-
Posts
184 -
Joined
-
Last visited
-
Days Won
1
Posts posted by sdnian
-
-
5 minutes ago, Marcos said:
This scenario assumes that an attacker successfully connected via RDP with admin rights. If that happens, the user has a much bigger problem than not detecting files from an RDP share under these specific circumstances when the network speed is limited. With admin rights, a user can do virtually anything. Actual attackers would attempt to kill or remove an AV that would enable him or her to run any malware regardless of the size and type of malicious files.
That said, the problem that should be solved in the first place is securing RDP (e.g. by limiting it only to connections from LAN and using VPN or 2FA on an RDP gateway).
No. this don't need Admin rights. It just a user account in that video.
-
I reported to sample@eset.com on January 17th that ESET could not block ransomware, but I have not received any response at the moment. I just tested it again, this ransomware still successfully encrypts the file. Can someone handle it?
See the video for details - ESET can't stop the ransomware in this situation
-
3 hours ago, MichalJ said:
Machine is most probably Windows XP, for which the latest officially supported version is EP 6.5. V7 is installable, but not recommended for usage on XP.
Okay, I see. Thanks for your reply.
-
-
On 9/5/2018 at 11:40 PM, maorgr said:
Hi Guys,
I have upgraded from ERA 6.5 to the latest version 7 and the process was pretty smooth, however -
I am getting multiple computers with the following warning message: <resource-not-found-0x1211002d>Is it the same issue with https://forum.eset.com/topic/16536-resource-not-found-after-upgrade-esmc-v7/ ?
-
I've a Linux Server, OS: SLES 11 SP4 + OES 2005 SP1. I installed ESET File Security for Linux Server 4.5.11 and setting PAC to scan /
Everything is okay. I try to download eicar.com from Internet to save any folders. It can be detected and deleted by EFS. But if I copy eicar.com from Windows to this server volume (It's Novell NSS volume). It can't be detected.
If I miss something? How to resolve it?
-
You are right. Thanks!
-
-
After upgrade to ESMC 7. There are many items named '<resource-not-found-........>', how to fix it?
-
Finally, I found where is the problem. It works now. Thank you for your help.
-
@Pinni3 Thank you for your reply. But at the first post, I used no credentials settings in the Apache HTTP Proxy. Okay, I removed the it, go back to the settings without authentication. But still don't work. Do you have other suggestions?
-
@MichalJ I've setup username/password for Apache HTTP Proxy, but still don't work. I have confirm the username/password are right.
The username is eset, password is 123
curl --proxy hxxp://192.168.1.2:3128/ -U eset:xxx https://edf.eset.com/edf curl: (56) Received HTTP code 407 from proxy after CONNECT
The password of this command is wrong. So I get error code 407.
curl --proxy hxxp://192.168.1.2:3128/ -U eset:123 https://edf.eset.com/edf <?xml version="1.0" encoding="UTF-8"?><ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp"><ecp:response><code>20101003</code><message>Unsupported Content-type: unknown</message></ecp:response></ecp:message>
This command work well.
Now, ESMC Agent error message is..
ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.1.1" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.1.1" port: 2222 with proxy set as: Proxy: Connection: 192.168.1.2:3128, Credentials: Name: eset, Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: - Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 10.11.3.247:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 5df4b312-4e4b-4aa4-b4ea-be3d56defcf0, Sent logs: 0, Cached static objects: 69, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
- All replication attempts: 215
Could you please tell me more detail information how to fix it? Thank you! -
I'd like to settings ESMC agent v7 to connect ESMC Server through Apache HTTP proxy. But it's don't work.
For example, I've these three computers.
ESMC Server: 192.168.1.1
Apache HTTP Proxy: 192.168.1.2
ESMC Agent: 192.168.1.10
If let ESMC agent connect to EMSC server, port 2222. It works!
But I setup to use proxy server, host: 192.168.1.2, port 3128 in ESMC agent. And I block source 192.168.1.10 in ESMC server. But it connect failed.
If I change the httpd.conf. Remark the line 'deny from all' between <Proxy *> </Proxy>. It could connect again.
Next, I read the document - https://support.eset.com/kb6920/. So I've enable 'deny from all' back, but I add below contents:
<ProxyMatch ^192.168.1.1$>
Allow from all
</ProxyMatch>
It can't connect again. (I've restart Apache HTTP Proxy)
The error message:
ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.1.1" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.1.1" port: 2222 with proxy set as: Proxy: Connection: 192.1.1.2:3128, Credentials: Name: , Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: - Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.1.1.1:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 5df4b312-4e4b-4aa4-b4ea-be3d56defcf0, Sent logs: 0, Cached static objects: 69, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
- All replication attempts: 91
What do I wrong? -
It works. Thank you!
-
3 hours ago, MartinK said:
Could you specify what kind of installer are you actually using?
I use Agent live installer to create ESMCAgentInstaller.bat. Then run it in clients.
-
Try this settings
-
ESMC Agent v7 could connect to server through http proxy. It's a good improve. But could I assign proxy settings when install it? (I know how to give setting from policy. I don't ask this. Because sometimes clients can't connect server directly. So it can't get policy settings from ESMC server. That is why it need proxy.)
-
You can't use "ESMC Component upgrade Task" to upgrade ERA agent 6.x to ESMC agent 7. Read this document, it show how to do it.
https://support.eset.com/KB6819/
-
I found there is a free tool on the internet, it could delete ESET files immediate. Don't need to reboot or do it in safe mode. Please fix it.
-
@Marcos PM sent, please check it.
-
4 hours ago, Marcos said:
We have tested it on 2 machines and it indeed works.
Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from hxxp://www.eicar.org/download/eicar.comIs Eicar really detected by Web and email protection?
I've test the same settings in version 6.6.2072.4. There is no such issue.
-
1 hour ago, Marcos said:
We have tested it on 2 machines and it indeed works.
Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from hxxp://www.eicar.org/download/eicar.comIs Eicar really detected by Web and email protection?
Okay.. I try it by your steps. Yes, it really scan by HTTP filter.
-
7 minutes ago, MichalJ said:
Hello @sdnian
Can you share a bit more details about what is not working?
Especially the address you want to exclude and the actual exclusion. We need more data for analysis.For example.. I'd like to exclude IP address 192.168.1.10 by web protection scanning. So I setup '192.168.1.10' in the 'Excluded IP addresses' list. Then I try to download eicar.com from 192.168.1.10. It should be detected by real-time protection. Right? But this file be detected by HTTP scanner in version 6.6.2078.5.
-
Ransomware
in Malware Finding and Cleaning
Posted
So this is not a problem with ESET? Then I should make this video public, reminding ESET customers to pay attention to this problem.