is with env. Please try this instead and let us know if it works in your environment. if ! start-staop-daemon --start --quiet --oknodo --exec /usr/bin/env LD_PRELOAD=/opt/eset/esets/libesets_pac.so daemon /usr/sbin/smbd -- -D; then
  7. Hello Chrisk, I can say I have also seen this. It seems that the Apache server takes a few minutes to actually start listening even though the service is running. If it never connects then I would run a "netstat -aon > c:\ports.txt" in a elevated command prompt and send it to me in a PM. I will go through it and see if this a port issue. The other issue we are seeing is that Apache does not update the new path for Java when it updates. You need to update the path to the new Java Update by using this program found here: C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe When you open the exe it will show you a path. Follow that path and you will see that Java changed the path for the new version. Simply copy and paste the new path into the dialog box replacing the old path ad click ok.
  8. Hello Kit, We would like to discuss this further with over a phone call. Please contact the Business Support team at 1-619-630-2400. We are available Monday through Friday 6am to 6pm PST. Thank you,
  9. Hello philmatthews, So the easiest way to do this is to make sure all zones are set in the Policy Manager in ERA. Once ths is done check the box that says "Discard all previous settings on the target computer" in the lower right corner of the same window. When you set up al zone make sure they are in the order you want them in.
  10. Hello Ciodo, There is not a way to change the way ESET marks the header. What filter are you using after ESET? Can you PM me a copy of the header of one of these emails?
  11. Hello Verus, Currently there is not a way to import to V6 for exclusions. I will add this to the list for the Development team to review and add to future versions of this product line. Please bare in mind this is a very new release and we are still taking suggestions regarding fuctionality. Thanks
  12. Hello Cemmac, I would start with this checklist. I would figure that the machine in question does not have any connection to that server over port 2221. The checklist will give you several ways to test the connection. You can also put an address into the browser on that machine like this hxxp://%yourservername%:2221/update.ver . This should give you a text file with all of the current stuff in the mirror folder. Thanks William
  13. Hello Andreas, I have a way to correct the email address on the ELA so you can get the email. I will need the exact email addres tht you want to be the "License Owner". Also I see that you did get the U/P converted to a License Key so you should be able to install ERA 6 with out issue. This only requires the License Key at install. You can Private Message me with your email address you want on the account. Please Note, at the time of this post, Version 6 of our Business products are available only in North America. The global launch should be sometime in early 2015.
  14. Hello Andreas, I have opened a ticket with our team incharge of this. I hope to hear something soon. I will keep you informed.
  15. Hi Marcus. Can you PM me the esets.cfg and also eset_smtp_spec.cfg? I will need to take a look and can give you a better response with more information.
  16. Hi Marcus, It looks like the ESET Spam catcher is working correctly as it says OK. I would need to see your Conf files to tell you more. Based on the information you have given me I would say you need to look at the client end and the message rules that are set for the inbox. Also some third party items can affect how the email is handled. You can PM me the configs (esets.cfg and also eset_smtp_spec.cfg) you have on this server and I can take a look. William
  17. Hello haco, Below is a link with the settings you need. The main issue with the rules you are creating is that there are block rules built in to ESET that are above the ones you are creating. The instructions in the link will show you how to disable them. https://kb.eset.com/esetkb/index?page=content&id=soln2233
  18. Hello khairulaizat92, No, our server products do not have the personal firewall feature. For the most part, a good configuration of the built in Windows firewall is all that is needed on server. Most servers require extensive access to the network for file and app sharing. Firewalls will make this very difficult and can stop production within a network. Best practices is to ensure the firewall on the perimiter of the network is setup with good protection and logging and if needed use the Windows firewall on the individual server you are protecting. IDS (intrusion detection system) is a lot like most theft/loss prevention. If the thef wants in bad enough then, with some work, they will find a way. My advise for most admins in this situation is to ensure logging is tracking as much as possible in your environment. Using a good logging system you should also be able to send real time alerts to email to ensure the people who need to know this is happening, know this quickly. A good idea is to implement a good ID system. This will track, in real time what is coming and going as well as flag questionable trafic allowing you to make changes to the Windows firewall as needed.
  19. Hello NDA, Please contact us at 1-866-343-3738 option 3 or through a chat session at helpus.eset.com so we can go through your specific license and assist you in correcting this issue. Thank you!
