Leaderboard

I take liberty to correct you - it's Windows 10 October 2018 Update (aka RedStone 5). Versions 10.1 and newer fully support it.

@jimmy09 For a network consisting of 1400 clients, even in case of ERA 6.5, deployment of ERA proxy is not necessary, as single server should handle such amount of computers with ease. We are currently investigating a case, when under certain conditions server stops receiving connections. Have you opened a ticket with US customer care? Do you have more details, about the frequency of the problem (does it happen once a day, or once a week, or there is no regular interval in which this event happens). @Pinni3 It looks similar to your issue, but we have customers that are having connection issues for different reasons that were the ones in your case.

The fix was made to v12 which will be available later this year. Currently we don't plan to release any further v11.2 hotfixes since v12 is virtually imminent.

Field RemoteHosts shows IP address or hostname of machine where last connection of this client came from -> it is refreshed before each connection. In case it shows wrong hostname, it might be caused by wrong configuration of DNS that is performing reverse-DNS lookup. This value completely relies on IP address as seen by ERA/ESMC and does not depends on computer name shown in console, so renaming task has no impact on this field. There was also change in ESMC and only IP address should be shown, so no reverse-resolved hostnames will be present .

HTTP/2 is in beta state and is available for insiders for testing. HTTP/2 support will be added via internet protection module update. TLS 1.3 will be added also lately, developers were waiting when stable OpenSSL 1.1.1 will be released. Now OpenSSL 1.1.1 is available and developers need some time to implement it. This info from developers, so stay tuned.

Please double check all UEAVBE4 dependencies are already installed on the machine. If I recall correctly, i386 version of libc is required (even on x64 system), and also few other libraries, including gtk. Details should be available in product documentation. In case you are preparing deployment on larger amount of similar systems I would recommend to installs manually first to verify everything works.

@FinAms We have tested ESET Management Agent V7 on the 10.14 Mojave, and we work without issues. We will update the documentation accordingly. We will also expand the repository metadata, so it´s listed among supported systems.

Does temporarily pausing real-time protection make a difference? If so, generate a Procmon log so that we can see what files are being accessed / scanned when cpu goes up. 6% utilization is not high, e.g. if a lot of files are actively being scanned.

I'm trying to see the advantages of installing ESET using the extension... When deploying infrastructure using Resource Manager templates, you can reference extensions to be deployed to a VM as part of the whole process. If you want to install to one machine, manual install may be easier. Extension management interface is not very fancy, e.g. when the extension needs to reboot after upgrade/uninstall, there is no way to indicate that. It will either wait or force reboot – what can be a surprising action for admin. Also the Azure Advisor says that there is no Endpoint Protection on the VM (said before upgraded to v7).. Detection of Endpoint protection is unrelated to whether the product was installed as extension or not. Currently, MS does not recognize ESET as Endpoint protection. Don't know why, we are trying to reach them. Now v7 is here and there is no way (that I can see) to use the Azure interface to upgrade Eset file security on the VM. Upgrade: Extension management system does not do major version upgrades. No way to do that automatically. Install: Currently, clean install of v7 can be done only via PowerShell, because we need to update the portal UI to reference new major version (it references v6 now). We are working on this with MS right now, but as it is handled via emails, it takes time.

Hello @Timur P., I assume it is caused by enabled "Exclude communication with trusted domains" setting so communication with the domains secured by a trusted certs is excluded from the SSL / TLS scanning if you have it enabled,... Regards, P.R.

Its not so obvious to me, and there is nothing in that link that helps. Here's what i know. Without HIPS enabled everything on my system works as it should. With HIPS enabled everything works up to Google ver 68. HIPS is preventing me from running as i should be running. Update google to 69 and it wont run in the sandbox with HIPS enabled, need to turn HIPS off for it to work. So for me it's related to HIPS, Google & Sandboxie. But without HIPS everything works, so what is HIPS doing. Thank you.

Backup-ing just database should be fine for most of the users, but you might consider following: Back up also ESMC's ProgramData directory. It will contain generated/saved reports. But there is nothing crucial for recovery I would recommend to export specific data from ESMC and store separately, as recommends documentation. This includes especially certificates, which would enable you to recover client's connectivity even in case database backups are not usable. I would create copy of Apache Tomcat installation, especially configuration files, which are including HTTPS certificate. This should be definitely done in case you made some custom changes (for example deploying your own certificates). Completely re-installing ESMC WebConsole is no big deal, but new installation will result in new HTTPS certificate, which might be confusing for users.

For anyone wanting to take a "deep dive" into UEFI protection mechanisms is the following reference: UEFI Firmware Rootkits: Myths and Reality https://www.blackhat.com/docs/asia-17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-And-Reality.pdf Since the publication is long and quite technically detailed, you can scroll down to the section titled, "UEFI Firmware Mitigations." Of note in regards to Intel motherboards are the following mitigations: 1. Intel Boot Guard. 2. Intel BIOS Guard. Microsoft has additionally created a mitigation for latter Win 10 versions that is available to OEMs, Windows SMM Security Mitigation Table (WSMT). You can read about this here: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-uefi-wsmt .

Unfortunately it is not configurable. All trace logs are using UTC timestamps, so that analysis is simplified in case of global deployment. Also all other logs from client machines are stored internally with UTC timestamps, which are re-calculated for each user using timezome specified by user's browser.

