All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. Is ESET able to detect HTML5 malware?

    the blog both articles refer to is really light on details beyond inferring that bad actors are using html5 redirects on mobile devices with specific criteria; my guess is that eset would protect the user from the domain a browser is redirected to. imo, the html5 "malware" referenced doesn't seem like "malware" so much as using html5 features to do sketchy stuff.
  4. Can anybody comment on and/or assist with my preceding post?
  5. Yesterday
  6. Is ESET able to detect HTML5 malware?

    Bunch of HTML5 tests here: https://html5sec.org/#html5 . Many would not run in IE11. I did get a SmartScreen alert from the evil.com test. Nothing from Eset but don't know if that means anything since the test shows HTML5 code used by malware w/o any actual malicious code employed.
  7. 1- https://www.infosecurity-magazine.com/news/security-of-html5-may-not-live-up/ 2 - https://martechtoday.com/media-trust-warns-of-malware-in-html5-ads-217292?utm_src=ml&utm_medium=textlink&utm_campaign=mlxpost "One of the most problematic characteristics of the way in which HTML5 malware is delivered, Olson said, is that it is taking advantage of “obfuscated code” populating HTML5 ads. This obfuscation, he said, is “like a kind of encryption,” used by many legitimate developers to keep their software tricks from competitors. But that “makes it extremely difficult to understand” and to find the delivery mechanisms used to carry the malware."
  8. Problem bol vyrieseny vo verzii 4.0.88. Momentalne sa testuje verzia 4.0.90, ktora bude onedlho vydana.
  9. Any browser crash so far with this new 4.0.88 version. Thanks a lot
  10. Rogue Detection Sensor

    That worked! Thanks!
  11. Rogue Detection Sensor

    As Rogue Detection Sensor is able to detect machines only it the same subnet it is installed, you will need at least one machine with AGENT + RDSensor in each subnet. In case you already have AGENT installed on machine, installing RDSensor manually or using "Software installation task" from ERA is it. Once this is done, detected machines should start appearing in ERA console. More details, including prerequisites can be found in documentation.
  12. Rogue Detection Sensor

    How do I install just the Rogue Detection Sensor on a machine. I need to look for rogue computers on different subnets. Thanks!
  13. It is just guessing, but after all those files are dropped, remaining operations are: checksum verification of downloaded AGENT installer. Technically command: sha1sum.exe agent_x64.msi 8a4ee12fa046d4d05a73f1c108383425fc8eee24 is executed, where 8a4ee12fa046d4d05a73f1c108383425fc8eee24 is expected checksum for x64 AGENT installer for ERA 6.5.522.0. Only issue related to checksum verification I remember is problem with TEMP paths containing non-ascii characters, but I guess this is not the issue, as it is executed as system. Installation itself is started by executing MSIEXEC.EXE with appropriate command line parameters. This operations should be logged in previously mentioned file ra-agent-install.log locate in temp directory, but in case it is missing, it might have failed instantly or was not even started. My recommendation in case you have direct access to affected machine is to create "Agent live installer" in ERA (BAT file) and execute it on target machine. It will perform the same operations, but under context of your account, and with output to terminal, which might help to identify this issue. Also is there any change in result code of remote deployment? Previously mentioned error 32 was related to SMB protocol version issue (btw. future versions, including 7.0 will be testing various settings to accommodate client configuration, including vers=3.0). Also have you verified that AGENT is not installed -> asking because sometimes administrators consider AGENT to be not installed even in case it actually is, but it fails to connect to ERA.
  14. Problems for deploy Remote Agent Windows 10 x64

    The ra-agent-install.log file is not in the folder. The files that are created: - agent_x64.msi - sha1sum.exe - era.ca.der.b64 - era.peer.pfx.b64 Even after a reboot, it does not work.
  15. Could you please provide more details of how you performed installation? Did you use AGENT msi installer with install_config.ini configuration file (in ERA called GPO installer) or you used all-in-one EXE installer? Asking because we have seen similar problems in case second one was used.
  16. Could you please check for log file ra-agent-install.log which will be most probably located in the same directory as MSI package? In case there is MSI file, seems that installation at least started (does last modification date of MSI package corresponds to time of task execution?) but might have failed. Hopefully failure reason will be visible in mentioned log, it might be either wrong parameter or system may be in state when it is not able to install packages - for example in pending-reboot state, etc.
  17. SMTP test email fails to send

