Leaderboard

There will be a fix for the issue in both Endpoint and ESET NOD32 for Linux desktop according to the latest news.

As I wrote, there will be a hotfix of ESET NOD32 for Linux desktop that will address the issue.

@Kirill Licenses for ESET products are not sold for a specific product version. Meaning, that with your current license you will be eligible to use the new V7 as well. Linux Endpoint product is the last one running the old version of architecture / scanning core, and it will be updated to V7 soon. We are already running a beta program (available here), V7 should not have this issue at all.

The current up-to-date version for desktop edition is the v4 Endpoint edition v7 is running as BETA currently , once it goes stable I believe they will start looking at building the v7 for desktop. The fix that Marcos talked about would be probably a small fix (hotfix) that will solve the issue with browsers and that's it , not a major upgrade.

Hi, You should create a full chain certificate which contains SSL cert, intermediate, root and private key. - Download XCA and install it. - Download OpenSSL and install it. 1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it: -----BEGIN CERTIFICATE----- (Your Primary SSL certificate from C:\temp\your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate part from C:\temp\TheTrustedRoot.crt) -----END CERTIFICATE----- 2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it! 2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside C:\temp\server.pemkey 3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform: cd C:\OpenSSL-Win32 openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx 4.) Your PFX file is now ready to be used.

You have a rootkit there. Either boot from a clean medium (e.g. ESET SysRescue) and run a full disk scan, or do the following: - start Windows in safe mode - move C:\Windows\System32\Ms96FB23EEApp.dll to another folder, e.g. to c:\eset - start Windows in normal mode - run a full disk scan.

In fact, I provided a proof that on Windows 10 ESET detected and blocked execution of the ransomware and protected the user where the other "free" AV failed. If you have a proof that ESET doesn't protect users well, please provide a proof and support it with logs and other necessary stuff.

Between Jan 23 and 28, you had various diagnostic logging enabled. You should disable it in the advanced setup -> tools -> diagnostics. Alternatively you might have enabled it via Help and support -> Details for customer care. Advanced logging should be enabled only for the time necessary to reproduce a particular issue and must be disabled then. When activated, a yellow notification pops up in certain intervals notifying you about that. Feel free to delete the files in the Diagnostics folder.

All computers within a particular organization share EDTD results. Moreover, files that turn out to be malicious are also blocked for users with LiveGrid reputation system. This is, however, limited only to PE files, such as exe and dlls and it doesn't concern malicious documents for instance. Unlike LiveGrid, EDTD analyzes files immediately and client (e.g. mail server) waits for the result of analysis prior to delivering email or allowing the file to run. Users with the LiveGrid Feedback system enabled submit detected or suspicious PE files to LiveGrid; the response is not instant and it may take a while until a malicious file is blocked in LiveGrid, a detection is added or improved and delivered either via a standard module or streamed (pico) update. EDTD instant analysis in EDTD cloud (files are run in a sandbox and are also assessed by machine learning models) analysis of any file possibly carrying malware, including documents with macros files with malicious behavior are blocked typically within less than 5 minutes possibility to delay email delivery or file execution until a result from EDTD is received results are shared within your organization instantly (only 100% malicious files are also blocked for users with LiveGrid) LiveGrid analysis of mainly suspicious executable files (ie. not documents) not possible to delay email delivery or file execution until malware recognition is added it may take up to 30 minutes for brand new malware (executable) to be recognized via LiveGrid and streamed updates

Yes, a license for ESET NOD32 Antivirus should also work to activate ESET CyberSecurity and likewise it should work with EIS / ESSP license and ESET CyberSecurity Pro.

Is there any reason why port 443 needs to be open on the WAN side of the router? I had a similar situation with my ISP, AT&T, Pace gateway. The "phony baloney" explanation given was they created a pinhole in the gateway firewall so they could access my TV desktop devices for maintenance purposes. Never worried about this since the pinhole only allowed access from their IP address. Well, recent gateway firewall log review showed know malicous IP addresses were accessing that pinhole. So I deleted the pinhole on the firewall and have had zip problems since.

hello BeanSlappers thanks for your reply I have never gotten to use port forwarding the main router I use it for everyday tasks like youtube facebook games etc already when I need to do something I use a second router for it although the results on this main router confuse me because I have never gotten to use it for other tasks besides the daily ones thank you very much for your attention

Moreover, url scan and website content scan are two completely different things.

