Leaderboard


Popular Content

Showing content with the most kudos since 12/20/2016 in all areas

  1. TomFace

    Merry Christmas

    I'd like to wish all the ESET Moderators, Staff, Associates, Partners, Forum Members and guests a Merry Christmas. Have a peaceful and joyous holiday!
    3 Points
  2. 3 Points
  3. Marcos

    Why are my settings grayed out ?

    ESET is not playing any dirty games with you either. The forum system was developed by a 3rd party company, not by ESET and it's also used by other companies and some other AV vendors too. In your screen shot I didn't see any options being greyed out, only the headings as TomFace correctly pointed out. But those are not clickable items. Aren't you able to click "Account settings"? Please clarify what you would like to achieve and we will guide you.
    2 Points
  4. TomFace

    Happy New Year

    Where has this year gone? Happy New Year to all. May it be fruitful, peaceful and malware-free!
    2 Points
  5. Hello, If you can give ESET's office a call at +1 (866) 343-3738 during business hours, a customer service rep should be able to give you information on the license's history. Regards, Aryeh Goretsky
    2 Points
  6. Hi marconi I can help you out with the questions in the title of your post. The easiest way to determine your Eset product and when it will expire is located on the Home screen of your Eset product. You can open this screen by left clicking the Eset Icon in your system tray area . See screen capture below. You can add additional computers for an additional fee. I have a two system license and it is by far less expensive then a seperate individual license for each machine. I have no idea what the new costs may be for the latest version 10.x As to your concerns regarding the purchase date and expiration date would be better addressed by someone in the Eset organization such as a moderator or staff member.
    2 Points
  7. Marcos

    Just ran RanSim = Detection failed

    It's an innocuous application that doesn't tell anything about detection and protection capabilities of ESET products. They test behavior blocking without distinguishing between malicious and benign applications. However, ESET does not only monitor the system and processes for suspicious behavior, it also scans memory for malware-like code. This also enables ESET not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator. In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than ESET.
    2 Points
  8. jadinolf

    Merry Christmas

    Same to you Gonzalo and many more. Same goes to anyone reading this.
    2 Points
  9. In v8 a scheduler task is created for the initial scan. However, instead of editing it I would personally rather run a smart scan which is just 1-3 clicks away. The initial scan is same as any other scans run manually.
    1 Points
  10. Marcos

    block my website

    We kindly ask you to stop reporting the block here. We have already replied that the block is correct and will remain. Samples or potential FPs should be reported as per the instructions at http://support.eset.com/kb141/. Having said that, we'll draw this topic to a close.
    1 Points
  11. katbert

    Edevmon integration logs

    Thanks, "Configure the verbosity of setupapi.app.log and setupapi.dev.log" is what I need. Now I have detailed log of edevmon integration process. Default Windows event logs don't show any errors.
    1 Points
  12. I figured I would update this for anyone who might happen upon it with this problem. So I took the plunge and then reinstalled ESet, (after having installed libc6:i386 last month) fully expecting to see the same slowdown problems. I'm glad to say that everything seems to be working great for about 24 hours now. Eset UI comes up really quick (faster than Windows), and I ran a couple of scans without problems. If things turn south, I'll let you know, but this seems to be the solution for Ubuntu 16. ESET SUPPORT: It would be great if you added a note for Ubuntu 16 users in your installation doc advising users to install libc6:i386. And thanks for the help!
    1 Points
  13. TomFace

    Ver. 10 Upgrade ????????

    I just check for the update and got it (ESS). I'm in Ohio as well. Not sure if it matters, but I am currently running pre-release updates.
    1 Points
  14. Hi Peter, I think I completely understand that. Thanks for all your help.
    1 Points
  15. V2TW

    Start from scratch on new 6.4 Appliance

    The option to rejoin domain/factory reset etc only appears in the 6.4 version of the appliance. If you only did component upgrade task and upgrade ERA in the original 6.2 appliance to 6.4, the appliance itself(i.e. all the non-ERA components, including that console menu) still won't be updated. You can follow the steps below to migrate your current appliance to the latest version: hxxp://support.eset.com/kb5725/?viewlocale=en_US
    1 Points
  16. Staj

    Automating ESET Uninstaller

    We've been struggling for months to do a v5 to v6 migration, uninstall of v5 does not work and we seemingly cannot get support from ESET to resolve it. My other choices are to wipe all our computers in the country using SCCM Task Sequences or uninstall it manually for each system in the country. I don't look at this option lightly.
    1 Points
  17. TomFace

    Why are my settings grayed out ?

