Popular Content

Showing content with the most kudos since 12/24/2017 in all areas

  1. 3 likes
    As we probably all agree, there's no security software in the world with 100% malware detection despite having Antivirus and antimalware protection modules. It's similar with ransomware shields - there's not a single security product that could prevent malicious data encryption without blocking also benign applications. In this case, the tester bypassed an important protection layer - web access protection which would have likely prevented the malware even from being downloaded. Another protection that was bypassed by copying files with real-time protection disabled is scanning of newly created files by real-time protection which is done with advanced heuristics when also sfx archives are scanned internally (which was also this case - an NSIS installer). ESET provides complete protection utilizing various protection layers and modules which interact with each other. Disabling a particular protection module (e.g. real-time protection) may substantially affect other modules (e.g. HIPS/AMS/Ransomware shield, etc.). All protection modules must be enabled and working in order for a product to provide maximum protection.
  2. 3 likes
    Hello, I am building a master list of hardware, software and networking companies affected by Meltdown and Spectre in the We Live Security blog post mentioned, above. Here is a link a direct link to the table: https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/#vendors Currently there are 62 150 vendors listed at the time of this posting editing. There's a revision history at the bottom of the blog post with each day's additions. Regards, Aryeh Goretsky
  3. 3 likes
    I'd recommend you try each AV with 100% detection in tests and let us know after a few months about your experience. As itman said, personal experience is invaluable. Also I fully support the idea that everyone should use what fits him or her best. So we kindly ask you to stop complaining about tiny differences in detection rate and use whatever security solution you like most and fits you best.
  4. 3 likes
    Just noticed Aryeh from ESET posted this from his Twitter account. Interesting read. Enjoy! https://cdn1-prodint.esetstatic.com/ESET/US/docs/about/ESET-Technology-Whitepaper.pdf
  5. 3 likes
    Yes, we have seen that somebody coded a keylogger and complains that it is not detected. If security software was to detect any future malware without updates, then why every AV would need to get updated on a regular basis to provide maximum protection? We kindly ask you to stop this as your behavior will be considered trolling and appropriate measures will be taken. You have a free choice in selecting the security solution that fits you best and that you are satisfied with.
  6. 2 likes
    Marcos you are a great support person. You have helped myself and so many others. I just wish you could look at this from an Enterprise level. Yes the sending a new package to an office is a simple matter which takes only a couple of minutes. Now think bigger. Each new package needs to be tested for at least a week on a few PCs here in IT. Then contact an office manager and convince everyone bring in any laptops that they use at home. Leave leave those laptops and desktops powered on and logged off with all applications closed and saved. Install & reboot overnight. Deal with the users who did not listen and would like you fired because they did not save some Excel sheet. If there are no issues and no major problems reported here; repeat the process 41 more times. After loosing access to the version that I have been working with twice now; I have little faith in v.6.6.2072. This is certainly not meant as an insult to you. I just wish ESET could realize the time that goes into deploying these packages at an Enterprise level. I do not know many Network Engineers who push out untested upgrades to the entire network. This goes for Windows, ESET, Deslock etc. Removing these packages is an admission that they should not have been released in the first place. Trust in a security provider is not something to be taken lightly these days but I am beginning to wonder if our trust was misplaced.
  7. 2 likes
    What false positives do you mean? ESET is known for extremely low number of false positives so you virtually should never make any exclusions. Even then, excluding a file or folder is pretty straightforward - Advanced setup -> Antivirus -> Exclusions (Edit). Anyways, let's not mix different things here. You started with ransomware so if you want to discuss exclusions or false positives, let's create a new topic.
  8. 2 likes
    Great You have just proved that no AV can detect 100% of threats but this has been well known for ages. However, this testing scenario bypasses one important protection layer - Web access protection which can: - block addresses or domains that are known to host malware - scan files with higher sensitivity utilizing more paranoid detections - scan files completely (in case of archives / sfx archives and files packed with a runtime packer or protector). Also disabling real-time protection before copying samples bypasses more thorough scanning by real-time protection: - newly created files are scanned utilizing advanced heuristics - newly created files are scanned more deeply in cases of NSIS or other SFX archives like in this case. Having said that, it's likely that in real-world scenario the user would not have gotten infected as the malware could be stopped by web access or real-time protection when the file was being created.
