Yann ILAS 0 Posted April 30 Share Posted April 30 Hello 👋 I've recently encountered an issue with ESET Real Time Protect in the console, and I'm seeking help to resolve it. As you can see in that screenshot (sorry, in French ), I get an error and ESET Real Time Protect module seems to be malfunctioning. Perhaps there are specific logs I should check or troubleshooting steps I could follow ? How can I troubleshoot that kind of error ? Thank you for your help Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,105 Posted April 30 Administrators Share Posted April 30 What Linux distro / kernel is on the machine? Quote Link to comment Share on other sites More sharing options...
Yann ILAS 0 Posted April 30 Author Share Posted April 30 That VM is running with a Debian 12. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,105 Posted April 30 Administrators Share Posted April 30 Please refer to https://forum.eset.com/topic/40783-real-time-file-system-protection-not-running-on-debian-12/ for a workaround until a new version of the ESET Endpoint is released. Quote Link to comment Share on other sites More sharing options...
Yann ILAS 0 Posted May 3 Author Share Posted May 3 I have another question. It appears that component also scans the network. Is there a method to disable that feature ? I simply wish to scan the file, perhaps once per week, without involving the network. For instance, I can see these nft tables and some file to enable/disable/resume. I guess there is a way to deactivate the network part. root@do01:~# nft list tables table ip eset_efs_wap table ip6 eset_efs_wap6 /var/opt/eset/efs/wap/nat/excludes.nft /var/opt/eset/efs/wap/nat/disable.nft /var/opt/eset/efs/wap/nat/resume.nft /var/opt/eset/efs/wap/nat/enable.nft /var/opt/eset/efs/wap/nat/pause.nft Thank you Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,105 Posted May 3 Administrators Share Posted May 3 You can disable scanning of network drives by real-time protection via a policy: Quote Link to comment Share on other sites More sharing options...
Yann ILAS 0 Posted May 3 Author Share Posted May 3 Thank you However, the nft table and the network scanning is still present 😕 root@do01:~# nft list tables table ip eset_efs_wap table ip6 eset_efs_wap6 root@do01:~# grep redirect /var/opt/eset/efs/wap/nat/enable.nft add rule ip eset_efs_wap output meta skuid != eset-efs-wapd tcp flags & (syn | ack) == syn tcp dport { 0 - 65535 } redirect to 45865 add rule ip6 eset_efs_wap6 output meta skuid != eset-efs-wapd tcp flags & (syn | ack) == syn tcp dport { 0 - 65535 } redirect to 34439 root@do01:~# netstat -laputen|grep 45865 tcp 0 0 127.0.0.1:45865 0.0.0.0:* LISTEN 0 18606 531/startd tcp 0 0 127.0.0.1:45865 178.62.230.237:51236 ESTABLISHED 999 19870 872/wapd tcp 0 0 127.0.0.1:45865 178.62.230.237:56294 ESTABLISHED 999 20135 872/wapd Here is the policy applied to that server ⤵️ The web access protection is disabled, according to these screenshots ⤵️ Maybe I do something wrong ? Is there a way to check on the server the policies which are applied ? Thank you for your help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.