  20. OVERKILL, Please do not post links to viruses on the forum. If you have a sample or a link to a sample you can send them to samples@eset.com. If you click here you will get a more detailed set of instructions for submitting samples. Thank you
  21. Hello Megachip, At this time no you can not. Alerts and Notifications are set to trigger based on verbosity (Warnings, Errors, Critical Warnings ect..). There is a possibility that in a newer version of the ERA, which should be available next week, this type of notification may be possible, but not currently.
  22. Hello wolflord, As long as the license files are uploaded to the license manager that should be all that needs to be done. The license file upload to the clients is incase you would like to host a mirror from the client machine. Please click here for more detailed information about the licenses. WilliamT Business Support Engineer
  23. Hi All, Yes this infection is know to use standard RDP ports but not usually to propagate the infection. there will be a searies of links at the bottom of this post that will give you more information on this and other aspects of this infection. This is used for access to the network later. They have identified the leader of the group responsible for this and he is now on the FBI Most Wanted list. This is VERY good news and you can read more about this here on our blog site. I am sorry to hear about the riots Persona1986. I will PM you and some more information that may help quell the frenzy. I have provided some information below that will help you to understand the infection and even prevent some of this from happening. Does ESET protect me from Filecoder (CryptoLocker) malware? hxxp://kb.eset.com/zap/SOLN3433 Filecoder: Holding your data to ransom hxxp://www.welivesecurity.com/2013/09/23/filecoder-holding-your-data-to-ransom/ Cryptolocker 2.0 – new version, or copycat? hxxp://www.welivesecurity.com/2013/12/19/cryptolocker-2-0-new-version-or-copycat/ Don’t pay up! How to avoid ransomware threats – and how to fight back hxxp://www.welivesecurity.com/2013/10/25/dont-pay-up-how-to-avoid-ransomware-threats-and-how-to-fight-back/ 11 things you can do to protect against ransomware, including Cryptolocker hxxp://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/ Remote Desktop (RDP) Hacking 101: I can see your desktop from here! hxxp://www.welivesecurity.com/2013/09/16/remote-desktop-rdp-hacking-101-i-can-see-your-desktop-from-here/ - ESET is dedicated to the protection of all of our users, and interested in any new virus samples. You can use the instructions from the Knowledgebase article below to submit these samples to our virus lab. ------------------------------------------------------------------------------ How do I submit a virus, website or potential false positive sample to ESET's lab? hxxp://kb.eset.com/zap/SOLN141 ------------------------------------------------------------------------------ For Administrators: To learn more about how you can protect your computers from infection and increase your security, click or copy/paste any of the following ESET Knowledgebase articles into your web browser: ------------------------------------------------------------------------------ What can I do to minimize the risk of an infection on the network? hxxp://kb.eset.com/zap/SOLN247 Cyber security road map for businesses hxxp://www.welivesecurity.com/2013/05/14/cyber-security-road-map-for-businesses/ ------------------------------------------------------------------------------ For Users: To learn more about how you can protect your computers from infection and increase your security, click or copy/paste any of the following ESET Knowledgebase articles into your web browser: ------------------------------------------------------------------------------ What can I do to minimize the risk of a malware attack? hxxp://kb.eset.com/zap/SOLN130 Bulletproof Inbox: Tips for staying safe (and sane) on email hxxp://www.welivesecurity.com/2013/08/02/bulletproof-inbox-tips-for-staying-safe-and-sane-on-email/ Live fast, die old: Pro browsing tips to enjoy the Web at full speed (and safely too) hxxp://www.welivesecurity.com/2013/09/19/live-fast-die-old-pro-browsing-tips-to-enjoy-the-web-at-full-speed-and-safely-too/ ------------------------------------------------------------------------------ WilliamT ESET Business Support Engineer
  24. Hello jeremyf, To start with I want to let you know that I have never seen the Cryptolocker infection itself move past the originating system. What happens is the encryption will encrypt anything the system is connected to using an encryption service. This service is usually the Windows encryption service or another that is already installed on the system. Araksi is correct that this infection has moved through emails that work to get the enduser to click on an attachment. The infection is in that attachment. I personally have not seen it move any other way. This does not exclude the idea that things may have changed as that is business as usual for the people who write and propagate these infections. This situation is either a new variant or something else is going on along with the cryptolocker infection. I think at this point it might be a good idea if you could give us a call at 1-619-630-2400. We are available Monday through Friday 5am to 7pm PST. Please have your ESET Username or email address associated with the ESET account ready when you call. WilliamT ESET Business Support Engineer
  25. Hello Kittamaru, This wil depend on which of our workstation products you are using. For what you are trying to do you will probably need ESET Endpoint Security. For instructions on how to get what you are wanting please click here . Thank you William
  • Create New...