  9. 2 likes
    Hello, ESET released Antivirus and Antispyware module update 1533.3 yesterday (January 3, 2017, 22:45 [GMT-8]) to all customers to ensure compatibility with Microsoft's updates to the Windows operating systems. ESET is working alongside hardware and software vendors to mitigate the vulnerabilities posed by the Meltdown (CVE-2017-5753 and CVE-2017-5715) and Spectre (CVE-2017-5754) vulnerabilities. For additional information see: ESET Customer Advisory 2018-001: Spectre and Meltdown Vulnerabilities Discovered ESET Newsroom: Meltdown & Spectre: How to protect yourself from these CPU security flaws ESET Support Alert 6644: ESET can stop malware that in the future may use Spectre and Meltdown vulnerabilities ESET's We Live Security blog: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know Please periodically check these articles as well as the ESET Security Forum for the additional information as it becomes available. Regards, Aryeh Goretsky
  10. 2 likes
    We've eventually pinpointed the issue. It will be addressed by the firewall module which will be put on pre-release update servers next week.
  11. 2 likes
    I'd like to wish all the forum users, visitors and (of course) all the ESET staff a health, happy, prosperous and malware free New Year! May 2018 be better (for everyone) than 2017.
  12. 2 likes
    As Itman said, personal experience is invaluable. If users were not satisfied with ESET's protection capabilities or performance, ESET's products wouldn't be that popular in many countries, including Japan which you will likely agree is very sensitive to quality and efficiency of any goods. Also if ESET was not good enough, it wouldn't have ranked among two best AV desktop solutions and in top 4 in the mobile segment in probably all annual AV-Comparatives surveys where it's users who cast their votes based on their personal experience with various security products. To sum it up: 1, There's nothing like 100% detection of malware. Tests are always performed on a very limited test set. 2, Without knowing the methodology and its relevance to real-wide use it's necessary to take the results with a pinch or better with a lump of salt. 3, AV solutions may behave differently in different conditions, scenarios and systems. What works for one just fine may not work well for another users. 4, Should you encounter a technical issue, a problem with performance, etc. on a particular system, ESET's customer care and we, moderators of the forum, are here to assist you with pinpointing and resolving it. 5, We are open to constructive criticism. We listen to our customers and improve our products also based on your feedback.
  13. 2 likes
    In regards to @TomFace posting about forum rules: I believe this rule pretty much covers these never ending Eset vs. MSE/WD AV Lab test results postings. If one wants to complain about Eset's ranking in a lab test - fine. Leave other products tested in the comparative out of the discussion.
  14. 2 likes
    I am using a trial version of ESET Smart Security on Win7. Testing it. I've made a simple keylogger program using SetWindowsHookEx functionality. I am amused that Smart Security didn't block it. I've set HIPS mode to interactive. It is throwing huge number of errors and warning about signed system programs and didn't even bother to prevent my small unsigned unknown program from installing the keyboard hook. What am I doing wrong? How to set it up to block keyloggers?
  15. 2 likes
    I want it to work systemwide. There should be no keylogging allowed not only in the browser but also on system login, email clients etc. Ok. I am trying to reproduce your recommendation and there is no "target app" option. If I select File Operation it asks me to select target files. How is Install global hook rule fell into the File operations category?
  16. 2 likes
    It didn't ask me if I allow it to set up hook or not. It didn't ask me a single question about this program. Isn't HIPS suppose to block system wide keyboard hooks and wasn't designed to prevent unknown keyloggers from logging key presses?
  17. 1 like
    Unfortunately, you didn't mention what operating system you use. For instance, on Windows XP v9 is offered as the latest. To start off, please post a screen shot of the error that you're getting. If it's a different error than "Server not found", please report it in a new topic so as not to mix different issues in one. If you are getting that error, please provide a Wireshark log and ELC logs as I've asked above.
  18. 1 like
    Try uninstalling ESET so that unregistration from WSC is performed and installing it from scratch. Should the problem persist, please contact customer care so that the case is properly tracked.
