RafaelAraujo 0 Posted January 14, 2019 Posted January 14, 2019 Hello Everyone! I'm trying to create an AIO installer to deploy it through GPO. I did the creation of the package into ERA Web Console. however, when i try to download it (32 or 64bits) the popping screen stucks on 0%. My repository settings is setted to "AUTOSELECT" and no HTTP Proxy used. My firewall says that there's no blocking to ESET repository urls. Do you have any tip ? Thanks!
Administrators Marcos 5,468 Posted January 14, 2019 Administrators Posted January 14, 2019 Would it be possible at least temporarily to allow the ESMC server to connect to any IP address / host? If ESMC was connecting to a CDN and you have access restricted to the addresses listed in the appropriate KB, then it might not work.
RafaelAraujo 0 Posted January 14, 2019 Author Posted January 14, 2019 38 minutes ago, Marcos said: Would it be possible at least temporarily to allow the ESMC server to connect to any IP address / host? If ESMC was connecting to a CDN and you have access restricted to the addresses listed in the appropriate KB, then it might not work. I just saw a IPS entry here, regarding this destination 91-228-167-25.ptr.eset.com It's dropping because it says that has a MS.PowerPoint.Malformed.Records.Code.Execution Attack. Don't know what do do in this case. The ERA server has unlimited access to the internet but it has IPS rules.
Administrators Marcos 5,468 Posted January 14, 2019 Administrators Posted January 14, 2019 Looks like a false positive which should be investigated by Fortinet. Is it possible to define exception in the IPS? Fortinet fw is also known to corrupt bigger update files as demonstrated at https://forum.eset.com/topic/17535-eset-corrupted-file/. We reached out to the vendor and they suggested we ask affected users to contact their support and provide the serial number of the device.
RafaelAraujo 0 Posted January 14, 2019 Author Posted January 14, 2019 12 minutes ago, Marcos said: Looks like a false positive which should be investigated by Fortinet. Is it possible to define exception in the IPS? Fortinet fw is also known to corrupt bigger update files as demonstrated at https://forum.eset.com/topic/17535-eset-corrupted-file/. We reached out to the vendor and they suggested we ask affected users to contact their support and provide the serial number of the device. Hello Marcos! I just removed the IPS and it worked! Thanks for the quick answers! It helped me a lot! Additionally, I will contact Fortinet to see if they fix this for us too. (thanks for this too)
ESET Staff MartinK 384 Posted January 14, 2019 ESET Staff Posted January 14, 2019 3 hours ago, RafaelAraujo said: Hello Marcos! I just removed the IPS and it worked! Thanks for the quick answers! It helped me a lot! Additionally, I will contact Fortinet to see if they fix this for us too. (thanks for this too) Could you please specify version of ERA/ESMC Server you are using? Just to verify that this is the same problem we have been reported recently, where only x64 installer of ERA Agent 6.5.522.0 was affected. Regarding the issue as is, it is currently investigated, but what we know for sure is that no ppt/pptx file is included in our installer, so it seems to be false-positive, but not yet confirmed.
RafaelAraujo 0 Posted January 14, 2019 Author Posted January 14, 2019 Sure: ERA Server: 6.5.522.0 ERA WebConsole: 6.5.388.0
Recommended Posts