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

Unfortunately that is hard to confirm without testing or more date, but ERA 6.4 was definitely not tested in such environment. Errors seems to be more related to installer script, nor ERA Agent, but it might have the same issue - incompatibility with macOS 10.15 environment.

https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/ Ref.: https://support.eset.com/en/ransomware-shield-bypass-mitigations

Did receive the parental license information on the same day. That is why I did not understand why the ESET Security did not have a license as well. With that in mind I will continue my search for a "good price" on the ESET for Android. Thank You

Each distributor provides technical support for local customers and contacts ESET HQ in cases when deeper investigation is needed. After contacting customer care, you should receive a confirmation email with a ticket ID. If you didn't receive any, check the spam or junk folder. You can also try contacting customer care via the web form that is available through the wizard https://www.eset.com/uk/customer-care-wizard/.

Yes, this was a false positive, fixed at approx. 7:45 CET.

Logging in the phantom account is considered a suspicious operation. Check the device in the AT portal https://anti-theft.eset.com and create a phantom account if recommended under Optimization: If you want AT to work effectively in case of a theft, keep the phantom account created.

This is now resolved, in case it helps anyone I logged into the VA and enabled Webmin, I then accessed Webmin using a web browser, Servers section, ESMC then there was an option to repair ESMC Agent Connection. I entered "localhost" for the Hostname and the ESMC port then clicked the repair button and it fixed it and updated to 7.1 as I had this task queued from last year.

The issue will be addressed both in Endpoint and NOD32 for Linux desktop.

Eset does use a blacklist of known botnet C&C servers. Only they know what it contains. However, Eset also uses this Botnet detection for inbound brute force attacks. Another thread on same alert here: https://forum.eset.com/topic/21967-increasing-botnetcncgeneric-detections/

These settings are for Endpoint 7.2. If applied to older versions, they are converted to the appropriate setting (e.g. PUA balanced or cautions detection will merely enable PUA, setting it to Off will disable PUA detection). Aggressive detection is applied only by Endpoint 7.2+. We recommend upgrading to ESMC 7.1 and Endpoint 7.2.

First of all, installing an antivirus without taking other measures, such as keeping the OS fully up to date and patched, avoiding opening suspicious email attachments, clicking suspicious links or keeping RDP enabled without restrictions is not enough. Moreover, no security solution can ever protect from 100% of threats. Not sure what happened, if your files were encrypted by ransomware or what you actually paid for. Technical support is provided to our users for free. Also without any further logs, proof and information what actually happened it's unfair to blame ESET.

The patch was included in the Jan. cumulative update for Win 10 release last Tues.. For Win Server 2016 and 2019 which are also vulnerable, one will have to check with Microsoft on how the patch is being delivered or download the patch from the Win Catalog web site.

I expanded column header and found 2 columns that were also configured cleared them and everything is working properlu Thank you

Microsoft has already released a hotfix for the vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

You can find that here : I believe Google did some kind of change in Chrome that change is making problems with the legacy code of v4. EDIT : Also I am sorry If I was rude or aggressive with my reply , I didn't mean that. But you made me angry

Sorry for pressure. My fault. But you are just looking at wrong browser, it would not be affected at all, as I understood. Also (not for being rude, but for numbers and talking about the same things) - the problem potentially affects more than a half of users of linux platform. The ones, who use ESET product for this platform, actually.

Hello, As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement. I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users. HTH

To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority. One of such certificate authorities is let's encrypt who provide certificates for free. ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store. @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.

As for the files that could not be opened and scanned, just ignore those messages. They all seem to be standard files that are exclusively used by the OS or you don't have permissions to access them. As for the scan time, most likely it was not the first on-demand scan you've run so the scanner already had information about whitelisted files and skipped them.

Hello guys, I opened a ticket with the dev team to check the logs provided by @Camilo Diaz In case you have the logs (as described by Marcos), or are willing to record them feel free to provide me with them so I can have them checked... Regards, Peter

Hello, What you have to do is to configure the proxy for both the agent, and the mac security product. In case the macs are showing not correct "last connected time" it would mean that they are not able to connect to the server at all, which is the thing you should troubleshoot. To confirm this, please check the status.html of one of the mac agents. Also, what makes me confused is, that you mix topic of proxy and mirror. When you refer to mirror, do you mean actual offline generated mirror by mirror tool, or you utilize the proxy caching function. In this case, you just need to configure both agent / endpoint to communicate via proxy, and they should get the updates from there automatically. Please note, that in ESMC 7.1 you can configure proxy details for the agent live installer, and also choose a policy that will be applied to the machine. @Marcos can you please move this to "ERA" portion of the forum?