  19. 1 like
    Remote IP is useless information if I don't know what domain uses it. And eset SHOULD notify user via notification. As it is right now, user doesn't know that something is blocked! Eset should show a notification, preferably something like: "firefox.exe tried to access www.somemalitiouswebpage.com but eset stoped it because it detected AdRedirector"
  20. 1 like
    So frustrating. Thoroughly test a new release on willing participants, contact staff at multiple locations, begin pushing out an upgrade to 1000+ machines only for the version you are pushing out vanishes half way through the cycle. The exact same thing happened during the 6.6.2064 upgrade. Weeks worth of work down the drain with over half of the network still on 6.5.2107.1. I completely understand that other users were experiencing issues with v6.6xx; however, no issues here. At this point it looks as though there has not been a stable version released at all in the 6.6 cycle. ESET, you guys are wearing me out. End of rant
  21. 1 like
    ESET has a DEDICATED ANTIRANSOMWARE MODULE and the test was intended to check the efficiency of this particular module ;web access protection has nothing to do with this. It is like saying that you got flu despite being vaccinated , because you did not wash your hands.
  22. 1 like
    Win 7x64 HIPS support module: 1309 (20171229) Smart mode isn't triggering any alert for hosts file tampering. I made a temporary rule for the hosts file and this was successfully triggered. How can I go about troubleshooting why smart mode isn't triggering any alert?
  23. 1 like
    Situation Microsoft in their "ultimate non-wisdom" has provided a way to disable the Meltdown and Spectre patches by adding the reg. value, FeatureSettingsOverrideMask, to this reg. key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management. By performing "bit-flipping" in FeatureSettingsOverrideMask, one can disable either the Meltdown or Spectre patches or both. This override was supposed to be applicable to only Win Server OSes but security enthusiasts have discovered it also works on Win OS desktop versions. To make matters worse, security orgs. that should know better have provided software that automates the process; GRC's InSpectre portable app which can be downloaded here: https://www.grc.com/inspectre.htm . A dozen or so AV vendors are detecting this reg. modification activity; Eset is not. BTW - I also need the HIPS bug fix I previously posted implemented now so that I can protect reg. keys like this myself.
  24. 1 like
    Hello itman, when it comes to the registry keys protection as the keys are under HKEY_LOCAL_MACHINE, the attacker would need the full admin rights. Once attacker has them, he already has full access to the system, so no need to enable further vulnerabilities in the system from my point of view. When it comes to the mentioned bug, can you please share the direct URL to the post? I had quite a longer holiday so I do not have an overview,... Regards, P.R.
  25. 1 like
    Yes, both update and repair will replace this file with version available in installer. Fix for this issue is prepared for upcoming major release. Technically it is almost the same as your modification, except that even more variants are tested (multiple versions and authentication methods) so that as much as possible environments is covered by it.
  26. 1 like
    @fchelp You can open the individual task entry in Admin / Client tasks, by the little "+" expand button, and then toggle a context menu for individual entry. You can remove individual triggers, or eventually even edit targets. Screenshot attached. In the next version (7.0) we will be adding possibility to save a filter set, for a various conditions (un-managed computers, computers without security product installed, computers with a specific security product version ...). You will then get the filtered view on top of all computers by few clicks. However, you won´t be able to automate like you do for Dynamic Groups. However, for the future, we are working on more in-depth server side automation, where defined conditions will result in "tagging" a computer, and automation framework will check "assigned tags" and trigger actions based on them. This won´t be done to 7.0, as the feature is a bit complex, but it´s being worked on. Filter sets are below, on the screenshot.
  27. 1 like
    Why did I anticipate you would question this ........... I ran System Cleaner prior to uninstalling SSAK. It showed over 20 system changes. I then uninstalled SSAK using Revo UninstallerPro. After SSAK was fully uninstalled, I ran System Cleaner again and it only showed one system change remaining. BTW - when I installed SSAK, I used Revo UninstallerPro in logging mode to create a log of all changes made. I also still have the log which I can export in HTML format if you wish to view it.
  28. 1 like
    Had it been a definition-based alert, HIPS wouldn't have triggered an AMS scan based on internal rules and the alert wouldn't have read "The threat was detected in memory". This indicates it's a HIPS-AMS detection which also utilizes DNA detections which are in fact a sort of descriptions of malicious behavior. Again, the detection was purely HIPS-AMS based and I had real-time protection completely disabled. For more information about DNA detections and Advanced Memory Scanner, please refer to https://cdn1-prodint.esetstatic.com/ESET/INT/Docs/Others/Technology/ESET-Technology.pdf.
