Leaderboard


Popular Content

Showing content with the most kudos since 01/20/2017 in all areas

  1. 3 points
    itman

    Ransomware Simulators - A Detailed Analysis

    The topic of ransomware simulators keep popping up in the forums; most notably the RanSim product by https://www.knowbe4.com/ransomware-simulator . I would have thought by now Eset would have published an official response to like software. Since they haven't, I will. If Eset approves of my analysis, they can post this reply as a "sticky." Before I get into general commentary, lets take a detailed look at RanSim. All that I am posting here about RanSim is detailed in its documentation. Users are strongly encouraged to read a product's detail operational documentation before using it. RanSim creates folders in the user's Documents directory; one for each simulated ransomware attack it will perform. It then proceeds to create test files in each test directory that it will attempt to encrypt. It additionally creates an executable file in each test directory which is the simulated ransomware. Finally, the main RanSim process will initiate each test executable file in the test folder to begin the encryption processing against files contained in the test folder. RanSim determines a failure to be when any existing security software fails to detect the encryption activity by the test folder's executable against any test file in the given test folder. Before I get into a detail analysis RanSim's methodology, I will make one general statement. There is absolutely nothing malicious occurring in the above activity. Let's compare RanSim's methodology with how actual ransomware operates: 1. RanSim created its own test files in its own test folders. Ransomware encrypts existing files located in folders within the Users/XXXX/AppData//Documents directory. The permissions granted to these directories are given at the time the respective user profile is created. 2. RanSim created its own test executables and stored same in its test folders. Ransomware does not store its payload executable in the Users/XXXX/AppData//Documents directory folder. The privileges and/or escalation of same are not sufficient to satisfied the methods employed by today's advanced ransomware. Back to my general statement about there is absolutely nothing malicious occurring by RanSim activities: 1. It created its test files. 2. It created the test executable. 3. It ran the test executables to perform encryption against its own test files. None of the above is malicious activity since all activity originated from the same source process against targets it previously created. In reality, the same activity occurs by Window's system processes against registry and systems files that it encrypts for security purposes. Or more appropriately, Microsoft or third party encryption software such as BitLocker, LastPass, VeraCrypt, 7Zip, and AxCrypt to name a few. In summary, Eset was 100% correct in totally ignoring RanSim's activities. The main RanSim process is not known or identifiable malware. Neither are any of its test executables or the activities performed by same. Additionally, Eset by ignoring RanSim activities prevented the "mapping" of its internal security mechanisms used to prevent ransomware. It is naïve to assume that ransomware developers are not employing this tool and others like it to perform detailed analysis against existing security software. Bottom line - if you want to evaluate ransomware effectiveness, stick with the comparative reports done and published by security professionals trained in malware analysis that are employed by certified AV testing organizations. -EDIT- I forgot to post this. Here is a cross link to a posting I made on Wilders Security: https://www.wilderssecurity.com/threads/interesting-antiransomware-freeware.391031/page-8#post-2643771. It is an article excerpt from an author who has "hit the nail on its head" in regards as to what ransomware detection is all about. Also, about the current state of ransomware and what to expect in the future.
  2. 2 points
    planet

    Forum Feedback

    I'm happy to see that with the new Forum recently, these two things are now possible -- notifications for receiving kudos, as well as being able to provide a reason for editing posts. Thank you!
  3. 2 points
    Hello all, I was just informed that after several various attemps, our developers have finally managed to reproduce the issue on one specific hardware configuration, so we may start working on a fix. Our special thanks go to @plex for providing the detailed description and the reproduction steps! Thank you for your patience so far. Regards, T.
  4. 2 points
    SCR

