Gamtat 1 Posted June 6, 2017 Share Posted June 6, 2017 Had a user come to me to let me know they had accidentally clicked on something they shouldn't have and had received the Access Denied "Access to the web page was blocked" popup and browser warning. I can see it in their event log on the client but there's no sign of it in the Threats section of the web interface. I can go to the Computers section, select Show Details on their computer and can't see it there either in the Threats or Alerts pages. The computer is otherwise reporting just fine to the ERA server. Have I screwed up the one of my policies? How do I make sure this stuff is visible in the dashboard (or possibly via email alert)? Link to comment Share on other sites More sharing options...
HSW 9 Posted June 7, 2017 Share Posted June 7, 2017 (edited) See my screen, needed config of Agent. Also you must setup the policy of webcontroll to log this as "warning" Edited June 7, 2017 by HSW Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted June 7, 2017 ESET Staff Share Posted June 7, 2017 If this was a page blocked not by webcontrol, but by the internal lists using protocol filtering / web access protection, it could be located locally in the "filtered websites log" on the Endpoint. Contents of this log file are as of now not collected in ESET Remote Administrator 6. We are planning to add this functionality in the next major release by Q4/2017 resp. Q1/2018. Link to comment Share on other sites More sharing options...
Gamtat 1 Posted June 7, 2017 Author Share Posted June 7, 2017 I haven't changed the defaults to enable WebControl so it wasn't that - just now exported the log to confirm that it was blocked by the internal lists. I look forward to this being logged in the console. I know the software has done its job by blocking the URL but it's a useful insight into user behavior for possible "reeducation". <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">6/6/2017 2:18:52 PM</COLUMN> <COLUMN NAME="URL">hxxp://newrequest-changeshippingcenter-ebayinc.com</COLUMN> <COLUMN NAME="Status">Blocked by internal IP blacklist</COLUMN> <COLUMN NAME="Application">C:\Windows\System32\CompatTelRunner.exe</COLUMN> <COLUMN NAME="User">DOMAIN\user</COLUMN> <COLUMN NAME="IP address">51.15.139.219</COLUMN> <COLUMN NAME="SHA1">7508DB266FDCDF93C951A022C5DA505A13EE6BE9</COLUMN> </RECORD> <RECORD> <COLUMN NAME="Time">6/6/2017 2:18:13 PM</COLUMN> <COLUMN NAME="URL">hxxp://newrequest-changeshippingcenter-ebayinc.com</COLUMN> <COLUMN NAME="Status">Blocked by internal IP blacklist</COLUMN> <COLUMN NAME="Application">C:\Windows\System32\CompatTelRunner.exe</COLUMN> <COLUMN NAME="User">DOMAIN\user</COLUMN> <COLUMN NAME="IP address">51.15.139.219</COLUMN> <COLUMN NAME="SHA1">7508DB266FDCDF93C951A022C5DA505A13EE6BE9</COLUMN> </RECORD> </LOG> </ESET> Link to comment Share on other sites More sharing options...
.thumb.jpg.d0dae4df7d520793aba4b217c88691a6.jpg)
Recommended Posts