  29. 1 like
    I doubt that you run malware on your machine which is why you don't see any pop-ups from HIPS. In such case it's expected that HIPS doesn't alert you. Here are 2 examples of HIPS-AMS alerts on files shown upon execution that I've found among new malware. Had to turn off real-time protection since it's extremely difficult if not impossible to find new malware that wouldn't be detected by real-time protection:
  30. 1 like
    No - based on the previous testing I have done.
  31. 1 like
    It's a Deceptor (https://customer.appesteem.com/deceptors). If you think that benefits of using the application outweigh possible risks, you can exclude the application from detection and add the domain / url to the list of allowed addresses.
  32. 1 like
    Hello To install this update, compatible antivirus has to be installed on the computers. https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY. Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” Where can we find the list of compatible products? Only found information regarding NOD32 antivirus. thanks, Vilmos
  33. 1 like
    As already mentioned in other topics on this forum, ESET released an update on Jan 4, a few hours after Microsoft announced the availability of the patch. I was referring to the concern of the user above that with v10 installed he is not as well protected against possible malware exploiting the recently discovered vulnerabilities as he would be with v11.
  34. 1 like
  35. 1 like
    Please locate the executable "Attribuite Utillty.exe" and upload it to www.virustotal.com to find out if some other vendors detect it.
  36. 1 like
    Normally sandboxie will release a newer version to address the issue. Not installing updates will put you at risk just as Marcos mentioned. Many companies and general users would not have been hit by the ransomware WannaCry if they had patched their systems
  37. 1 like
    Hello, I believe the information is obtained through WMI repository, which is local to the computer. Regards, Aryeh Goretsky
  38. 1 like
    Hello, Dear users of ESET, I would like to discuss about a topic that Is a bit annoying atleast for me. I see some pepole In this forum recenlty that are often complain about ESET protection and they compare It to other security vendors. Then, marcos himself needs to quote them and explain them why ESET Is so great and good compare to other security products. If you don't like ESET In any way Don't use It! Because I think everyone wants this forum to stay friendly and helpfull and not that new users will come and see that almost every second topic Is titled about this "ESET Bad In ransomware" I think It's a little bit bad Issue In my opinion. Even though that I like to get popcorn when I see marcos quote those guys who complain so hard about ESET I won't name pepole here but oh well...
  39. 1 like
    If an user isn't allowed to discuss ESET's results then moderators might as well remove every single AV testing thread. Be it professionally, like AV-test, or not like YouTube testers. That would be fair. Guys, do remember that not all criticism is bad. I can understand you all like ESET and believe those people do so as well. They want ESET to be the best it can be. Internet trolls do exist. But just because someone says something you don't agree with doesn't make them a troll.
  40. 1 like
    I have used ESET for a number of years (not really sure how long, but I know it was before this forum started/back to the Wilders days). A good product, fine support and the side benefits of this forum keep me coming back.
  41. 1 like
    fo·rum ˈfôrəm/ noun noun: forum; plural noun: forums; plural noun: fora 1. a place, meeting, or medium where ideas and views on a particular issue can be exchanged. "it will be a forum for consumers to exchange their views on medical research" synonyms: meeting, assembly, gathering, rally, conference, seminar, convention, symposium, colloquium, caucus; More informalget-together; formalcolloquy "forums were held for staff to air grievances" setting, place, scene, context, stage, framework, backdrop; medium, means, apparatus, auspices "a forum for discussion" an Internet site where users can post comments about a particular issue or topic and reply to other users' postings. I believe the forum is fine the way it is ; You want only post like "Are you happy with ESET?"
  42. 1 like
    No, I was running the pre-release version of EIS, with Firewall module 1373 (20171206), when the BSODs occurred. Now I’ve returned to the regular version, with Firewall module 1372 (20171027). Both versions leak traffic in interactive mode. I’ve also encountered some computer freezes/hangs with both EIS versions (after I’ve updated to the Fall Creators Update). Not anymore: 16299 has become the standard build, see https://techjourney.net/windows-10-fall-creators-update-rs3-v-1709-build-16299-15-rtm/ (latest standard build is now 16299.125, since KB4054517). I’ve never installed the Windows insider preview (but the OP, MilkyMeda, has).