    Could you please provide version details as seen in about dialog? Especially version of console, ERA and version of installed components. When you hit "Send test email", popup asking for recipient address should popup .. this error is shown even before? Any chance you actually tried real use of SMTP configuration instead of test mechanism in server settings? There is a chance it will work as this seems to be problem with this testing functionality itself. For example sending generated report just for test?
  18. Through prior testing and network connection behavior observation using a network connection monitor such as TCPView, normal ekrn.exe behavior is to maintain two persistent internal UDP network connections. One which shows as a 0.0.0.0 connection is used for polling LiveGrid servers for connectivity status. The other is a localhost connection to 127.0.0.1. The inconsistency I am observing is for the localhost connection. Normal ekrn.exe behavior is to establish the localhost connection at boot time and the LiveGrid connection shortly thereafter. However, this is not always the case on my Eset installation. For example, today upon first cold boot, the localhost connection was never established. Upon a later system restart, it was. However for the prior two days at least, the localhost connection was established at cold boot time. Such is inconsistent ekrn.exe UDP connection behavior observed. As best as I can determine, this inconsistent behavior doesn't appear to affect base Eset proxy activities such as SSL protocol filtering. Not so sure as to LiveGrid download activities since from prior observation, ekrn.exe UDP proxying is used for DNS connectivity purposes. This inconsistent behavior appears to be more pronounced since upgrading to ver. 11.1.54 although I believe it did occasionally occur in prior Eset versions. Once possible source of conflict could be Win 10's IP Helper service which also establishes connectivity on 127.0.0.1 for UDP. The service is set to Automatic by default. Will experiment with setting the service to Manual to see if that helps. Wonder if Eset starting using a different UDP localhost address such as 127.0.0.2 as a possible mitigation?
  19. @pps Thank you for reporting. We will add this into the feature backlog. After brief check with developers, this should be possible.
  20. I will state this about this Eset IP address connection. For anyone using a router with a stateful firewall, this inbound traffic would have been automatically blocked by the router. Possibly why I have never seen it. If this inbound traffic bothers you, just create an Eset firewall rule to block any inbound TCP traffic with a remote IP address of 91.228.166.47. Move the rule to the top of the existing rule set and your issue is resolved.
  21. OK. I misunderstood what your concern was. The network alert you are receiving is one that is associated with an unstateful network connection; i.e. inbound connection associated with no preceding outbound connection. Verify that that the default Eset firewall for ekrn.exe is enabled and has not been modified; it should allow all inbound and outbound communication for ekrn.exe. This same issue has occurred previously: https://forum.eset.com/topic/7831-ess-log-shows-27-inbound-tcp-packet-blocks-from-ip-belonging-to-eset/so refer to this:
  22. On your first picture, you indicate that Anti-theft is greyed. Mine is not greyed, I had already entered my information and it had not associated. I unchecked it just now and then re-checked it and re-entered my info. It seems to be working now, thank you!
  23. Please refer to https://forum.eset.com/topic/12434-how-to-remove-mobile-not-manage/ and https://help.eset.com/era_admin/65/en-US/client_tasks_stop_managing_uninstall.html. You'll need to send a "Stop managing" task from ERA to remove the virtual agent from MDM. Just uninstalling Endpoint on Android is not enough.
  24. How to: Disable License warning Eset

    It appears you have already found an answer to your question so I assume no further response is needed.
  25. Blocked Website

    Okay that's already been done.
  26. Problems for deploy Remote Agent Windows 10 x64

    Hello, The problem is not resolved, the agent_x64.msi file is available in% windir% / temp but it does not install. I have the same problem as this post: https://forum.eset.com/topic/9492-console-says-agent-deployed-successfully-but-did-not-install/ However, I do not see any solutions
  27. I found a old post because I was looking for it myself. The message that my license has to be renewed is annoying, and I have a reminder in my smartphone so I can do it on 2-3 days before it truly ends. No answer was to be found, but want to share at least where I found the option. It's quite easy. Go to: - Settings - Advanced Settings - User Interface - By statusses click edit - General - Your license will expire soon
  28. Hi there, I am facing 2 problems with ESET Endpoint Security for Android as below: 1. As mentioned in the title, i have perform uninstall on the mobile device (deactivate, uninstall,..), follow the link: https://help.eset.com/eesa/2/en-US/?uninstallation.html and make sure that the mobile device uninstall successfully. But ERA Server still shows this device although removed many times! I don't know why and how to resolved about this? 2. After installed EESA on mobile, It shows as Status "OK" but under details old status is mark as RED and do not go away, also not up to date massage. As i know, "The hotfix has been released", but it seems it still does not work. Android version: 6.0 Eset Endpoint Security for Android version: 2.5.12.0 Please help to solve 2 problems!!! Thanks so much
  1. Load more activity