Leaderboard

This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected. Having said that, we'll draw this topic to a close.

the world is rocked by the horrifying news of how despotic authoritarian governments and their agencies have used the spyware pegasus made by NSO from israel to intrude the phones & privacy of journalists/opposition leaders/judges/activists etc. from all accounts, it is now becoming clear that the two primary operating systems on phones, android & ios by google & apple have intentional backdoors disguised as security bugs to allow the security agencies to snoop into any smart phone worldwide. my question is, as a responsible antivirus vendor, will eset ever be able to protect the users from such illegal intrusions ? is it ever possible, considering that the OS itself has been laid bare to such intrusions by incorporating "security bugs". phones, especially the smart phones are are no longer secure, but the stunning silence of all AV vendors is even more cause for concern.

I will also add that this posting is out of scope for this forum. This forum is about Eset product questions and issues.

Gotta love the Good Deeds Service touch lol.

The free version of ZoneAlarm definitely has been using the Kaspersky engine for a while: https://www.pcmag.com/reviews/check-point-zonealarm-free-antivirus-plus . The paid consumer and enterprise versions use more Kaspersky components: http://svendsen.me/worried-checkpoints-use-kaspersky-products-heres-disable-remove/

If the Eset update hang issue was related to this, it would have not resolved itself after a system reboot as I see it.

What I find funny is the people behind pegasus keep saying this person and this person etc. weren't being tracked by the software and the next thing they say they don't have access to customer data so can't see who/what their customers are spying on, which contradicts the previous statements

It would not let me use my protonmail address. @pm.me The email: I had a home license I think, but it's now a business license. I upgraded because, why not? If that is what it's going to be, then fine. But there are no options, you cannot even manually scan. I have a brand new machine 5800x 32gb ram and nvme drive. It's very fast. Until today lol. It takes like 30 seconds to open terminal. Neofetch took almost a minute to grab info vs about a second before. I use PopOS 21.04. I will DM you the license.

Basically potentially unwanted applications are never false positivies since they exactly detect applications that had been carefully already analyzed by ESET and it turned out they met criteria for PUA detection.

1. Suggestions should be posted in the appropriate topic in the appropriate roduct subforums. 2. Most of the things you've mentioned is already there. 3. Suggestions must not be general like I want a better firewall, better antiphishing etc. but should be focused on a particular feature with as many details as possible provided.

Hello @Marcos and Team, I will want to know how to configure the Micro Program Component Update (MicroPCU) in an environment which is completely closed to the internet with 2 update servers acting as ESET Update Servers On-Prem for load balancing and Bandwidth saving purposes. 1. Do I have to use the {hxxp://IP_Address:2221} method in the Component Update Section 2. Do I have to use the auto-select feature in achieving the required outcome. Note: the environment is completely closed to the internet.

I assume you are attempting to create an All-in-One installer. Note that this works only for Windows : Please refer to https://support.eset.com/en/kb7750 for instructions how to deploy ESET on Mac OS.

A month (if not more) has passed since the release date of ESET Endpoint Security 8.1.2031.0 and it is still not clear how the MicroPCU update mechanism works and whether it works at all.

Ahh.......... Appears you are privy to what those ESS new protection features are. Please clue us in as to what these features are.

I will also add that running an Eset engine update which is over a 100 MB download at system boot time is not desirable activity at system boot time. This may very well be the source of this sporadic Eset update behavior issue. An engine update should be delayed to after Windows has fully initialized itself.

This seems to be an common misunderstanding and we should probably improve communication to users so that it is clear. In case of components upgrade task, you are actually selecting version of ESET PROTECT Server component, that you can actually upgrade to. In other words, in case your infrastructure is based on ESET PROTECT Server for Windows, you will be offered only the same or later version for the same platform. This version is later used for selection of compatible AGENT installers. So for example, as you have selected version 8.1.1223.0 as compatibility version, when this task is executed on macOS device, ESET repository is searched for latest AGENT version for macOS, that is compatible with ESET PROTECT 8.1.1223.0. which is currently version 8.1.3215.0. So the most confusing part is that you are actually not selecting version of AGENT to be installed, but just reference version used for compatibility.

Dobry den, ano, je to v poriadku. Dakujeme za pomoc

Just to note , Checkpoint uses Kaspersky engine hence why they both detect it.