  43. 1 like
    To get to the bottom of this, I decided to do my own testing. I am using a nifty test Powershell based keylogger described here: https://hinchley.net/articles/creating-a-key-logger-via-a-global-system-hook-using-powershell/ . If one decides to use this code, you have to add -ExecutionPolicy Bypass parameter to the Powershell execution command as shown below to bypass the default Windows script execution blocking; powershell.exe -ExecutionPolicy Bypass -file Logger.ps1 If one examines the code in the Logger.ps1 script, you will note that a global keyboard hook is being set in user32.dll using SetWindowsHookEx API function call. User32.dll is one of the common .dlls loaded into a corresponding kernel space global root table at boot time. Dlls in this table are common to all processes and are loaded on demand into the process at process startup time. It appears that Eset's HIPS SetWindowsHookEx API function call monitoring is non-applicable to .dlls loaded from the kernel space global root table. This makes sense to me since Eset's kernel process does not have access to the kernel space global root common dll table. -EDIT- I forgot to mention that I did test Eset 's Online Payment Protection using this keylogger and all it recorded in a .txt file it creates to record keystrokes was scrambled characters. So OPP passed with "flying colors." As far as anything using behavior analysis, I doubt its activities would have been detected. It was created via Powershell, a trusted process. Also any script scanning via Win 10 AMSI facility would have been negative since the code would have not matched any existing signatures. However, setting Powershell to "Constained Language" mode will block its execution.
  44. 1 like
    It seems that it really doesn't inject this dll. It was the case for XP and is not the case for Win7. Good. This explains why the second rule didn't trigger. But why the first rule "install global hook" didn't trigger too? The hook was obviously installed. It captured keypresses and logged the phrase I typed.
  45. 1 like
    See the video. I am not using a kernel mode keylogger. I explain how SetWindowsHook works. The kernel is injecting the dll you provide. If it is not designed to block keylogging activity then what this global hook rule is supposed to do? And why is it marketed as such?
  46. 1 like
    Shut down the keylogger. Start it back up and see if you now get an Eset HIPS alert. If not, when you created the rule did you specify under the "HIPS Rule Settings" screen, 1. Enabled -> check marked 2. Logging severity -> Diagnostic 3. Notify user -> check marked Also, re-verify that the "Action" setting is block or ask. Additionally, the "Rule name" should be formatted as; User rule: block global hook setting for example
  47. 1 like
    ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 11.0.159.x have been released and are available to download. Changelog Changed: The user no longer needs to deselect a check box during installation to install the product to a custom folder Changed: Updated LiveGrid status reporting so that yellow status is now not shown until a network connection is unavailable for 10 minutes Fixed: The Update window does not refresh after downloading a 3rd party installer Fixed: Device Control does not activate Fixed: Exclusions are not accepted during the initial scan that is made after installing Fixed: The scrollbar does not display in the Update window Fixed: Banking & Payment Protection does not show "Protected by ESET" when using the latest Firefox browser Fixed: Various internal and localization bugs Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version Support Resources ESET provides support in the form of User Guides, fully localized application and online help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help user guides: ESET NOD32 Antivirus ESET Internet Security ESET Smart Security Premium Visit www.eset.com/contact to email ESET technical support. For version 11 video tutorials, see the ESET Knowledgebase YouTube channel
  48. 1 like
    Speaking about network protocol exploits, next year all our products will receive network protection, not only those that contain a firewall (ESET Internet Security, ESET Smart Security Premium, ESET Endpoint Security). We also plan to significantly improve update in all new products to react even quicker to new threats and more effectively than the current LiveGrid system. Also administrators will be given new tools and methods to prevent and combat malware and make management easier and ESMC, EDTD, ECMP, EIS, ECA, EBA, etc. will become more than just letters in the next few months.
  49. 1 like
    I just bought the ESET smart security premium, it keeps telling me that I need to address the anti theft part of this, I go to address it, it takes me to a page to buy the product not the optimization report. It also says that it is already installed on my computer??? Help! How do I get rid of this glitch
  50. 1 like
    We will continue to use version numbers but they will be used rather for internal identification of products than being used in marketing and sale.