All Activity

This stream auto-updates   

  1. Today
  2. Outstanding! Thanks for the link itman
  3. I have a customer who used to frequent his site but now being blocked by ESET. is the URL. Appears its trying to download a trojan just from accessing the site. has the site as Clean for every AV program including ESET. Anyone else have explanation for this?
  4. Much better results. Kudos to Eset!
  5. Yesterday
  6. Are you running Emsisoft Internet Security or Antimalware? EIS and SS 10 is a non-no since they both contain firewalls. And there could also be problems with EAM and SS 10 because of possible conflicts with each realtime scanners and/or Eset's HIPS and EAM's behavior blocker. -EDIT- Also are you running any other security type software? Perhaps something that is performing web filtering? Even if installed in the past and then uninstalled, software remnants may exist. Also when you uninstalled Emsisoft did you run its cleaner to make sure all of it was uninstalled?
  7. I have been in contact with my ISP and they say there is nothing wrong with the DNS.But I will try them again. I have changed the DNS myself just to see if any different but just the same. So will install Emsisoft again and maybe remove eset again then reinstall it.' Just wondering if that could be the problem ,So far I have installed Eset 3 times doing factory resets and another couple of times trying to sort it out.. I have another computer no more than 6 inches away from me with Eset and Emsisoft running with no problems. If it was my ISP that had a DNS problem surely that computer would not work either. I understand that they are replacing Eset Smart Security could that be the problem or is that in the future.
  8. Did as you asked and deleted Emsisoft Rebooted with SSL turned off then switched it on again after reboot Still have the same problem. Secure Connection Failed An error occurred during a connection to SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. Now I do not get this problem when Eset Smart Security is uninstalled everything runs Ok
  9. If you do a Google search on this "Error code SSL-ERROR-BAD-MAC-ALERT," it is for the most part being generated by the targeted server during the SSL handshake process. Since you are receiving this error in all browsers, it leads me to believe that your ISP DNS servers are doing a bit more than just DNS address resolution. Appears to me that they are somehow detecting that Eset is proxying your SSL traffic. I would call your ISP provider and explain the situation. They might be able to shed some light on what is going on.
  10. Problem resolved ........ at least in regards to the Eset ELAM driver hash errors!!! After posting the previous reply, it caused me enough concern to get motivated. I uninstalled the previous .386 ver. that I had recently updated by means noted in this reply: . I then downloaded and installed the full off-line installer ver. 386. Subsequent boots no longer show eelam.sys hash errors in the event log. All drivers in the off-line installer ver. showed update dates of 12/9/2016. However, file details of the eelam.sys driver still showed ver., the same as what was previously installed, which is indeed a bit puzzling. Perhaps Eset forgot to update the revision number? I will check out the other concerns I posted in my previous reply when I get a chance.
  11. Hi, Please sign me up for beta testing. Best Regards David
  12. Thanks Marcos for the responses they use firewall in automatic mode? Do they have some custom firewall rules created? yes I will send the logs soon..
  13. I am also questioning is Eset's ELAM driver is working properly. For reference: . Of particular note is the following section: Malware Signatures The malware signature data is determined by the AM ISV, but should include, at a minimum, an approved list of driver hashes. The signature data is stored in the registry in a new “Early Launch Drivers” hive under HKLM that is loaded by Winload. Each AM driver has a unique key in which to store their signature binary large object (BLOB). The registry path and key has the format: HKLM\ELAM\\<VendorName>\ Within the key, the vendor is free to define and use any of the values. There are three defined binary blob values that are measured by Measured Boot, and the vendor may use each: •Measured •Policy •Config The ELAM hive is unloaded after its use by Early Launch Antimalware for performance. If a user mode service wants to update the signature data, it should mount the hive file from the file location \Windows\System32\config\ELAM. The storage and retrieval format of these data BLOBs is left up to the ISV, but the signature data must be signed so that the AM driver can verify the integrity of the data. This file, \Windows\System32\config\ELAM, has not been updated on my Win 10 home x64 system since I upgraded to ver. 1607 in early Oct., 2016. This indicates to me that Eset has not updated it with driver hashes to verify against? -EDIT- Also worth noting is: Defined Policy When the status of the drivers is returned (good, bad, unknown), system will decide whether load particular driver or not, based on the policy stored in: HKLM\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy If the policy is not configured or disabled the boot drivers determined to be Good, Unknown, or Bad but Critical are initialized and the drivers determined to be Bad are skipped. I checked that registry key and Eset has established no load policy. This means that all drivers except bad are being allowed to load. I realize that the HIPS also monitors driver loading but based on my observations, it allows all drivers to load.
