Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. itman
    Try adding the directories you want exclude using the path name only and also with the \* option at the end of the path name to Deep Behavior Inspection exclusions section of the HIPS settings.
  3. dherrera1982 dherrera1982 joined the community
  4. Today
  5. Rick Brignolio Rick Brignolio changed their profile photo
  6. Camilo Diaz
    I have opened a case with our local customer care and provided the requested logs, but they didn't find the root cause of the problem. I was provided with the beta version 6.8.400.0 and issue still occurred there. Edit: Provided logs esets_proxy log level has been set to verbosity level = 8 Sample of esets_proxy.txt customer_info.zip
  7. Fatigam844 Fatigam844 joined the community
  8. yusak29 yusak29 changed their profile photo
  9. JRC JRC changed their profile photo
  10. Cody
    Good afternoon, We're having a problem here at our office where ESET is preventing a folder from being deleted or otherwise modified, with no logging or alerting that we're aware of. We're deploying alpha versions of some internal software to certain users in our office for testing, but the folder which contains the alpha executables is being locked from modification by ekrn.exe. This folder which we automatically delete and re-create is C:\Program Files (x86)\CompanyName\SoftwareAlpha. We have Real-Time File System Protection enabled, with the following paths excluded from our ESET Security Management Center's settings in Detection Engine > Performance Exclusions: C:\Program Files (x86)\CompanyName\SoftwareAlpha\*.*, C:\Program Files (x86)\CompanyName\SoftwareAlpha\*, C:\Program Files (x86)\CompanyName\*.*, and C:\Program Files (x86)\CompanyName* When I completely disable HIPs for these users, this automated alpha software deployment works fine. Is it HIPS that is locking this folder from being modified? How do I make sure that HIPS is not locking this folder? I've attached a screenshot from the program Process Explorer. When I search for "SoftwareAlpha" (the name of the folder which we want to delete), it shows that the process ekrn.exe is currently using this folder and keeping it from being modified.
  11. Beezel started following Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus
  12. j-gray
    @Marcos Thanks for the reply. We are not blocking this traffic on our networks at the client or server. Based on the error messages, it appears that the remote server (epns.eset.com) is blocking/rejecting the communication. Or is the error indicating that the epns server cannot connect to our client? I'm also confused, as the documentation indicates these calls are triggered by a Web Console user. I am the only Web Console user and have not triggered these ever (intentionally, at least). Could you please clarify how to resolve this issue? Ideally we would not want this outbound traffic to ESET. Thanks again.
  13. Peter Randziak started following Android 10: Interesting Issue with Location, Permissions, and WiFi identification and ESET update error: File not changed within the given time interval
  14. Lockbits
    Hello, We've a customer whose VP had experienced this error: Later the problem resolved and product is updating again however he wants to know why this message can appear. It's difficult to get an ESET Log Collector and we tried from ESMC and it give us error when trying to get the log from ESMC server. Thank you.
  15. itman
    Maybe the way to proceed is to verify Eset's RDP brute force password protection. For anyone using RDP, here is an article listing a number of RDP brute force attack tools that are readily available for penetration testing: https://resources.infosecinstitute.com/popular-tools-for-brute-force-attacks/
  16. itman
    Webex is not a browser: https://www.webex.com/ . Appears to be an interactive collaborative work software although it may include browser capabiility.
  17. itman
    I was aware that a RDP setting existed in Eset IDS. However per Eset online help, it only covers: https://help.eset.com/eis/13/en-US/idh_config_epfw_advanced_settings.html As far as I am aware of, CVE's only pertain to known hardware/software vulnerabilities. A brute force RDP attack does not fall into this category to my best knowledge.
  18. rrochefort
    I used https://www.uuidgenerator.net/. I just searched for a UUID generator online.
  19. waynegphoto waynegphoto joined the community
  20. petersonal
    I think the installing user has the access, i will try it.
  21. Phyneas Phyneas joined the community
  22. Kos cata Kos cata joined the community
  23. Rami
    Avast bought AVG (merged together) in 2016
  24. Hpoonis
    AVG IS Avast.
  25. Rami
    I stopped using it since they went to Avast and their servers got infected somehow with the move, I never use it again. here is another post : https://www.bleepingcomputer.com/news/software/avast-and-avg-firefox-extensions-pulled-from-mozilla-addons-site/
  26.    Rami reacted to a post in a topic: Eset RDP Brute Force Protection?
  27. Rami
    Ok thank you very much , I will just wait for the advanced machine learning settings that came to the endpoints and consumer products , it would be much useful for 0-day threats or never seen before threats.
  28. Marcos
    Yes, EFSW v7.x has it as well.
  29. howardagoldberg
    Correct. But I gave ESET full location permissions, and the issue persists. Giving location permissions actually solved the issue right after the release of Android 10, but a more recent update to the ESET app reintroduced the issue - even if ESET has location permissions granted. (Currently my app is at version 5.2.42.0-0)
  30. Rami
    Does that apply also to File Security ? , and it would be very nice addition the advanced machine learning settings for File Security , because too much files would just come through the servers.
  31. Peter Randziak
    Hello @howardagoldberg, I noticed similar behavior during Connected home scan. The issue (feature) is caused by the Android permissions i.e. if an application wants to know the SSID of a WIFI, the permissions to read location had to be granted and the Location services enabled... Peter
  32. Marcos
    Yes, it also covers SQL and SMB brute-force attacks.
  33. peteyt
    It's a shame as Avast once was respected, kind of similar with AVG at the beginning. I'm now debating if I should remove ccleaner. I don't use it as much as I used to but it can be handy but now wonder if it could technically be classed as a PUA
  34. peteyt
    Does this include RDP?
  35. rvolle rvolle joined the community
  36. Dwayne Dwayne changed their profile photo
  37. average
    The problem has been fixed, Thank you, @Marcos!
  38. Jerry Groves Jerry Groves joined the community
  39. Boerjlol Boerjlol joined the community
  40. MartinK
    Yes, it is proper way how to change certificate on clients. Just be aware that this would work only for actively connecting clients and that is why I asked whether you need to change it on active clients or on "dead"ones. Once policy is applied, certificate is immediately replaced and there is no way back so just be careful of which certificate is chosen.
  41. William Mulder William Mulder joined the community
  42. average
    Sent PM with information Thank you!
  43. Marcos started following Problem with License manager and "Your license has a new name" message
  44. Marcos
    Please drop me a personal message with your registration email address for my.eset.com and your public license ID. A weird thing is that the notification is in English despite having your license manager in Russian. Does the notification continually appear after logging out and logging in to the license manager again?
  1. Load more activity
×
×
  • Create New...