    I simply asked what you wanted to do/accomplish. I'm just a user like you and I'm trying to help you. If you want to act childish, I won't waste any more of my time with you. I am not playing games. Good day Sir.
    1 Points
  18. itman

    ICMP Flood Attacks????

    Normally, your router should be configured to block external ICMP echo requests. You can test if that is functional by going to this web site: https://www.grc.com/shieldsup then click on the "Proceed" tab in the displayed web page. Then select the "Common Ports" scan. When it completes, note the results of the "Echo Ping" test. It should state that you passed. If you didn't pass, then your router is not properly configured to prevent ICMP Flood attacks. The router is your first line of defense against ICMP Flood attacks. If you passed the Echo Ping test, then a number of other scenarios might be occurring. An external DDoS attack might be occurring against your router and it is overwhelming the capability of the router to block such traffic. You should examine your router's log file to determine if this is the case. If an external DDoS ICMP Flood attack is occurring, you need to create a router firewall rule, assuming your router has a configurable firewall, to block all inbound traffic for the IP addresses that are the source of the DDoS attack. If an external DDoS attack is not the case, then it is possible that your router is "misbehaving." It is normal for some routers to issue an ICMP echo request to establish connectivity with a target device. If there is a problem with this request being acknowledged by the targeted device, it could be the router is stuck in a loop where it is repeatedly sending ICMP echo request transactions and Eset's IPS protection is interpreting this activity as an ICMP Flood attack.
    1 Points
  19. webyourbusiness

    Activation FAILED

    JohnO - send Marcos your details in a private message through the forum. There is no need to post it publicly and I agree that posting them in the forum is not the right thing to do, I'm sure Marcos meant via Private Message. Marcos is ESET staff and has been for many years (as long as I can remember, and we have been an ESET partner for 13+ years).
    1 Points
  20. MichalJ

    Multiple Licenses on one machine

    Problem is, that when you have activated the computer by entering the key (directly, or you have entered it into ERA), you are not able to deactivate it using security admin account. If you've had used the security admin account for activation, it would be possible.
    1 Points
  21. Marcos

    Ransomware Protection

    Ransom doesn't perform ransomware attacks. As I wrote, ESET does not detect innocuous applications that do not do any harm as malware. As a part of ransomware protection and to prevent false positives, ESET also scans the application's code in memory. If it does not appear malicious and the application is not detected by a signature either, it won't be blocked. RanSim does not tell anything about how well a particular AV protects against Filecoders. As a result, programs that pass RanSim may be more prone to malicious file encryption than programs that fail the "tests". Needless to say that RanSim shows malware authors what kind of techniques they should evade to get around particular behavior detections of particular protection software.
    1 Points
  22. m4v3r1ck

    Forum Feedback

    Just a little thingy I noticed today! Should be "See WHO gave kudos" Greetz
    1 Points
  23. MartinK

    Allow UltraVNC to go via eset firewall

    My recommendation is to: configure one client so that it works as expected (manually, as you have already done) request this client's configuration from ERA (client details view -> configuration -> request configuration) use received exported configuration to create policy ... once this is done, configuration policy should be the same as is client's configuration, you only have to remove (disable apply) for configuration parameter you do not want to be changed by this newly created policy.
    1 Points
  24. cyberhash

    2017 Annual Survey

    Without even visiting the url it looks suspicious. Not the best of ideas posting web addresses on a forum for other users to visit
    1 Points
  25. Marcos

    Using IP blocklists with ESET firewall

    I think it's easily doable. Simply add a new zone (e.g. "IP block") with the IP addresses delimited by a comma. Then create a new blocking firewall rule that will have the zone listed on the Remote tab:
    1 Points
  26. Aryeh Goretsky

