-
Posts
184 -
Joined
-
Last visited
-
Days Won
1
sdnian last won the day on October 5 2023
sdnian had the most liked content!
About sdnian
-
Rank
Newbie
Profile Information
-
Gender
Male
-
Location
Taiwan
-
On computers with EEA installed, the window appears a few seconds after executing cmd, and then the window closes automatically. If I disable Deep Behavioral Inspection or add c:\windows\system32\cmd.exe to the exclusion list, cmd will run normally. Tried pre-releases update, still the same situation. What can I do to solve this problem? Windows 10 22H2 x64, EEA 11.0.2044 (Deep behavioral inspection support module 1150)
-
Blocking Specific Programs
sdnian replied to sdnian's topic in ESET Inspect On-prem (Detection and Response)
Thanks @jia_yang reply. I mentioned AnyDesk just as an example. Using a firewall to block network connections or blocking hash-based file are among the methods. However, personally, I don't consider these good approaches for users of ESET Inspect. Given that using ESET Inspect allows us to detect when a client executes certain programs and ESET Inspect also has the capability to block files, why are there limitations on functionalities like KillProcess? For instance, within ESET Inspect's built-in rule: "AnyDesk Remote Desktop Silent Installation [D0443]", this rule can detect silent installations of AnyDesk, and it's set to perform actions like KillProcess. However, when this event is triggered, it doesn't block the installation or execution of AnyDesk. Shouldn't it be blocked immediately if someone unauthorized attempts this? -
Is it possible to prohibit the execution of a particular program? Depending on specific conditions such as file name, digital signature, company name.... etc. instead of a hash value. Example: I want to disable the use of anydesk on my company's computers, is there a way to do this?
-
Sylvain_f reacted to a post in a topic: VC_redist 2008 SP1 can't be installed.
-
I submitted a support ticket last Friday, but no any response so far. The logs you mentioned is below, can you see what the problem is? Or pass it on to the appropriate person? Thanks! Logfile.zipeea_logs.zip
-
I'm trying to install VC_redist 2008 sp1, and I'm getting the following error message. If I disable real-time file system protection, the installation will be successful. I tried installing VC_redist 2022 and did not encounter this problem. The system is Windows 11 22H2 x64 , EEA 10.1.2046.0. How to fix this issue?
-
Peter Randziak reacted to a post in a topic: ESET Bridge DNS resolve issue
-
ESET Bridge DNS resolve issue
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
Sorry... The problem is fixed. It's the primary dns server in the ESET PROTECT server don't work. -
I've an ESET PROTECT v10.0.1128 and ESET Bridge 1.0.37. All clients use this proxy server. After the antivirus software been installed, it can't been activation. I found some logs.. Access.log: 172.1.3.51 - - [04/Feb/2023:15:19:19 +0800] "CONNECT edf.eset.com:443 HTTP/1.1" 502 150 "-" "-" Error.log: 2023/02/04 16:03:24 [error] 6892#7452: *954 proxy_connect: edf.eset.com could not be resolved (2: Server failure), client: 172.1.3.211, server: , request: "CONNECT edf.eset.com:443 HTTP/1.1", host: "edf.eset.com:443" 2023/02/04 16:03:24 [error] 6892#7452: unexpected DNS response for edf.eset.com I run a test in the ESET PROTECT server.. Get 502 error. > curl.exe --proxy hxxp://172.1.3.105:3127/ https://edf.eset.com/edf curl: (56) Received HTTP code 502 from proxy after CONNECT But if don't use proxy.. the connection is fine. > curl.exe https://edf.eset.com/edf <?xml version="1.0" encoding="utf-8"?><ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp"><ecp:response><code>20101001</code><message>invalid http method</message></ecp:response></ecp:message> So.. how to fix the Bridge DNS resolved problem? Thank you! access.log error.log
-
Hello, Over the past two days, different customers have been responding that after installing EEA/EFSW, the product activation failed with the error code: ACT.0. I tried to connect to https://edf.eset.com/edf and it looked fine, and I got the following content: <?xml version="1.0" encoding="utf-8"? ><ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp"><ecp:response><code>20101001</code><message>invalid http method</message></ ecp:response></ecp:message> How to solve this problem? Thanks!
-
EEA can't apply policies settings
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
@Peter Randziak The issue persists. I've collect logs, please take a look if what kind of wrong? trace.log agent.zip eea_logs.zip -
EEA can't apply policies settings
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
Yes -
I have a Windows 7 SP1 been installed Agent 9.0.1144 and EEA 9.0.2046. After the installation, it can connect to ESET Protect, and I can see the successfully applied policies on the console, everything are normal so far. However, when I check the settings from the client, there is no policies settings been applied. Uninstall and reinstall Agent and EEA, the issue is still exist. There is an error in the trace.log: Error: CEssConnectorModule [Thread 103c]: Set policy failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. How to fix it?
-
I've installed EFSW 6.5.12018 in windows server 2003, but can't activated the product, the error code is ECP.20006. I've testing 6.5.2132.6 in XP, it's the same issue. In the same environment, I installed EFSW 9.0.12012 in Windows Server 2019 and it can be activated. Please help to fix this problem, thank you. ECP.zip
-
PowerShell/TrojanDownloader.Agent.DV trojan
sdnian replied to sdnian's topic in Malware Finding and Cleaning
ESET Log Collector log file - eea_logs.zip -
-
Endpoint Security can't connect to Push Notification Service
sdnian replied to kapela86's topic in ESET Endpoint Products
I have the same situation. After some troubleshooting, I found that it was the "License interval check" setting, originally I set it to limited, but after changing it to Automatic the warning disappeared. https://help.eset.com/eea/8/en-US/idh_config_license.html