    How to disable upgrade splash screen

    Eset has Internet Security for those that do not need the latest additions for whatever reason. Mine is that I already have those items covered with other licensed software. I prefer EIS over my two system licensed ESS which I renewed for two years last July. I could have used ESS if I wanted to on both machines but both are desk tops so anti theft was not really needed. My other system ran Eset v8 until the final EIS v10 was released. It's my wife's computer and she does not have any patience for learning the inner workings of the computer. The simpler the better as far as she is concerned. (Thank you Eset for Automatic Mode.) By the way she was not happy about the reminder either. As for me I like to tinker with the computer and have a curiosity about what's making it work, I use interactive mode . The point being I used v8 till it was my choice to update and to which version. It didn't cost me anything when I made the decision to do so. In fact from what I understand Eset has offered a rather favorable path to upgrade to ESSP. I also had the choice to use any mode I wanted learning, automatic, interactive or policy. As to clicking the button and send more money. I doubt seriously that it would cost you anything to update your licensed v8.x to a comparable v10.x. I like having choices and I believe Eset 's offerings provide those choices very well.
  5. 2 points
    Hi there New iOS app (64bit compliant), including push will be release at the end of March 2017. regards. v.
  6. 2 points
    itman

    Ransomware Simulators - A Detailed Analysis

    As a follow up to my original posting are the additional comments. There is a fundamental flaw in simulators such as RanSim. The flaw is that they are simulating post-ransomware infection behavior and totally ignoring the effectiveness of security solutions from preventing the ransomware payload from installing in the first place. I guess the argument made is they are simulating a 0-day ransomware. So lets examine that. Ransomware unlike other malware makes its presence immediately known. So the elapsed time to discovery and mitigation by positive signature detection is relatively a short period of time. The front-end steps performed by ransomware such as script delivery, exploit, drive-by download, etc. of the malware dropper; establishment of the C&C server connection; etc.. can all be detected by conventional AV security software. Additionally, current ransomware are delivering secondary malware payloads such as password stealers, etc.. totally unrelated to direct encryption activities. Security solutions that do well in these simulator tests employ behavior analysis to detect the execution of the crypto APIs used in encryption processing. They will generate an alert that such activity is occurring without regard as to whether the activity is malicious or benign. It is then left to the user to decide whether to allow or deny the suspect activity. Some of this software is capable of at least labeling the activity as "suspicious." Such action determination is acceptable for advanced PC users and individuals with PC security training/knowledge. However for the average PC user, such alerts will probably cause confusion with resulting wrong responses and potentially serious system malfunction or malware infection. -EDIT- It should also be noted that many behavior based ransomware solutions will always alert regardless of whether the ransomware is known or unknown. In a study done last year by the Polish based AVLab: https://avlab.pl/sites/default/files/68files/ENG_2016_ransomware.pdf known samples were used: For testing, we used 28 malicious software files of crypto ransomware. Among others there were: Cerber, CryptXXX, DetoxCrypto, Hitler Ransomware, HolyCrypt, Locky, Numecod, Petya, Jigsaw, Vipasana, Stampado and many others. The study included the total amount of 28 samples collected in a collaboration with independent researchers. One of the products tested was VoodooShield Pro which is 100% behavior based and employs no signature analysis. For every ransomware sample tested, an alert was generated.
  7. 2 points
    Hello, there was indeed a FP, which has been already removed from the blacklist. Installations with LiveGrid enabled should be able to access those sites already. WE are sorry for the inconvenience. Regards, P.R.
  8. 2 points
    I will also state that a standard operating procedure most ISP tech support depts. use when a customer is having DNS issues is to perform the following: Now Run below command one by one [from command prompt window w/admin privileges]: ipconfig /release ipconfig /all ipconfig /flushdns ipconfig /renew netsh int ip set dns netsh winsock reset (Watch Video Tutorial of This Solution) Now Restart your PC. That’s it, now check your Internet connection is working or not. If not working, then try solution 3. back to list More Chrome specific solutions for this problem from the article the above was extracted from are here: https://www.wiknix.com/how-to-fix-dns_probe_finished_nxdomain-in-chrome/
  9. 2 points
    Just download hxxp://www.eset.co.uk/Download/ThankYou/ESSH_64bit_10 Install and enter licence key
  10. 2 points
    itman

    AV-Test - Nov.-Dec. 2016

    Much better results. Kudos to Eset! https://www.av-test.org/en/antivirus/home-windows/windows-8/december-2016/eset-internet-security-10.0-164890/
  11. 1 point
    itman

    Future changes to ESET Smart Security

    You don't. You can get a new license directly from Eset or any one of its authorized distributors.
  12. 1 point
    Gonzalo Alvarez

    Nod32 10.0.390.0 Only?

