Jump to content

Recommended Posts

Posted

Hello 👋

 I've recently encountered an issue with ESET Real Time Protect in the console, and I'm seeking help to resolve it. As you can see in that screenshot (sorry, in French ;)), I get an error and ESET Real Time Protect module seems to be malfunctioning.

Perhaps there are specific logs I should check or troubleshooting steps I could follow ? How can I troubleshoot that kind of error ?

 

image.thumb.png.93b95af6fbda53c463eee5ce844ebbd8.png

 

Thank you for your help :)

  • Administrators
Posted

What Linux distro / kernel is on the machine?

Posted

I have another question. It appears that component also scans the network. Is there a method to disable that feature ? I simply wish to scan the file, perhaps once per week, without involving the network.

For instance, I can see these nft tables and some file to enable/disable/resume. I guess there is a way to deactivate the network part.

root@do01:~# nft list tables
table ip eset_efs_wap
table ip6 eset_efs_wap6

 

/var/opt/eset/efs/wap/nat/excludes.nft
/var/opt/eset/efs/wap/nat/disable.nft
/var/opt/eset/efs/wap/nat/resume.nft
/var/opt/eset/efs/wap/nat/enable.nft
/var/opt/eset/efs/wap/nat/pause.nft

 

Thank you :) 
 

 

  • Administrators
Posted

You can disable scanning of network drives by real-time protection via a policy:

image.png

Posted

Thank you :)

However, the nft table and the network scanning is still present 😕

root@do01:~# nft list tables
table ip eset_efs_wap
table ip6 eset_efs_wap6

 

root@do01:~# grep redirect /var/opt/eset/efs/wap/nat/enable.nft
add rule ip  eset_efs_wap output meta skuid != eset-efs-wapd tcp flags & (syn | ack) == syn tcp dport { 0 - 65535 } redirect to 45865
add rule ip6 eset_efs_wap6 output meta skuid != eset-efs-wapd tcp flags & (syn | ack) == syn tcp dport { 0 - 65535 } redirect to 34439

 

root@do01:~# netstat -laputen|grep 45865
tcp        0      0 127.0.0.1:45865         0.0.0.0:*               LISTEN      0          18606      531/startd          
tcp        0      0 127.0.0.1:45865         178.62.230.237:51236    ESTABLISHED 999        19870      872/wapd            
tcp        0      0 127.0.0.1:45865         178.62.230.237:56294    ESTABLISHED 999        20135      872/wapd            


 

Here is the policy applied to that server ⤵️

image.thumb.png.cffa26442ef29745068a3af851fe4707.png

The web access protection is disabled, according to these screenshots ⤵️

image.thumb.png.72b9c87c903bfd0f43fdea9122294855.png

 

image.thumb.png.d7339c3b940a8b194dfc32e5e46a9254.png

 

Maybe I do something wrong ? Is there a way to check on the server the policies which are applied ?

Thank you for your help :)

 

 

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...