Scary stuff Revealed: leak uncovers global abuse of cyber-surveillance weapon | Surveillance | The Guardian

I will also note that it is common for an app to create a folder in C:\Users\xxxx\AppData\Roaming; e.g. C:\Users\xxxxx\AppData\Roaming\WS\. What is not normal is for an app to drop an executable in this folder. -EDIT- Finally is creation of the above folder plus creation and use of ws.exe within indicative of malware activity? Appears not according to this write up: https://www.freefixer.com/library/file/ws.exe-306704/ . Ws.exe is one of a number of aliases seen for wscript.exe. Clever attack I must admit.

Since this is password cracking software, I found a good article covering subjects such as if its legal to sell and use such software: https://blog.elcomsoft.com/2020/10/everything-you-wanted-to-ask-about-cracking-passwords/ . Of note: Next an excerpt from Password Revelator web site: I do hope that regardless of the Eset classification of access to this web site, it will flag any download from it as a PUA.

I went through all the troubleshooting listed here: https://support.hotspotshield.com/hc/en-us/articles/115005293466-Why-can-t-I-connect-to-Hotspot-Shield-VPN-on-Windows- . It does install a TAP network adapter and Eset should be picking up that network adapter . You might want to perform Step 9). in the above linked article and see if Eset alerts on a new network connection afterwards and the alert is for the HotspotShield adapter. If the above doesn't resolve the VPN issue, you might want to open an Eset support ticket with whatever source you purchased Eset from. Of note is Eset is not sold or officially supported in Iran. It may very well be that HotspotShield VPN is incompatiable with Eset.

Just to add my two penceworth We pushed out the 8.1 update to 250+ computers across 13 different customers Prior to this we had had no reported incidents Post update we have customers reporting ESET pop-ups across all sites The firewall rules on all sites have no restriction on outbound traffic so it is 100% not the firewall producing the issue I would like to suggest ESET support stop trying to blame the issue on end users and take a look at the overall picture! We have been using ESET for nearly a decade and have been incredibly pleased with it But this issue is affecting EVERYBODY and is causing serious customer unease -nobody likes getting a frequent pop up telling them their system protection has an issue

Hi, we're receiving this warning notification intermittently too. 52 endpoints at one site updated to 8.1.2031.0. I've had at least 5 users reach out to me regarding it, probably more that haven't. These endpoints have unrestricted access to the internet. We didn't receive this warning at all prior to the update. Thanks,

Hello @j-gray, I will try to help. Our EDR works in a way, that it requires a separate server with a separate console, however the "EDR console" is inteded only for incident investigation. Management / deployment / activation still happens in ESET PROTECT. So given the fact that you have already deployed ESET PROTECT environment, those are the steps needed: Install ESET Enterprise Inspector on a dedicated machine. You will have to connect it to your ESET PROTECT, as it uses single sign on between those two, and ESET PROTECT is the one that is also managing user access rights. On this machine, also install ESET PROTECT Agent (you will need it, for future updates). EEI server needs to be installed manually, you can´t do it from EP Server (not the first time). Once your EEI Server is installed and running, you can proceed with installation of a component called "EEI Agent". Even though it is named "agent" it is a very small binary, that just sends the detection metadata gathered by our Endpoints (Endpoint is the "AGENT" per se) to the EEI Server, where the detection logic resides. You will have to specify the EEI server connection details into the policy for EEI agent, that you can assign to group all (they will connect). Also, you will have to activate EEI Agent (If you have the latest version of ESET PROTECT, there is a context menu option called "deploy EEI Agent", that will do the trick for you). Once you have your environment setup, EEI detections will appear also in ESET PROTECT. From there, you can easily navigate to details of each detection. You can also access the EEI UI directly, if you are interested in just the EDR functionality. Hope that this helps. Michal

Yes indeed it does:

passwordrevelator.net - SiteCheck (sucuri.net) Shows infected here as well.

Yes but only existing holders of a NOD32 AV for Linux desktop will be eligible to get it. That said, it won't be possible to use an EAV/EIS/ESSP for Windows license for activation.

You can upload your version to virustotal for more checking by AV engines to be more sure It seems that this WaasMedic is related to Windows Update.

Updated last night to KB5004237. So far the system appears stable. At least the MTBF is > 12 hours. So, whatever the changes are they appear to have largely resolved the rapid bug check issues. If the problems re-occurs I'll re-post, but for now, thankfully, I'll retire into the background.

