Hi,
I did an update last December on my handset and since then my screen keeps on locking me out every minute or so, requiring me to confirm my identity with thumbprint. This happens across all apps but the lock symbol is the last eset applocked app that I used.
I've removed the eset app and reinstalled and run all updates for handset and apps.
Thanks
↧
Glitching applock function on Samsung S22 Ultra
↧
Limited connectivity with Direct Cloud
Hello,
We are implementing a policy of secure browsing and website access control in our environment. Initially, there were no problems on the first test stations, but after a few days, when we tried to deploy the policy more broadly, we encountered a notification about an issue:
The ESET security product has limited connectivity with Direct Cloud. And this message appears on most of the workstations.
However, the following message appears on a few: Access control to websites is not fully operational due to a licensing issue. Re-enter your license credentials or try again later.
Could we request an analysis? I am sending the ESET Log Collector from two stations in the attachment.
Best regards
75387aab-a518-4557-8344-6a0cdea8f3cd_era-diagnostic-logs_2024-01-09_13-00-38.zip 083cbd09-0adb-4e0a-b240-820f9a350d98_era-diagnostic-logs_2024-01-09_12-46-55.zip
↧
↧
Reporting - ESET Protect report that shows all definition updates for a single machine
Hi all,
I'm finding the reporting in ESET Protect a little bit stunted, and wondering if it's me or the product that's at fault here.
We want to generate a "Antivirus Definitions Updated" report on an ad-hoc basis that would be filterable by "Computer Name" and "Data of Occurrence", and the report show the time/date stamp, detection engine database version and database date.
I can create such a report, but it only gives me the current database version/date, not the database versions updated throughout the day and the date/time they where updated.
For example (data added here is made up) we want to see:
Computer001, 28540P, January 9th 2024 14:00
Computer001, 28539P, January 9th 2024 12:20
Computer001, 28538P, January 9th 2024 11:10
Computer001, 28526P, January 8th 2024 17:00
Currently, my report will only give me 1 line, which would be the last time the machine updated it's database, even though it may have updated multiple times in a day. Example:
Computer001, 28540P, January 9th 2024 14:00
It seems a huge oversight to not be able to report on historical data like this, so guessing it's down to me setting up the report wrong?
Can anyone help with this, as our PCI DSS accessor needs to see each occurrence of the definition files being updated in a day, not just that it is up to date.
Many thanks in advance.
↧
Antimalware Scan Interface (AMSI) integration has failed (Endpoint 11.0.2032.0)
After recently upgrading to 11.0.2032.0, one endpoint device on Windows 10 Pro 22h2 is reporting the message above in the ERA.
This is similar to the thread here:
Have repeatedly rebooted, including using shutdown -r -t 0
This is the only device with the issue currently.
↧
Eset Website Certificate Revoked
Dears ,
We have issue with SSL/TLS option for some Websites .
↧
↧
MS 2016 issues installing Remote Agent
ESET PROTECT on-prem (Server), Version 11.0 (11.0.199.0)
ESET PROTECT on-prem (Web-Konsole), Version 11.0 (11.0.193.0)
Windows Server 2016 having issues with new certificates. The old ones are at the end of its timespan so i created a new Peer and Server certificate. The peer cert is without and CA is with password if that matters.
https://support.eset.com/en/kb7648-create-a-new-certificate-of-certificate-authority-in-eset-protect#CreateCA
Then I created a policy with the new cert and changed the Server cert. All modern Servers moved correctly to the new Cert, but the windows 2016 servers throwed "Configuration module has malfunction" and remain on the old cert.
Tried uninstalling Management Agent and reinstalling it, but install failed with:
ERROR: (ConfigInsertPeerCertContent) Checking certificate ended with error 'ParsePfxCertificate: PFXImportCertStore failed with Das angegebene Netzwerkkennwort ist falsch. Error code: 0x56'
INFO: Successful GET property 'P_SILENT' with value - UILevel=4
INFO: Custom action 'ConfigInsertPeerCertContent' ended.
CustomAction CA_ConfigInsertPeerCertContent returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
↧
ESET management agent issues with deploying through Intune - previously working, no changes made.
