-
Posts
184 -
Joined
-
Last visited
-
Days Won
1
Everything posted by sdnian
-
On computers with EEA installed, the window appears a few seconds after executing cmd, and then the window closes automatically. If I disable Deep Behavioral Inspection or add c:\windows\system32\cmd.exe to the exclusion list, cmd will run normally. Tried pre-releases update, still the same situation. What can I do to solve this problem? Windows 10 22H2 x64, EEA 11.0.2044 (Deep behavioral inspection support module 1150)
-
Blocking Specific Programs
sdnian replied to sdnian's topic in ESET Inspect On-prem (Detection and Response)
Thanks @jia_yang reply. I mentioned AnyDesk just as an example. Using a firewall to block network connections or blocking hash-based file are among the methods. However, personally, I don't consider these good approaches for users of ESET Inspect. Given that using ESET Inspect allows us to detect when a client executes certain programs and ESET Inspect also has the capability to block files, why are there limitations on functionalities like KillProcess? For instance, within ESET Inspect's built-in rule: "AnyDesk Remote Desktop Silent Installation [D0443]", this rule can detect silent installations of AnyDesk, and it's set to perform actions like KillProcess. However, when this event is triggered, it doesn't block the installation or execution of AnyDesk. Shouldn't it be blocked immediately if someone unauthorized attempts this? -
Is it possible to prohibit the execution of a particular program? Depending on specific conditions such as file name, digital signature, company name.... etc. instead of a hash value. Example: I want to disable the use of anydesk on my company's computers, is there a way to do this?
-
I submitted a support ticket last Friday, but no any response so far. The logs you mentioned is below, can you see what the problem is? Or pass it on to the appropriate person? Thanks! Logfile.zipeea_logs.zip
-
I'm trying to install VC_redist 2008 sp1, and I'm getting the following error message. If I disable real-time file system protection, the installation will be successful. I tried installing VC_redist 2022 and did not encounter this problem. The system is Windows 11 22H2 x64 , EEA 10.1.2046.0. How to fix this issue?
-
ESET Bridge DNS resolve issue
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
Sorry... The problem is fixed. It's the primary dns server in the ESET PROTECT server don't work. -
I've an ESET PROTECT v10.0.1128 and ESET Bridge 1.0.37. All clients use this proxy server. After the antivirus software been installed, it can't been activation. I found some logs.. Access.log: 172.1.3.51 - - [04/Feb/2023:15:19:19 +0800] "CONNECT edf.eset.com:443 HTTP/1.1" 502 150 "-" "-" Error.log: 2023/02/04 16:03:24 [error] 6892#7452: *954 proxy_connect: edf.eset.com could not be resolved (2: Server failure), client: 172.1.3.211, server: , request: "CONNECT edf.eset.com:443 HTTP/1.1", host: "edf.eset.com:443" 2023/02/04 16:03:24 [error] 6892#7452: unexpected DNS response for edf.eset.com I run a test in the ESET PROTECT server.. Get 502 error. > curl.exe --proxy hxxp://172.1.3.105:3127/ https://edf.eset.com/edf curl: (56) Received HTTP code 502 from proxy after CONNECT But if don't use proxy.. the connection is fine. > curl.exe https://edf.eset.com/edf <?xml version="1.0" encoding="utf-8"?><ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp"><ecp:response><code>20101001</code><message>invalid http method</message></ecp:response></ecp:message> So.. how to fix the Bridge DNS resolved problem? Thank you! access.log error.log
-
Hello, Over the past two days, different customers have been responding that after installing EEA/EFSW, the product activation failed with the error code: ACT.0. I tried to connect to https://edf.eset.com/edf and it looked fine, and I got the following content: <?xml version="1.0" encoding="utf-8"? ><ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp"><ecp:response><code>20101001</code><message>invalid http method</message></ ecp:response></ecp:message> How to solve this problem? Thanks!
-
EEA can't apply policies settings
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
@Peter Randziak The issue persists. I've collect logs, please take a look if what kind of wrong? trace.log agent.zip eea_logs.zip -
EEA can't apply policies settings
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
Yes -
I have a Windows 7 SP1 been installed Agent 9.0.1144 and EEA 9.0.2046. After the installation, it can connect to ESET Protect, and I can see the successfully applied policies on the console, everything are normal so far. However, when I check the settings from the client, there is no policies settings been applied. Uninstall and reinstall Agent and EEA, the issue is still exist. There is an error in the trace.log: Error: CEssConnectorModule [Thread 103c]: Set policy failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. How to fix it?
-
I've installed EFSW 6.5.12018 in windows server 2003, but can't activated the product, the error code is ECP.20006. I've testing 6.5.2132.6 in XP, it's the same issue. In the same environment, I installed EFSW 9.0.12012 in Windows Server 2019 and it can be activated. Please help to fix this problem, thank you. ECP.zip
-
PowerShell/TrojanDownloader.Agent.DV trojan
sdnian replied to sdnian's topic in Malware Finding and Cleaning
ESET Log Collector log file - eea_logs.zip -
-
Endpoint Security can't connect to Push Notification Service
sdnian replied to kapela86's topic in ESET Endpoint Products
I have the same situation. After some troubleshooting, I found that it was the "License interval check" setting, originally I set it to limited, but after changing it to Automatic the warning disappeared. https://help.eset.com/eea/8/en-US/idh_config_license.html -
PowerShell/TrojanDownloader.Agent.DV trojan
sdnian replied to sdnian's topic in Malware Finding and Cleaning
Thanks for your help. I'll try to delete them ASAP. -
I have several Windows Servers that consistently detect PowerShell/TrojanDownloader.Agent trojan. Every time EFSW shows cleaned by deleting, but the same log appears again after a few hours. How to solve this problem? One of the log collector file. efsw_logs.zip
-
Of course, KB4474419 and KB4490628 are already installed. If Windows 7 does not support SHA2, EEA 8 cannot be installed.
-
I installed EEA 8.0.2028 in Windows 7 SP1. Everything is fine during the installation. Then I enabled the device control setting and reboot this computer. I saw a warning message "Device control is not fully functional". I try to reboot few times, but the situation is the same. I also try to uninstall and install, still no luck. Any suggestion to solve this issue? Diagnostics.zip
-
Computers are controlled by a firewall and only a limited number of specific websites are accessible. After installing EEA 7.3.2039, using a browser to connect to https sites is very slow and may even time out. If I turn off the SSL/TLS protocol filtering, it will be back to normal. Does EEA's SSL/TLS protocol filtering feature need to connect to certain IP addresses? Or how can I fix this?
-
Trace message - Invalid utf8 leading byte
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
This issue seems to have occurred after I upgraded ESMC 7.2, maybe there is a tweak or something in the new version that is causing this problem. -
Trace message - Invalid utf8 leading byte
sdnian replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
This is one of the clients that failed to upgrade, the error message is in Chinese, this kind of message also appeared before, why this is an Invalid utf8 leading byte? software-install.log -
Disable QUIC fix this issue.
-
I'd like to block https://www.youtube.com/. In URL ADDRESS MANAGEMENT, I add a record *.youtube.com. I've tried IE/Firefox/Vivaldi, https://www.youtube.com/ been blocked. But if I use Chrome to browse https://www.youtube.com/, EEA don't block it. If I block others domain, for example: *.facebook.com, then https://www.facebook.com/ been blocked in IE/Firefox/Vivaldi/Chrome. EEA version: 7.2.2055 How can block YouTube form Chrome?