Leaderboard

For those of you in the same situation, I first had to install SP3 for SQL Server 2008 R2 Express because you can't directly upgrade to SQL Server 2017 Express unless you are running SP3. I was running SP2. Once this was done, I upgraded to SQL Server 2017 Express by using the custom install option. I then opened ESMC and went to Help->About. The DB version is now showing Microsoft SQL Server 2017 (RTM) Express Edition (64-bit) 14.0.1000.169. I then went to Help->Upgrade Product and a new client task was created. After a few minutes, I was kicked out of ESMC and I could not log back in. A few minutes later, the login page wouldn't even come up, but after some more time, it finally came up and I was able to log back in. ESMC is now showing it is v7.1717.0 and the Web Console is at v7.1.393.0. The last thing I did was install SQL Server Management Studio (SSMS) on my server so I could manage the DB a little easier. https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-ver15 https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

Ekrn.exe is the crucial process responsible for protection. It starts with Windows as early as possible.

I have long argued that what is need is a "professional" version of Eset consumer products. For example, the above mentioned EES 7.2 aggressive option could be one feature provided. Another I would like to see is more aggressive reputational scanning options such as the ability to alert/block unknown non-system processes and the like. Etc., etc.. To date, this has fallen "on deaf" Eset ears.

Yes, EFSW v7.x has it as well.

In Win 10, Eset uses the Early Launch Anti-malware; i.e. ELAM, driver to load its kernel process drivers prior to any other non-device drivers. You can read about ELAM here: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware

Endpoint 6.5 is the last one with official support for Windows XP. As for Windows 7, SP1 as well as the updates KB4474419 and KB4490628 are required.

It's now detected by ESET : Win32/Filecoder.NZG In my opinion what needs to be improved is the machine learning and HIPS , but I am not expert like those who program at ESET for sure , also as SeriousHoax said , Application Manager and Reputation(rep is already there) , to be combined with everything , so the AI could try to decide if this app is trying to do malicious things or it's not. But I could be mistaken , I don't know , but also as ITman said , nothing is 100% safe.

You can get your license email resent using the form https://www.eset.com/int/support/lost-license/

1, Please run the Uninstall tool in safe mode to remove possible leftovers: https://support.eset.com/en/uninstall-eset-manually-using-the-eset-uninstaller-tool 2, Install the latest version of the ESET product. 3, Should the installation fail, please provide logs collected with ESET Log Collector: https://support.eset.com/en/how-do-i-use-eset-log-collector

You should not log into the phantom account or it will be reported to you as a suspicious operation in the Anti-Theft portal.

I know your are not a fan of this guy. But this time you did very good.

Yes I understand but sometimes you have cases where the files that you do are private to the company that you work with and it's hard to upload them for analyzing , but I understand it's bad for the AI system , same to what happened to Kaspersky and the American gov went crazy about it and blamed them for stealing data , while their AV saw that some files are suspicious and sent it to their AI. I know it's so important to get files sent by users , because that will make the system stronger and more accurate and faster.

What I would try as a last resort before raising a ticket would be to remove the licenses from your ESMC, and try to re-add them again, either manually, or via the business account credentials. Adding them in our test environment shows correct expiration dates, for December 2021.

My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html Technically ESMC + Webconsole (tomcat) are listening on following ports: 2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices 2223: port is used for (my recommendation is to not open this port from outside of server) for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario. 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it. Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP).

Is he a decent tester? I rarely watch any of these videos normally as they can be sneaky with how they test e.g. disabling key features. Not heard of this channel

For me sorting by status works. Make sure there is no number next to the arrow. As of ESMC 7.1, you can define primary, secondary and tertiary sorting which is indicated by numbers 1,2,3 respectively. In such case, click the column title until the number disappears and records are sorted by the Status column:

Thank you, however, logs are not needed any more since. The issue was already analyzed and the only solution turned out to be to add utorrent.exe or bittorent.exe to performance exclusions or use an alternate client.

Where did you purchase the license? It was issued in India and was canceled, it was highly overused. We strongly recommend purchasing a license only from authorized sellers.

I suggested this in the Future changes couple of months ago mentioning Kaspersky as an example. Less detailed than Kaspersky but G-Data has this too. ESET can upgrade their running processes tool and turned that into something similar to Kaspersky's Application Control.