You are lying here. Yes, NOD32 maybe does not specifically affect browsers. But to intercepting launching viruses you installing intercepting library affecting all applications. Even which launched via systemd. Error SIGILL (Illegal instruction from Chrome output in terminal) usually means that application was compiled for newer CPU which have instructions which you CPU does not have. In past Chrome already started to SSE2 instructions which was not on Pentium 4 and some Atoms CPUs. But in this particular case reason is different since after uninstalling ESET Chrome 79 starts working normally. Maybe during injection your code in Chrome (from library libesets_pac.so ) something leads Chrome (or maybe ESET) to execute illegal instruction. Besides Chrome CUPS subsystem (printers) not working with ESET. I don't know since when. In logs both says "ERROR: ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored." Maybe because of NOD32 unable to inject libesets_pac.so code using LD_PRELOAD in Chrome and inject successfully some other library then it leads to inconsistent behavior. Visually Chrome 79 with ESET installed blinking randomly with some freezes. Chrome uses dedicated processes for rendering pages which only "streaming" rendered content to main process with UI for presenting to user. Maybe Chrome 79 using some new IPC methods to transfer rendered content which NOD32 intercepts and parsing for too long (causing blinking in main UI process' OpenGL Context). I've never looked to Chromium source code so I'm not sure if I'm right about new IPC (if it is new). Also I mine cause graphical system in Ubuntu is X11. It is better to other victims of such error to reply if you are using Wayland (in case X11 do not answer to prevent flooding in thread). It is maybe related. To check which system you are using enter in terminal following command: echo $XDG_SESSION_TYPE

That's a huge number so a dedicate machine with http proxy will likely be necessary. ESET Dynamic Threat Defense runs files potentially carrying malware in a sandboxed EDTD cloud environment. It leverages multi-stage analysis, where it combines advanced detection techniques with behavioral analysis and machine learning. Scan results are shared among all computers in an organization. In combination with Mail Security products, EDTD allows for delaying email delivery until a result of scan is received and only then clean email is passed to mailboxes. EDTD substantially improves protection from malware spreading in Office documents for instance. As of Endpoint 7.2, it's possible to block execution of files downloaded via email clients and browsers until the scan result from EDTD is received. If you are interested in trying out ESET Dynamic Threat Defense, please contact your local ESET distributor or drop me a message. Another product for enterprise users that we offer is our EDR solution ESET Enterprise Inspector which provides you with insight into what's going on in your network. With more than 200 pre-defined rules you get a good overview of possible security incidents that you can subsequently respond to or track them back to the source.

Make sure you check for updates again: https://www.ghacks.net/2020/01/08/firefox-72-0-1-fixes-a-security-vulnerability-that-is-actively-exploited/

Hello, sorry for the late response. Both Apache and PHP are planned to be updated in the first half of this year. Regards, Tomas

Hello @Patrick van Lier, You just need to remove the corresponding DNS entry (as per the screenshot below) and restart the ESA Core Service.

Here is Quttera's detailed report on 9anime.to: https://quttera.com/detailed_report/9anime.to It found 23 malicious JavaScript files on the web site. All appear to be hosted at defpush.com.

I just install ese internet security 2020.after that i cannot access to some websites

The fact that a particular AV detects more than ESET doesn't make it better. Rogue applications also find a lot of issues even on clean operating system and it doesn't make them better, quite the contrary. If you think that ESET has missed a threat, feel free to submit MBAM's quarantine to samples[at]eset.com and we'll most likely confirm that the object is not subject to detection.

You shouldn't do it since the site is being detected as hosting malware.

Do you know when this update will be released publicly? Or how can I avoid this error? At the moment, I get a BSOD several times a day, as well as data loss in some programs due to incorrect file saving. The minidump shows the same driver with the same parameters. As an option, I see only the complete removal of ESET Internet Security, since it is not known when the update will be released.

I assume the problem is you have "Restrict URL addresses" enabled. According to the help: To only allow access to URLs listed in the Allowed URL list, select Restrict URL addresses.

It's because of this: https://support.microsoft.com/en-us/help/2664888/computer-stops-responding-when-you-run-an-application-that-uses-the-wi So the solution is to make sure the hotfix is installed, then install EFSW and enable Web & Network protection during installation.

You can create 2 rules, one permissive rule with the trusted zone added on the Remote tab and another blocking rule without any IP address or zone specified and put the permissive rule above the blocking one.

@TheMartin Thanks for the feedback / suggestion. I will contact our documentation team, and ask them to prepare the tutorial (video / documentation) with the topic "how to update my ESET environment on the latest version in the simplest way". I agree, it would be a helpful content, which should be more actively promoted in documentation and KB.