    The answer is "no", you have all. The splash screen on the beginning shouldn't happening, perhaps you found a bug. ::Firewall:: The firewall in "interactive" mode should have the same behavior as others mode, you can always create a rule for the program manually and see if change something.
  13. 1 point
    itman

    Nod32 10.0.390.0 Only?

    I used to run the Eset firewall in Interactive mode but eventually abandoned that mode after upgrading to Win 10. There is just too much internal outbound traffic from Win 10 without "borking" something necessary with an outbound firewall rule. If Win 10's telemetry is a concern, most of that can be disabled either directly or by using a third party product such as OOSU10.
  14. 1 point
    Hello, this can work for you : set Reports : Computers : Rogue Computers : with Daily Schedule and Delivery set to Email and un-check the Send Email If Report Is Empty checkbox. -> This will generate the report every day and deliver to your specified email address when a new computer will appear in Rogue Detection Senzor Report.
  15. 1 point
    For the future we plan to merge those functionalities into one, at least from the logging perspective. As of now content of "filtered websites" is not collected to ERA V6. We plan to change this behavior by Q4/2017 in ERA 7.
  16. 1 point
    Marcos

    Fasle Positive W32/Kryptik.BIV trojan

    This is a very old Kryptik detection triggered on an incomplete Nvidia file. Ie. the file cannot be executed and is corrupted. We'll see what we can do about it. You can temporarily exclude C:\ProgramData\NVIDIA Corporation\Downloader from scanning.
  17. 1 point
    m4v3r1ck

    Forum Feedback

  18. 1 point
    planet

    Running Processes Not Showing All Info

    I'm a little bit late to reply, but Running Processes is currently working now for me so hopefully they are working again for you TomSwitz and m4v3r1ck (tested with version 6.4.128.0 and macOS 10.12.4 Beta). What occurred at the time may be similar to my earlier experience mentioned in this topic; a recent module/program update or server issue that temporarily interrupted seeing the information.
  19. 1 point
    Marcos

    How to disable upgrade splash screen

    Upgrades to newer versions are free so your assumption is not correct. ESET does not earn any extra money by releasing newer versions. Also the very basic product ESET NOD32 Antivirus does not have any new extra features added, ie. it does not contain Anti-Theft, Webcam protection, Password manager, etc. so the other argument about getting more bloated is not correct either. And protection features like Ransomware protection, Advanced Memory Scanner, Exploit Blocker, Script scanner, etc. are in no way redundant as they significantly improve protection and are of real benefit for every user.
  20. 1 point
    I don't think that it is a legit wpad proxy configuration file. Also Locky has been detected on that IP address and the reason for blocking it was Sundown exploit. Check the automatic proxy server configuration in the IE setup and make sure the path to the config. file is not set to the above mentioned url.
  21. 1 point
    Hello guys, great, thank you for the confirmation. The HIPS support module 1265 has been released for v.10 release update channel. Regards, P.R.
  22. 1 point
    TomFace

    For anyone that knew siljailine

    I am very sad to hear that Joe. My thoughts and prayers go out to those he left behind, including you Joe. RIP siljailine...Godspeed
  23. 1 point
    Marcos

    Getting ransomware protection on NOD32 v.8

    Yes, it should work. However, since the rules block also legitimate operations, you may encounter issues when attempting to run legitimate scripts for instance. I'd strongly recommend upgrading to v10 which includes ransomware protection for monitoring process behavior and detect potential ransomware.
  24. 1 point
    MichalJ

    About EVS for NSX

    Hello, the ESET Virtualization Security for VMware NSX will be released together with ERA 6.5 on February 28, 2017 (that is the preliminary confirmed date for the release).
  25. 1 point
    bbahes

