Yann ILAS 0 Posted April 30 Posted April 30 Hello 👋 I've recently encountered an issue with ESET Real Time Protect in the console, and I'm seeking help to resolve it. As you can see in that screenshot (sorry, in French ), I get an error and ESET Real Time Protect module seems to be malfunctioning. Perhaps there are specific logs I should check or troubleshooting steps I could follow ? How can I troubleshoot that kind of error ? Thank you for your help
Administrators Marcos 5,468 Posted April 30 Administrators Posted April 30 What Linux distro / kernel is on the machine?
Administrators Marcos 5,468 Posted April 30 Administrators Posted April 30 Please refer to https://forum.eset.com/topic/40783-real-time-file-system-protection-not-running-on-debian-12/ for a workaround until a new version of the ESET Endpoint is released.
Yann ILAS 0 Posted May 3 Author Posted May 3 I have another question. It appears that component also scans the network. Is there a method to disable that feature ? I simply wish to scan the file, perhaps once per week, without involving the network. For instance, I can see these nft tables and some file to enable/disable/resume. I guess there is a way to deactivate the network part. root@do01:~# nft list tables table ip eset_efs_wap table ip6 eset_efs_wap6 /var/opt/eset/efs/wap/nat/excludes.nft /var/opt/eset/efs/wap/nat/disable.nft /var/opt/eset/efs/wap/nat/resume.nft /var/opt/eset/efs/wap/nat/enable.nft /var/opt/eset/efs/wap/nat/pause.nft Thank you
Administrators Marcos 5,468 Posted May 3 Administrators Posted May 3 You can disable scanning of network drives by real-time protection via a policy:
Yann ILAS 0 Posted May 3 Author Posted May 3 Thank you However, the nft table and the network scanning is still present 😕 root@do01:~# nft list tables table ip eset_efs_wap table ip6 eset_efs_wap6 root@do01:~# grep redirect /var/opt/eset/efs/wap/nat/enable.nft add rule ip eset_efs_wap output meta skuid != eset-efs-wapd tcp flags & (syn | ack) == syn tcp dport { 0 - 65535 } redirect to 45865 add rule ip6 eset_efs_wap6 output meta skuid != eset-efs-wapd tcp flags & (syn | ack) == syn tcp dport { 0 - 65535 } redirect to 34439 root@do01:~# netstat -laputen|grep 45865 tcp 0 0 127.0.0.1:45865 0.0.0.0:* LISTEN 0 18606 531/startd tcp 0 0 127.0.0.1:45865 178.62.230.237:51236 ESTABLISHED 999 19870 872/wapd tcp 0 0 127.0.0.1:45865 178.62.230.237:56294 ESTABLISHED 999 20135 872/wapd Here is the policy applied to that server ⤵️ The web access protection is disabled, according to these screenshots ⤵️ Maybe I do something wrong ? Is there a way to check on the server the policies which are applied ? Thank you for your help
Recommended Posts