All Activity
This stream auto-updates
- Past hour
-
Jader joined the community
- Today
-
theali3n joined the community
- Yesterday
-
Mac Firewall issue after update to 6.8.400.0
alvinkatojr replied to Jimbo151's topic in ESET Endpoint Products
Could I get some assistance or pointers with this issue? Eset Support are yet to get back to me and I'm stuck with a product that won't work as it's supposed to. It would be nice if I got some idea of what exactly the problem is and why it's happening. Thank you. -
ndw95 joined the community
-
yusak29 changed their profile photo
-
Interesting discussion on AppNexus over at reddit.com: Appnexus sending malware/popups/redirects https://www.reddit.com/r/adops/comments/bchkqo/appnexus_sending_malwarepopupsredirects/ Appears the main issue is secure configuation of AppNexus by web site admins:
-
Miguel Barahona joined the community
-
That's what LiveGrid is for. It works the way that if a user encounters a suspicious sample, it's sent to ESET for replication and, if it turns out to be malware, a detection is created either automatically or manually and is then delivered to users either via streamed updates, module updates or via LiveGrid blacklists. Unlike LiveGrid, EDTD provides a quick response to any file, including documents which is one of the added values it provides. Documents are highly sensitive, hence everything uploaded to EDTD is treated as highly confidential and even access to files in EDTD is highly restricted to analysts. Moreover, malware in documents varies a lot so the chance that two different users would receive binary same malicious documents by email is very small; it's more likely to encounter them within the particular organisation. -
Appears you misunderstood what @Marcos posted. Anything detected malicious by EDTD would be immediately added to Eset's detection blacklist. Shortly thereafter when completed, a full signature detection would be pushed to all Eset installations. -
Attachments that you upload here are accessible only to ESET staff. Moreover, a Procmon log shouldn't contain any extra sensitive data. It could contain user profile folders or some plain text values in the registry but I don't consider it confidential to such a degree that ESET staff shouldn't see it. Or am I missing something?
-
Thanks for new logs. Now, script works correctly, package is successfully downloaded, installation parameters are ready and installation itself of PKG file is started. Unfortunately more details of installation failure will be available in different log file: /var/log/install.log but in case of macOS 10.15 it won't be meaningful, as in such case, even executing of helper tools bundled in installer with fail. There are multiple reasons for this: ERA 6.4 Agent for macOS is 32bit application and support for them was dropped in macOs 10.15 ERA 6.4 Agent is not notarized, which is process required for all applications to be installed on macOS 10.15 ERA 6.4 Agent might try to use old OpenSSL library available in macOS 10.15 resulting in operation abort -
md shakil changed their profile photo
-
In any case the file was restored. I'm using Remote Administrator and I have some folder exclusions. But any other policies are configured. Thanks again.
-
Was the file restored?
-
Yes, this product is endpoint 7 for business. I restore to an existing folder and I try to use "restore to.." option too. The first show a fail message, the other don't show any.
-
Here's a thought. Does the location; i.e. full original directory path, where the PUA was originally detected still exist? Eset may have an issue with quarantine restoration if this is the case. -EDIT- Nope. Just tested this and Eset will recreate the required directory path if necessary.
-
I just restored a previous PUA detection from quarantine in EIS ver. 13.0.24. It restored w/o issue. It is restored to its original detected directory and is no longer present in Eset quarantine. So if this is an issue, it must be in Endpoint versions only which I somewhat doubt.
-
Huge (15 Gb) pcapng files
SRT replied to bugsbunny's topic in ESET Internet Security & ESET Smart Security Premium
Bleachbit or CCleaner, with Winapp2, works great to keep those Eset logs from building up. No problems here, doing this. I can keep diagnostic logging enabled or clean them when needed. Must be done in safe-mode. Wouldn't recommend the latter, due to the take over from Avast (google to see) The link: https://github.com/MoscaDotTo/Winapp2/ -
-
That's sad. EDTD would be much more attractive, if also small companys could benefit from the samples of thousands of other people through push-updates of infected hashes. Something like "LiveGrid Premium" That would be a great sales pitch. -
Hi filips, That information was on the logs i sent to ESET support. I blocked the domain to check if the lists were working. I was expecting something like "domain was blocked by user's black list". But this didn't work too. Anything i put on one or another list, ESMX ignores it. -
If you're saying you work for ESET then you should probably change your title from "Administrator" to "Support", or something else that reflects that you actually work for the company. Or perhaps add a signature line that states you're with ESET support. Otherwise It's assumed you're a forum Administrator, which is different from a company employee under most forums. Your suggestion to choose Home or Work when the windows pop up is precisely what I've been doing all along that got me to this point. So what you're suggesting doesn't work - at least not when it comes to my originally issue noted under my original post regarding the iPhone. -
cerry33 changed their profile photo
-
BANDIT13 changed their profile photo
-
Marcos, do that expose some sensitive data. Any alternative? Thanks
-
I would dispute the charge with your credit card bank. I refuse to shop at Best Buy anymore. I bought a Roku device from them that was defective out of the box. I went back to Best Buy and they refused to refund or exchange it. The excuse given was that Best Buy is having a dispute with Roku. They would not elaborate any further. I said why should the customer suffer for your dispute? No answer to that. I ended up getting my money back by disputing the charge with my CC bank.
-
I'd recommend installing ECS Pro from scratch and selecting "Home" or "Work" network when your network is detected. The firewall will allow all local communication then and will not ask you for an action each time when the local or remote port changes. Two ESET persons have replied here so I'm unsure if that's appropriate to state "the lack of attention".
-
TheKing joined the community
-
Itman, thanks for reply. I tried with anothers sane files and the result is the same. Thanks
-
The log doesn't contain any useful records. There was no single record containing "quarantine". Please do not apply any filter.
-
Since AT&T now owns AppNexus, will be interesting to see how this plays out if they take Eset to court over blocking of their ads.
-
Marcos, thanks for reply. I attach the log file with some filters (Windows processes, and others), If you need the whole file please send me and email to send it. Thanks Logfile-restore.zip
-
Updating existing Agent deployment GPO
Campbell IT replied to Campbell IT's topic in Remote Management
That's what I am doing with existing machines, but this GPO is for new machines being added to our domain. I updated the agent installer so that the new machines would have the latest agent. I think I have found the problem, though. It has to do with Hardened UNC paths in Windows 10. I had to put in an exception for the UNC path that our GPOs run from. -
Huge (15 Gb) pcapng files
bugsbunny replied to bugsbunny's topic in ESET Internet Security & ESET Smart Security Premium
thanks for your fast reply almost all advanced logings were enabled -
Huge (15 Gb) pcapng files
Marcos replied to bugsbunny's topic in ESET Internet Security & ESET Smart Security Premium
Between Jan 23 and 28, you had various diagnostic logging enabled. You should disable it in the advanced setup -> tools -> diagnostics. Alternatively you might have enabled it via Help and support -> Details for customer care. Advanced logging should be enabled only for the time necessary to reproduce a particular issue and must be disabled then. When activated, a yellow notification pops up in certain intervals notifying you about that. Feel free to delete the files in the Diagnostics folder.