That's not possible. However, we plan to improve the rule list, e.g. by adding information when rules were applied last time.

Renaming all the drivers & ekrn and unregistering ESET from WFP did not solve the problem. But changing the value TcpAckFrequency from 1 to 2 solved the problem! This is the situation now (all ESET drivers activated, ie not renamed) : NOTE: as You can see, following the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ I found a lot of sub-folders, so I changed the value TcpAckFrequency from 1 to 2 for for each of them. Can this affect my PC performance/security? What does it have to do with ESET? Thanks for your help.

That's correct. I thought you would like to prevent existing clients who already reported to the ESMC server from connecting to it for certain time.

Thank you @Peter Randziak, This is helpful, I'm not sure how I missed that when I was searching the site... Now I just need to figure out how to deploy the plist using our MDM provider. Update: Turns out just need to copy and paste the plist code to a custom settings profile.

Refer to the screen shot you posted. A Start Mode of Minimal will only allow notifications to be displayed. Appears the Manual setting is what you desire: https://download.eset.com/com/eset/apps/business/ees/windows/latest/eset_ees_7_userguide_enu.pdf

I'd suggest raising a support ticket with customer care and providing them with status.html and trace.log for a start. Beforehand, temporarily enable trace logging for agent by creating a dummy file traceall (without an extension) in the C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs folder and restart the agent service. After a short while, stop the service and delete the file traceall.

Please contact customer care using the built-in form so that logs are submitted and ESET staff can check the version of the reported Android version.

Seems to be working ok atm for me. Several reboots and device relocation and still marked as optimized with no warning messages

The Polish distributor should have a form for activating retail boxed versions. If the number on the box doesn't work in the activation form, please contact the Polish customer care, e.g. via https://www.eset.com/pl/support/contact-support/.

I think it's been fixed. A small product update got installed a few days ago without having to reboot. On three of my computers, I had to delete the disabled Windows anti-theft account, reboot, go into the anti-theft web interface and create the Windows anti-theft account again (using the same account name as prior). It's been two days and no problem with anti-theft since.

I just moved to a new home in Sarasota, Florida. I set up my computer a few days ago but only today started getting a message of a "network event blocked" called "ARP Cache Poisoning attack." It further says "A computer on the network is sending malicious traffic. This can be an attempt to attack your computer." These messages are coming in 1 per second! The only other computer on the network is my husband's. We have a wireless router through Comcast. I have a wireless printer and my iPhone. I am not a techy and very confused. The IP address starts with 10.0.0. and the last 3 digits has changed at least twice and then back again. I didn't see anything in the community about this. I welcome any help and advice. Gail

It works for me alright. Try deleting cookies on ESET's site as suggested on the Internet: Google and Mozilla both in fact recommend right below the error to “try clearing your cookies.” Cookies can sometimes contain faulty data in which could cause the ERR_TOO_MANY_REDIRECTS error. This is one recommendation you can try even if you’re encountering the error on a site you don’t own. Due to the fact that cookies retain your “logged in” status on sites and other settings, we recommend simply deleting the cookie(s) on the site that is having the problem.

Removed Installation, Reinstalled, So Far so Good.

Dear Linux community, We’ve been working on the new generation of our solution for Linux desktops for quite a while. The hard work of our development & QA teams, using technologies developed for the ESET File Security for Linux 7, were materialized into the first BETA version of our Endpoint product, which we would like to share with you. To mention just few of the top new features: Completely new distributed architecture, natively 64-bit, with better performance, security and stability New technology for On-access scanning by means of ESET-in-house-developed lightweight kernel module Optimized for multi-core performance Compatible with latest ESET Security Management Center 7.1 If you are interested in getting a chance of a hands-on experience with it and see the full list of improvements, just leave a comment here or send me ( @Peter Randziak) and @TomasP a private message. We are looking forward to your participation.

We've tested it and adding utorrent.exe resolved the issue. Unfortunately, because the file is not 100% clean and it's a potentially unwanted application, it must be scanned which now takes longer with Advanced machine learning integrated in the product. The exucatable is unfortunately crafted in a non-standard way; it's runtime packed and unpacks to 6 MB. It has additional code embedded which is scanned by Augur and both files are suspicious from Augur's point of view which is why it analyzes them further. Since the app runs its copy from another directory, the scan time doubles unfortunately.

Hello @Marc K Are your Endpoints activated using license key / security admin credentials? