vanroy
Members-
Posts
118 -
Joined
About vanroy
-
Rank
Newbie
Profile Information
-
Gender
Not Telling
-
Location
Costa Rica
Recent Profile Visitors
2,114 profile views
-
Blocking all streaming websites but one specific video
vanroy replied to vanroy's topic in ESET Endpoint Products
Not working -
vanroy started following ECOS SLOW - BIG TENANT O365 , Blocking all streaming websites but one specific video , HASH on the Inspect and 3 others
-
Hi, 1.How does inspect generate the hash of an executable? 2. Why in some case the executable have is an unknown hash? best.
-
ok thanks, This is limitation of EIC should release and improve the Relationship graph
-
Hello, It is possible to see the URL or IP from site not listed as malicious and the endpoint downloaded malware from this site. ESET Inspect only see the executions. With other XDR this is possible. thank you.
-
Hi, James thanks for your time.\ Best
-
@JamesR can you help me please?
-
Hello, what is bad? <definition> <parentprocess> <operator type="AND"> <operator type="OR"> <condition component="FileItem" property="FileName" condition="is" value="php-cgi.exe" /> <condition component="FileItem" property="FileName" condition="is" value="php.exe" /> </operator> <condition component="FileItem" property="Path" condition="starts" value="c:\php\" /> </operator> </parentprocess> <process> <operator type="AND"> <condition component="Module" property="SignatureType" condition="greaterOrEqual" value="90" /> <operator type="OR"> <condition component="FileItem" property="FileName" condition="is" value="cmd.exe" /> <condition component="FileItem" property="FileName" condition="is" value="conhost.exe" /> </operator> <operator type="OR"> <condition component="FileItem" property="Path" condition="starts" value="%SYSTEM%" /> <condition component="FileItem" property="Path" condition="starts" value="%WINDIR%\syswow64\" /> </operator> <condition component="Module" property="SignerName" condition="is" value="Microsoft Windows" /> </operator> </process> <operations> <operation type="CreateProcess"> <operator type="and"> <condition component="FileItem" property="FullPath" condition="is" value="c:\php\php.exe" /> <condition component="FileItem" property="FullPath" condition="is" value="c:\php\php-cgi.exe" /> </operator> </operation> </operations> </definition>
-
False positives of Windows system file detection
vanroy replied to pedoc's topic in Malware Finding and Cleaning
Resolutions not use developer version of Windows 11. -
False positives of Windows system file detection
vanroy replied to pedoc's topic in Malware Finding and Cleaning
-
Hi, Slow loading pages, user's module, This causes the browser example message (see attach) when work assigning a policy to users. Firefox, Chrome same in mode incognito regards.
-
Hello, Why ECOS load slow on tenant with 100k of users? Datacenter on USA, some else present this issues?
-
Detection by Endpoint Security alerts
vanroy replied to vanroy's topic in ESET Inspect On-prem (Detection and Response)
Hello @Lockbits@JamesR Thanks, Some other tips for optimization or make exclusion and rules. it's very appreciated. Best -
Detection by Endpoint Security alerts
vanroy replied to vanroy's topic in ESET Inspect On-prem (Detection and Response)
hello @JamesR