    GRIZZLY STEPPE attacks

    Hello, ESET's name for this threat actor is Sednit, and has released extensive reports on their activities over the past three years or so. Here are some of the articles: Sednit: A very digested read [2016-11-11] En Route with Sednit: Full Whitepaper [2016-10-27] En route with Sednit - Part 2: Observing the Comings and Goings [2016-10-25] Lifting the lid on Sednit: A closer look at the software it uses [2016-10-25] New ESET research paper puts Sednit under the microscope [2016-10-20] Sednit APT Group Meets Hacking Team [2015-07-10] Sednit Espionage Group Attacking Air-Gapped Networks [2014-11-11] Sednit espionage group now using custom exploit kit [2014-10-08] Back in BlackEnergy*: 2014 Targeted Attacks in Ukraine and Poland [2014-09-22] Miniduke still duking it out [2014-05-20] And here is a very partial listing from ESET's threat encyclopedia entries: Win32/SandaEva Win32/Sednit Win32/USBStealer Win32/Exploit.CVE-2014-1761 And here are some direct links to white papers mentioned in the above: En Route with Sednit - Part 1: Approaching the target [PDF] En Route with Sednit - Part 2: Observing the Comings and Goings [PDF] En Route with Sednit - Part 3: A Mysterious Downloader [PDF] En Route with Sednit: Full Whitepaper [PDF] (combines the three preceding reports into one ~140 page report) And here are some related links with additional IoCs and related research from ESET's GitHub account: ESET | Malware-IoC | Sednit Indicators of Compromise ESET | Malware-Research | Miniduke It would appear that some of the information in the GRIZZLY STEPPE report may have been borrowed from ESET's research, although it is hard to say since no security companies were mentioned in it. As a reminder, ESET identifies this threat actor as the Sednit group. ESET makes no claim as to their affiliation (or lack thereof) with any government, as attribution is a matter for governments and outside the scope of ESET's mission. Regards, Aryeh Goretsky
    1 Points
  27. MichalJ

    ECP.4100

    According to the KB article http://support.eset.com/kb2434/ it indicates that it is Internal Error. It might indicate that there is some other security solution present on the system or malware. As this is obviously related to ERA Agent, just out of curiosity, are there any policies applied to the File Security (like the anti-ransomware policy, or any other policy created from exported configuration from another client)? I would recommend removing those policies, and then attempting reactivation again, using ERA agent (product activation task). There was a bug in the previous versions, that license was exported within the configuration and invalid license parameters were applied to the client together with the exported / converted policy, which resulted in "not activated" state, and failing to get updates of the protection modules.
    1 Points
  28. "Apply" will apply a particular setting while "Force" will override "Apply" if set by another policy.
    1 Points
  29. Yes, kind of. You can try it if you don't need all the features of ESS.
    1 Points
  30. itman

    Just ran RanSim = Detection failed

    I have following with puzzled amusement the discussion of this simulator on both wilders.com and malwaretips.com by otherwise knowledgeable individuals on the results of this simulator. What this product and others like it test for is how well your security solution protects you after you have been infected by ransomware. The point that is missed in these discussions is that the primary purpose of using a security solution is to prevent the malware or in this case the ransomware from installing itself in the first place. Or to quote an old truism, " An ounce of prevention is worth a pound of cure."
    1 Points
  31. SCR

    Forum Typo

    Well no I'm not 82 but 70. I should add that I wasted as much as I could in my youth.
    1 Points
  32. SCR

    Forum Typo

    Yet....
    1 Points
  33. jadinolf

    Forum Typo

    I'm sure happy I am not old.
    1 Points
  34. TomFace

    Forum Typo

    SCR I think you meant to say it shows "See how gave kudos" and it should say "See/Show who gave kudos". And yes I too like the new forum design as my eyes are old as well.
    1 Points
  35. cyberhash

    ESET Not Running

    If you can run "services.msc" and go to Eset service, then look at the dependencies tab. If there are any services in there that are disabled or manual start, this could be the cause of your problem. The relating dependencies need to be auto for the Eset service to load.
    1 Points
  36. Marcos

    Microsoft Exchange Account

    It depends on what protocol is used to receive email. POP3 and IMAP is supported but the secure protocols POP3S and IMAPS aren't. The latter are used by gmail for instance.
    1 Points
  37. ken1943

    Installation issues

    Try using the installation files on this site hxxp://support.eset.com/kb2885/?&page=content&id=SOLN2885
    1 Points
  38. itman

    Merry Christmas

    Happy Holidays!
    1 Points
  39. Marcos

    Upgrade from NOD32?