  14. Do they use firewall in automatic mode? Do they have some custom firewall rules created? Please continue as follows: - in the advanced setup -> Tools -> Diagnostics enable advanced firewall logging - reproduce the issue - disable logging - collect logs with ELC (see my signature for a link to a KB with instructions) - drop me a pm with the output archive attached. As a quick solution they can use the firewall troubleshooting wizard to get a list of recently blocked communications which also allows for creation of the appropriate permitting rule with a few clicks.
  15. Hello. PROBLEM WITH ENDPOINT SECURITY 6.4 I have a client that have to disable the firewall so that users can join the domain. Any ideas? Best
  16. Hi, is device locked by antitheft functionality? regards, peter
  17. I'm sorry to hear Eset is unable to do a quick file analysis, even for a professionnal solution. Do you confirm I have no other option with any Eset product ? Thank you for your help.
  18. We don't have a scanner for quickly scanning uploaded files nor incoming emails on a server. Such use of the scanner would be also against EULA.
  19. I've tried with the lastest Eset file security and I have the same issue (with ecls.exe command line). So product version is not really the issue here. I need speed because the user is waiting a server response from the web interface when the file is uploaded. Uploaded files are stored on an UNC path and can include extensions like .zip. Therefore RealTimeProtection isn’t enough.
  20. OK, thanks. Please let me know how it goes and how do I proceed once they reply. If you / they any more info, please let me know.
  21. Last week
  22. No luck still cant use any browsers with SSL activated.Anyone else any ideas.
  23. Eset's ELAM driver is loading early as it should as shown by the below ntbtlog extract. So hash error is not affecting it, I believe. Note that this driver is used to verify other subsequent drivers as they load. Maybe I will try Process Monitor to see if it has any details if there are issues with Eset's ELAM driver. After all drivers load at boot time, the ELAM driver uninstalls itself. Microsoft (R) Windows (R) Version 10.0 (Build 14393) 1 18 2017 16:05:39.494 BOOTLOG_LOADED \SystemRoot\system32\ntoskrnl.exe BOOTLOG_LOADED \SystemRoot\system32\hal.dll BOOTLOG_LOADED \SystemRoot\system32\kd.dll BOOTLOG_LOADED \SystemRoot\system32\mcupdate_AuthenticAMD.dll BOOTLOG_LOADED \SystemRoot\System32\drivers\werkernel.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\CLFS.SYS BOOTLOG_LOADED \SystemRoot\System32\drivers\tm.sys BOOTLOG_LOADED \SystemRoot\system32\PSHED.dll BOOTLOG_LOADED \SystemRoot\system32\BOOTVID.dll BOOTLOG_LOADED \SystemRoot\System32\drivers\FLTMGR.SYS BOOTLOG_LOADED \SystemRoot\System32\drivers\msrpc.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\ksecdd.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\clipsp.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\cmimcext.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\ntosext.sys BOOTLOG_LOADED \SystemRoot\system32\CI.dll BOOTLOG_LOADED \SystemRoot\System32\drivers\cng.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\Wdf01000.sys BOOTLOG_LOADED \SystemRoot\system32\drivers\WDFLDR.SYS BOOTLOG_LOADED \SystemRoot\System32\Drivers\acpiex.sys BOOTLOG_LOADED \SystemRoot\System32\Drivers\WppRecorder.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\ACPI.sys BOOTLOG_LOADED \SystemRoot\System32\drivers\WMILIB.SYS BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\eelam.sys
  24. Epfwlwf.sys is the firewall driver used by v9. V10 doesn't use it on newer Windows. We don't need you to do anything as it will be Microsoft's turn after we report the problem (probable Windows bug) to them.
  25. Thanks for opening the ticket with Microsoft. Hopefully that'll lead to a resolution. Regarding the second half (quoted), not sure exactly what you need me to do. From my side, I've checked the Windows drivers folder; did not find epfwlwf.sys there. It has epfwwfp.sys and epfw.sys among other ESET drivers that do not start with "epfw". Nothing with that name found under Local Services either. Please advice. Just to be clear, I'm currently on ESS v10.0.369.0. The BSOD problem has started since v9 and continues in the latest version.
  26. In the "Known networks" setup, make sure there's only one network if several ones have been created due to a changing DNS server. Next, on the Network tab select "Home or office network". Then open the Network identification tab and make sure that network settings that change over time are not selected for identification of the network. In the case of OpenDNS, at least DNS server should not be selected.
  27. In v8 a scheduler task is created for the initial scan. However, instead of editing it I would personally rather run a smart scan which is just 1-3 clicks away. The initial scan is same as any other scans run manually.
  28. Hi Zardoc I think this is most likely caused by some third party startup manager. Do you have any kind of programs installed to with slow boot?
  1. Load more activity