    Automatic update ESET component

    It does. However, the program itself does not update automatically. It's not possible to test upgrade on millions of different system configurations and because of tight integration with the operating system, sometimes issues may occur. It's similar to installing a service pack for the OS for instance. No problems should occur but since there are millions of various system configurations, on some it may not be as seamless as it should.
  26. 1 point
    Their support was kind enough to help identify the cause of this issue. It turned out that nginx resolved "localhost" as both ipv4 and ipv6, thus was sending requests using both of these IPs, which was blocked by ERA. Solution is to use "127.0.0.1" instead. Posting just in case anyone has the same issue.
  27. 1 point
    Those files in the RSA folder are not related to ransomware but mainly to SSL/TLS secure communication. It's ok that you're getting those errors as the system prevents ESET as well as other applications from accessing them.
  28. 1 point
    Hello, I don't have an AMD system from me, but if it's anything like the laptop I'm on right now, try the following: Run Device Manager (filename: DEVMMGT.MSC). Double-click on Sound, video and game controllers entry to expand it. Right-click on the entry for AMD High Definition Audio Device and select Update driver software… from the context menu which pops up. Doing so should install the latest AMD HD Audio driver from the Windows Update Catalog onto your computer. If there's no entry for the AMD HD Audio device in the Sound, video and game controllers section, try checking the Audio inputs and outputs section, or any other multimedia-related section in the Device Manager. Regards, Aryeh Goretsky
  29. 1 point
    Yes, uninstalling via the Control Panel or Start menu should be enough. Even installation over v9 is supported but I wouldn't recommend it as ESET Internet Security would install in the ESET Smart Security folder. If you plan to use Anti-Theft, you can download and install ESET Smart Security v10. If not, ESET Internet Security will be ok for you.
  30. 1 point
    Marcos

    Automatic update ESET component

    Yeah, upgrade using a dynamic group is much easier than fiddling around nup files and update.ver that were downloadable from a KB for Endpoint v5. The good news is that ERA v7 will include a mechanism for upgrading to the latest version with ease.
  31. 1 point
    EricTallan

    Download older version

    Thank you. I actually found the old version on an old backup tape and got iot done that way, but will keep the link to the uninstaller for any future needs.
  32. 1 point
    vukiczlatan

    Not authorised user

    Hallo to everyone, Unfortunately I didn`t solve it like You have suggested me!!! It simply didn`t work. I wasn`t abel to create any other user allthough my wiifes account was Admin! At the end I reinstalled Win and got rid of it. Thanks anyway for trying to help me!!!
  33. 1 point
    I've had and used EEK on my PC for years and I also use ESS (now V10). AS EEK is an occasional on-demand scanner I have not built in any exceptions on either program and have not had any issues. Of course I never run simultaneous scans (that would be asking for trouble in my opinion). ******************************************************************************************************* EDIT 1/31/17 1:10AM Another good 2nd opinion scanner is HitmanPro. But that you have to buy ($24.95/year). Again being an on demand scanner, I have no exceptions there either (you can set up a scheduled scan with it).
  34. 1 point
    @Gonzalo Alvarez, Thx anyway, awaiting other opinions.
  35. 1 point
    @Gonzalo Alvarez Thx for your reply. As you can see from this pic below: Btw, I noticed usually EIS will remove 'interactive group' from Chrome and created a new Chrome desktop shortcut without the 'interactive group'. I assume this is for the security reason. But if you know more info regarding this behavior, please explain to me, thanks a lot! Also, I think that`s probably why Chrome 56 lost its icon, not sure about this.
  36. 1 point
    The Scorpion

    Fails Leak test

    Maybe I'm not fully understanding how a 'leak test' operates! I thought a leak test simulated the behaviour of a trojan or suchlike that attempts to access the internet. That being so (if that's correct!) then I thought a firewall would automatically block it or automatically give a warning as you would not necessarily know beforehand that you had a 'nasty' on your pc. So maybe that's not the case then and you can't leave the Eset firewall setting on 'Automatic' but have to set Eset settings to 'Interactive' and then give permission or not to everything that pops up. So the 'Automatic' option should be ignored?
  37. 1 point
    SCR

    Allow Free YouTube To MP3 Converter, but how?