Have no clue what could have caused WaasMedic_Agent.exe to appear on your desktop. However, there have been recent postings in regards to Eset firewall not working properly in Interactive mode. I assume you were in Interactive mode when the Eset firewall alert appeared? I would just delete the desktop entry and post back if this activity occurs for another process you create an Eset firewall rule while in Interactive mode.

Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.

If you don't use a VPN then I don't know, it shouldn't work.

You are correct that ACT.33 means a regional restriction. The license was purchased in India. Please contact the seller and ask for a refund. You can purchase a license from authorized ESET partners via www.eset.com.

Just a FYI here. The July cumulative updates are rolling out and a number of Win drivers were updated. The one that caught my eye was usbprint.sys which is the USB printer driver. So it is possible this Eset BSOD issue might be resolved after applying this update.

Component-based remote installation via Apple Remote Desktop is described here: https://help.eset.com/ees_mac/6.10/en-US/remote_installation_package.html 1, Create an installation package using the Remote installation mode in which you can select the components to install. 2.Copy the following files using Copy filer or folder in Apple Remote Desktop to the /tmp folder on the target computer: If you are installing all components, copy: - esets_setup.dat If you are not installing all product components, copy: - esets_setup.dat - product_components.dat

We have released new Mirror tool, so you can use that. Thanks for good input. We know this tool is not really usable and our team deside to make it better. We have plan add more filtering options and optimizing storing mechanism, so tool woudt be more usable that is now.

Please check your personal messages for your U/P.

On a Mac/Big Sur ( using Eset C/S Pro ) An issue with WEB/MAIL not activating I found that ESET Network Protection Proxy , required me to tick the connect on demand box 'every time' the computer was started. ( its found in the apple icon "system preferences/network" ) I was running Surfshark VPN on WireGuard so I changed the Surfshark setting back to Automatic IKEv2 , this solved the problem of the WEB/EMAIL protection failing to start after a reboot. (I no longer need to tick the sys pref/network) I tried it again with WireGuard on and the issue returned so theres definitely a conflict between the VPN and ESET there may be other conflicts however this fixed my issue.

Microsoft is currently rolling out KB5004945 to fix these vulnerabilities via Win Updates . Patch your devices pronto!

Looks like a known issue that will be fixed in the next service build of ESET PROTECT. P_EP-24873

We're going to release a new version of ESET Endpoint Antivirus for Linux v8.1.3.0 soon. Among other new features and improvements, such as added EDTD support, it will also bring SecureBoot support. Stay tuned : )

Hi @Peter Randziak I have sendt you a private message with the log files. It from a different server, but the issue is the same. I have not included the install logfiles, as i dont know how to collect them? (ie not being an MSI file). I have included the installer though.

This is an ESET support forum, not a ClamWin one. If you want WinRAR to run ESET to scan archives for viruses, use the command-line scanner ecls as per https://support.eset.com/en/kb3417.

1, Temporarily disable account synchronization in Chrome 2, Check the notifications in the Chrome setup and disable notifications from websites that you are not familiar with.

Please just try for a second and understand the problem we are having with Eset on Big Sur since November 2020. When installing it prompts the user to approve a network proxy. If they approve, and web and email protection is turned off: We loose network connectivity. If they approve and web and email is on: Our VPN etc breaks. If they don't approve they get a warning that their machine is not protected. But at least things keep working. There is a button to enable or disable web and email protection and it doesn't work. Wether that is a risk to take or not is not the point. Your answer is not very helpful when you are arguing against what your customer wants to do. Also, keep in mind that this is on a platform where most people do not run an antivirus at all. We are looking at this from completely different sides. And a lot of my peers are looking for other AV products.

Searching for "/arroz/arroz.php?id=" in all html/js files on the website should help you locate the malicious JS.

My guess is that this is just included in case the user requires remote help, and it is just there to cover themselves i.e. it's made quicker by the fact the user has to already agree to it. I think they would still need to send the download, but it gets the legal stuff out the way ready. I could be wrong but I think this is probably most likely

After downloading the uPCU update, the product will turn yellow, informing the user about the recommendation to reboot the machine. The notification can be disabled for users in the Application statuses setup where you can choose only to report it to the EP console:

1, Exclusions via the Detection panel in the ESET PROTECT console should work both for Windows and Mac. 2, You would have to create an "ask" rule for the inbound communication but it's probably not desired that the user would be able to block the connection.