Hi all, created a account to ask this forum specifically for the issue from tittle.
If i missed the subforum, please let me know.
Namely, we use ESET Cloud + Eset endpoint security for our users (around 1000ish users)
I've converted a ESET management agent installer to win32 app for Intune.
Deployed it, the device lands in Cloud Portal under dynamic group devices with no security product then i made a task with trigger to deploy endpoint security to them.
It was working as intended up until couple of days ago i was notified of issues.
I've tested following :
New Intune prep tool (latest one) + latest installer of mgmt agent = fail to install.
Intune line of business app with .msi installer = nothing.
Locally test commands for silent install = fail > without silent /qn parameter it goes through.
Intune test change parameters to not include /qn = fail.
I've did some digging in intune logs on the VM used for testing, it detects app is not installed tries to install and it fails with installer : [Win32App] Failed to create installer process. Error code = 193 IntuneManagementExtension 1/10/2024 6:30:35 AM 3 (0x0003)
Google/Reddit havent been of much help on this.
Looking to ask if any of you are using ESET through Intune and how is it working for you, all advices/thoughts are welcome.
↧
License disabled after updating Full Disk Encryption FDE
Hola, aparece esta notificación tras actualizar el Full Disk Encryption, FDE.
Desde la consola central envío tarea de activación pero no activa el producto.
¿Alguna sugerencia?
¿Se puede activar manualmente en el equipo?
Machine translation:
This notification appears after updating Full Disk Encryption, FDE.
From the center console I send an activation task but it does not activate the product.
Any suggestions?
Can it be activated manually on the computer?
↧
Server reporting as resource not found 0x120002db
Hi I have a Windows server 2016 showing as the above in my ERA dashboard
Its on version 10.0.12010.0 I have 3 other 2016 servers all on the same build all reporing fine, I am not sure what the issue is with this one. I reinstalled the application and it was showing a fine in the era for a couple of days and then reverted back to the above message. Can you advise how I can find out what resource is missing and how I can resolve it?
Many Thanks
↧
↧
Potentially Unwanted/Unsafe Application rules
Hi,
We want to disable the protection of PUP but still report as shown below in our configuration.
Having checked the policies, it appears to be set correctly and there's no other policy within the hierarchy which I thought could be an issue.
However, we are still getting reports for a file by the PUP protection. We have even added explicit exclusions for the file based on the hash and I can see that the exclusion is present within the devices that are detecting the PUP.
Any idea as to why this would be happening or where to check next?
Thanks,
BB
↧
Full Disk Encryption ignoring policy
Hi,
I have a policy for all my devices to be used for Full Disk Encryption which is set to not allow end users to change passwords without the recovery code.
I had it set to change the password setting to disable which I noticed today that end users are still able to change, doing a test by editing the policy to force disabled to see if users are still able to change it. With the policy having this set or forced it still allows the user to change the password.
They are all running the latest version of 1.4.52.0 of the software and use all the same policies.
↧
ESET is taking almost 20% of my cpu is that normal?
Recently, I have experienced an issue where ESET will use almost 20-30 percent of my CPU. The eset service(2) usually consumes a high percentage of the CPU, but it doesn't happen all the time. I tried to reinstall ESET by first uninstalling it using ESET Uninstallation tool and then reinstalling it with a newer ESET version but the issue is still there. does anybody know how to fix it?
↧
Webex webhook notifications
Hi,
My ESET PROTECT on-prem server version: 11.0 (11.0.199.0)
My ESET PROTECT on-prem web console version: 11.0 (11.0.193.0)
How can I enable notifications for webhook integration in the webex application.
I already have a webhook address, but nowhere on the distribution channel can I find sending via webhook according to the information from the website:
Distribution | ESET PROTECT | ESET Online Help
↧
↧
ESET Vulnerabilities not clearing
Hi
Once a vulnerability is flagged it doesnt seem to clear, I have Windows defender and MS Teams vulnerabilites flagged but checked the installed versions are later what is being flagged.
A couple of the alerts are a few weeks old, so this is not just a case of waiting for the next scan, as at least 1 machine is always-on.
How do I:-
1) rescan the device
2) mark the vulnerability as resolved and delete it from the console
thanks
John
↧
What ESET products do I currently own?