    I'm one of those that if Eset says no I don't go type, just makes life easier. If Eset says there's a problem I look for alternative ways to accomplish the task. In this case a Google search brought many results for a "YouTube to MP3 conversion" without the need to download software. I went to about five of them and Eset remained happy. However, this may not be satisfactory to you.
  38. 1 point
    vukiczlatan

    Not authorised user

    Seems as far I can tell, you don't give the new user Administrator rights. Why not? It was my wife!!! Also, always is good to mention some data about it when you request assistance. ...let me see?!? laptop or desktop? It is Laptop, but what difference does it make? User issue is the same on bought of them, isn`t it? some hardware info... I don`t see a reason for any of that! As I said I just need help abut USER which operating system is and version? Win 10 Home! Which product of ESET is and version? Eset Smart Security 9 what problems before you have leads you to make a new user? Laptop exchange, she took mein and I took hers, but I thought it would be better to create a new user but to reinstall the Laptop. I saved all me Data but it was used for a long time and needed to be renewed... "Help us to help you" - quote from Support team I believe I have helped You, or???
  39. 1 point
    Hi, Can someone from ESET kindly comment on when can we expect a brand new v7.0 (with new features similar to Smart Security) and not just another 6.x upgrade with minor bug fixes? Cyber Security from ESET is really lagging behind right now compared to not only other AV suites but also its own Smart Security suite. Thanks.
  40. 1 point
    Hi Peter, I would like to sign up for the beta. I got to see it for the first time at the North American Partner Conference last week and really liked the new features. Thanks, Nathan
  41. 1 point
    I just started seeing this on quite a few pages, many being rather big sites like GreenManGaming.com, HumbleBundle.com, and Asus.com. It seems to be happening on a lot of sites with Facebook follow/like links on them. The Eset alerts actually stopped when I enabled the "Anti-Thirdparty social" filter list in uBlock Origin adblocker, which also points to the social links on these sites being the source of the detected malware. Looking up a couple of the IP addresses listed in the Eset log shows that they are indeed owned by Facebook. If anything is compromised, it seems that it's likely Facebook itself. I'd definitely like to know if that's the case, or if it's just a false positive.
  42. 1 point
    Please elaborate more on the issue you are having. Are you unable to open any website? Or only https websites? If the latter, are you getting some kind of error message in the browser? Is the problem occurring only with a specific browser or with any?
  43. 1 point
    TomFace

    Korplug.HT

    ELC = ESET LOG COLLECTOR http://support.eset.com/kb3466/ KB = (ESET) Knowledgebase http://support.eset.com/?page=home&locale=en_US&option=none PM = Personal Message (To send one, hover over the person's name you want to message and click message when to box appears.
  44. 1 point
    TomFace

    Forum Feedback

    As far as I can tell this may be the only indicator.
  45. 1 point
    Gonzalo Alvarez

    Not authorised user

    Hi, Seems as far I can tell, you don't give the new user Administrator rights. Also, always is good to mention some data about it when you request assistance. laptop or desktop? some hardware info... which operating system is and version? Which product of ESET is and version? what problems before you have leads you to make a new user? "Help us to help you" - quote from Support team
  46. 1 point
    Marcos

    Korplug.HT

    Please drop me a pm with the output from ELC attached. See my signature for a link to a KB with instructions.
  47. 1 point
    itman

    Just ran RanSim = Detection failed

    I have following with puzzled amusement the discussion of this simulator on both wilders.com and malwaretips.com by otherwise knowledgeable individuals on the results of this simulator. What this product and others like it test for is how well your security solution protects you after you have been infected by ransomware. The point that is missed in these discussions is that the primary purpose of using a security solution is to prevent the malware or in this case the ransomware from installing itself in the first place. Or to quote an old truism, " An ounce of prevention is worth a pound of cure."
  48. 1 point
    Marcos

    How to disable upgrade splash screen

    V9 doesn't warn you if unimportant settings are disabled. Disabling web protection has similar effect to disabling real-time protection as it provides a crucial protection layer that can stop malware which would not be stopped at other protection layers.
  49. 1 point
    We have seen similar errors and behavior in case wrong system runtime libraries were loaded. Please copy files msvcr100.dll and msvcp100.dll directly to C:\Program Files\ESET\RemoteAdministrator\Agent\ so that we can be sure correct system libraries are being used. Previously mentioned dlls should be available in somewhere between system files - most probably in C:\Windows\system32. Make sure you copy files for correct platform and also system files, not files distributed by third-party software, as that may be cause of this problems.
  50. 1 point
    If you are running the latest version of Cyber Security Pro (6.0.14.0), the uninstaller has been relocated to the 'Helpers' folder instead of the Resources folder mentioned above. Alternatively, if you still have the downloaded dmg file you installed Cyber Security Pro with, you can open it and launch the uninstaller from there.