YOU HAVE NOW TAKEN THIS TO A NEW LEVEL OF DISGUST ... talk about a lack of intelligence, no reputable member of this Forum goes out to incite others needlessly. But "novice" chooses to do so. If "novice" were trying to improve ESET's performance, I would think that going through proper channels would be in order. But "novice" has not chosen that course. "novice" has been a member of this Forum since July 20, 2013. If according to "it's" information, "it" purchases a 3 year license, the said license would have (assuming "it" joined the Forum at the time "it" purchased the license) would have expired in 2016/17. And if "it" spent 300 CAD on a 3 year ESET license, "it's" not very intelligent. I can buy a 3 year ESS license for under $100 (and actually cheaper) But yet "it", "novice", is still around. Why could that be? It's because "novice" is a troll...plain and simple. There is no point in trying to have an intelligent discussion with "it". The only purpose for a troll to exist is to raise havoc wherever "it" chooses to live. see https://en.wikipedia.org/wiki/Internet_troll So please, do not feed the troll. In the "Grand Scheme" of life, trolls hold little, if any, significance. Just ignore them.

Release Date: September 26, 2018 ESET Cloud Administrator (ECA) is a cloud-based management console (offered as a service) allowing centralized management of select ESET products. ESET Cloud Administrator allows you to manage your company’s network security without the need to buy, install or maintain additional hardware. Using the ECA Web Console, you can deploy ESET products, manage tasks, enforce security policies, monitor system status, report on security incidents and quickly respond to problems or threats on remote computers. Below are some of the important features in the currently released version of ESET Cloud Administrator: Incident Overview dashboard Hardware inventory Notifications Use local lists Group policy (GPO) deployment Automatic threat resolution Log Collector New and improved wizards For Frequently Asked Questions and descriptions of the features, see ESET Cloud Administrator—what's new? Support Resources Getting started with ESET Cloud Administrator (ECA) - Windows ESET Cloud Administrator Online Help contains comprehensive reference information for system settings, configurations, installation scenarios and more. Troubleshooting and problems with the ECA Web Console ECA Live Installer deployment methods Upgrade ECA components to the latest version

Download era.war from ESET's download page and copy it to /var/lib/tomcat7/webapps/ (https://help.eset.com/era_install/64/en-US/index.html?component_installation_webconsole_linux.htm). It may take a few minutes to extract files from it automatically. Afterwards you should be able to log in to the console.

It sounds like the ESET root certificate was not imported to the trusted root CA certificate store. Does the issue occur with any browser? Ie. with Firefox as well as with IE/Edge and Chrome? Try the following: - disable SSL/TLS filtering - reboot the machine - without launching any other application, re-enable SSL/TLS filtering - launch a browser and open an https website. Does the problem still persist?

Hello @khairulaizat92 yes we have this threat covered. Linux ones: Linux/Xbash.A Linux/CoinMiner.AS Linux/TrojanDownloader.SH.BE Windows ones: PowerShell/TrojanDownloader.Agent.AWR Win32/Spy.Agent.PKE PowerShell/TrojanDownloader.Agent.AXD Generik.HEFUUZS Win64/CoinMiner.CZ Regards, P.R.

Enter "@NAME=JS/Adware.Agent.AA" as the threat name (without speech marks). However, as I have already mentioned above, we don't recommend excluding it as ESET won't be able to protect you if running the script will download some malware.

If malware, adware or whatever is detected, a proper way of dealing with it is fixing the issue, not working it around by disabling detection, adding exceptions, etc. Otherwise one may get infected. Rather than excluding a website from filtering I'd recommend excluding a particular detection by the detection name if you are ok with that JS/Adware.Agent.AA javascript will run. Although it's related to a particular ad provider, we cannot guarantee that circumventing the detection is safe.

You could always exclude the site from being scanned/blocked yourself in your settings *AT YOUR OWN RISK*

Eset's recommended mitigation for UEFI malware is to update your motherboard firmware. See this: https://support.eset.com/kb6567/?locale=en_US&viewlocale=en_US . Some motherboards have dual UEFI/BIOS setups which allow you to restore from the backup UEFI/BIOS. When you did the full scan on 9/1, were you on version 11.2.49 assuming you're running a retail version of Eset? Was the UEFI malware detection made on version 11.2.63? This could be a false positive issue with 11.2.63. It could also mean that UEFI/BIOS detection has improved in 11.2.63. Finally, Eset's default Smart scanning does scan the OS installation drive BIOS/UEFI by default. This scan runs each time you boot your PC. Unless you disabled this scheduled scan, I find it odd that Smart scanning did not detect your UEFI malware but your full system scan did. Here's is a Blackhat conference presentation on Computrace: https://www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf . It is definitely not something you want on your PC if this is indeed the case. If Computrace does indeed exist, there is also the possibility that it arrived on your device via a recent manufacturer BIOS/UEFI firmware update. So you want to first check if this is the case.

Description: A "Reset to Default" option for different parts of the ERA. Detail: This one has mainly been discovered due to my own fault. There are many things that can be played with within ERA which is great, however I think there are some of us that might play a little too much and then get to a point where we've changed so much of something that it doesn't work or doesn't give you what you want. For areas such as reports and policies, it might be a good idea to have a button that you can click while editing that restores the default values. That way, if you play around too much and feel like you just want it back to how it was before, you have a reset button as a saviour.

My understanding is that Cisco Anyconnect doesn't honor information provided by Windows Security Center which is where ESET registers itself and they most likely have their own AV detection mechanism. In such case, they need to update it in order to recognize Endpoint v7. Therefore I'd recommend contacting Cisco support.