Hi people, good morning!
I recently entered to a new job and we user ESET solutions in here. In my prior job we used Trend Micro and all this is really new to me. Althought I'm getting used to this console, I have two really BIG problems.
I don't know WHAT products we own, all I see when I enter to the console is, on the top-left corner, "ESET Protect". Also, when I go to Help > About I can see this information: ESET PROTECT (Server), Version 10.0 (10.0.2133.0) - ESET PROTECT (Web Console), Version 10.0 (10.0.132.0). The problem is that, I think, this is only a central management console, and no the product itself.
The second problem is a direct consequence of the first one, and it's that I'm not able to look for useful KBs to solve my doubts. For example, I want to block an IP sending malicious mail traffic, but I can't find it on the console, nor find a KB to explain how to do this.
I hope that my post is clear, and if you have further questions, I'm available.
Best regards!
↧
How do I add custom search patterns for detection
We use ESET Protect 10.1.1291.0.
A customer has not only a VPN tunnel to us, but also to another IT partner. This IT partner was individualy attacked and now provided an individual list of IOC hashes as well as a list of attacking IPs.
For the moment, there is no indication, that the customers network had been compromized. Nevertheless, I would like to scan my network as well for signs of intrusion as I have no information, wether ths IT Partner reported anyway to update standard AV search databases.
How could I extend the ESET databases for the full client file scan and the IDS/HIPS for all clients?
↧
Is it possible to set what should be sent in the notification?
Hello.
It's about this place: https://help.eset.com/ees/10.1/en-US/idh_config_notice.html
I receive a lot of notifications that a threat has been detected on my workstation. But they were blocked. Is it possible to set it so that I only receive notifications about threats that have not been blocked, disinfected or removed?
Basically, I wonder if there is any point in receiving notifications here - unresolved ones are automatically signaled in red in the Protect console.
But I don't know how to turn off this type of notifications, since I can only specify the level of detail.
What is your approach to this? What is good practice in this regard?
↧
↧
The remote access application: svchost.exe
Hi all,
I am using Eset for a while and I am pleased.
Yesterday I was entering remote to computer 1. I Use VPN and Rdp to connect.
I entered several times randomly from two computers, a laptop and a desktop,
At one point, when I wanted to enter computer 1, it was waiting to enter and told me that there is another connection on this computer (comp 1).
Then when I entered, ESET kept showing me a message when I open the browser, Chrome. It shows him on the right in the middle of the page.
The message is: "Another application could be remotely accessing your computer. If you or your company are aware of this, continue as usual.
If you are uncertain please contact It admin.
The remote access application: svchost.exe
Was there something stuck in the network/RDP when I entered randomly from the two computers? (within 1 day I kept logging in and out).
Or should I be worried?
In eset in the firewall I saw many Allow rules coming from our gateway.
Thank you.
↧
Disk encryption
buen día, podrían ayudarme con un cifrado de disco.... Estoy intentando cifrar el disco de las máquinas que están en mi red con eset protect a través de las políticas. Creo la regla designa el equipo pero cuando voy a la pc a ver si cifro el disco aparece sin cifrar… el proceso en nod no arrojó ningún error debería estar cifrado… podrían darme una mano para solucionalo desde ya gracias
Machine translation:
Could you help me with disk encryption... I am trying to encrypt the disk of the machines that are on my network with eset protect through the policies. I create the rule designates the computer but when I go to the PC to see if I encrypt the disk it appears unencrypted... the process in nod did not throw any error it should be encrypted... could you give me a hand to solve it now thanks
↧
Two questions about the ESET Protect console
Hi team, good afternoon!
I'm trying to understand better this solution, and I'm having 2 specific questions.
1- Can I modify the policy por only one user? For example, an executive wants to access to certain website, but I don't want to create a whole new policy for him, nor create an exclusion for all the computers responding to this policy. May I modify only the policy hitting HIS computer?
2- How can I "clean" alerts that have already been solved? For example, there's an endpoint which is connected to the server and whatnot, but the console shows that there's no connection since like 2 weeks ago. How can I mark this as solved?
Thanks in advance, and regards!
↧