    Installation over EAV should work, however, I prefer installing a different product from scratch. At least not to have ESS installed in the EAV folder. By the way, what settings do you want to preserve? Defaults are best and recommended for most users.
    1 Points
  40. Gonzalo Alvarez

    Merry Christmas

    Thanks Tom! And for you and your family too, happy holidays! and prosperous 2017!
    1 Points
  41. Thank you for your answer. Both are right, eset has the option to install the modules folder in a different location than the default one, and so I did, that's why the path is different. I have not install eset in the default location but the ones you could check there. itman, yes, I executed Sysinpector from the shortcut the installation of eset has created itself but as I said Sysinspector has not been downloaded as a standalone version, was installed with eset smart security premium. It's just that I was executing it through the shortcut instead of going to the gui of eset and then going to tools\moretools\ESET Sysinspector. In any case I have do a new report with sysinspector, through both ways, directly from the antivirus and from the shortcut itself, and that process is not showing anymore (though a .tlb file belonging to the graphics card driver is showing as 5:Unkown status now. I have send the file though to eset so they examine it) in both cases. I guess for now I have not more questions really, since the process is not showing up anymore, at least for now. Thank you both guys!
    1 Points
  42. Running a process from anywhere other than its normal installation directory is a no-no. Creating a desktop shortcut to the .exe is OK usually but not always; depends how the app is started. By default, most apps will look for associated .dlls and the like in the installation directory.
    1 Points
  43. Marcos

    List of dirty malware sites

    I've checked the recent websites in the list and didn't find any reason to block any of them. If you come across undetected malware or domain/url that serves actual malware, report it to samples[at]eset.com. We cannot blindly block everything that appears on various lists published on the web without a good reason. ESET's web access protection is actually very strong. We pay attention to what is blocked to avoid false positives.
    1 Points
  44. Hi everyone, in response to requests for more communication about product releases and other topics we have created an opt-in email Newsletter for Knowledgebase Support News channel. The Support News channel is used to post content on some of the following topics: New product releases (home and business)—product changelog, overview of features, Known Issues and support resources ESET support/sales office closures—for example, holidays, known upcoming system outages, etc. We have successfully tested the functionality and now want to extend this communication channel to those on this Forum. Use the following URL to subscribe to the ESET Knowledgebase Support News Newsletter: https://feed.press/e/mailverify?feed_id=esetkb_news_en If you have any issues or comments, feel free to reply to this topic. So far we are averaging about 6 a month, so your inbox won't be significantly impacted. Below is an example (screenshot of the email) of a recent Newsletter that was delivered:
    1 Points
  45. Hi, I have been messing with custom HIPS rules for few days and I already have rules that protect startup entries, tasks scheduler, services, hosts file and autorun.inf. I have also applied rules for ransomware protection following ESET's instructions for business products. I also set HIPS mode to Smart. I just wonder if there another custom rules that can be used for protection against typical malware? Any ideas? Of course second way is to set learning mode for few weeks and then set interactive/policy-based mode, but I'm not talking about it. Cheers
    1 Points
  46. Try the following: 1. Open Hitman Pro 2. Click the "Risk Reduction" box 3. Click "Keystroke Encryption" 4. Click "Disable".
    1 Points
  47. Is there a way to Migrate ERA 6 server from windows server to a virtual appliance?
    1 Points
  48. Marcos

    detection floater - disabled options

    You're right.The first detection came from web protection,hence Exclude from detection was unavailable (it works if a PUA is detected on a disk).As for excluding the signature,I think it should be available regardless of the protection module.I'll discuss it with our engineers.
    1 Points
  49. Hello Metro, can you please enable Diagnostics (Open advanced setup -> Tools -> Diagnostics) and set dump type to full? After that wait until the issue reoccurs compress contents of C:\ProgramData\ESET\ESET Endpoint Security\Diagnostics with SysInspector log and send me a download link. We will check it. Regards, P.R.
    1 Points
  50. Hello, the rules based on content of an archive will be available in next major version of EMSX. There are already rules to detect the real file type i.e. exe renamed to .doc will be picked as .exe, moreover there is a new rule to detect dangerous attachments with double extensions for example invoice.pdf.exe.
    1 Points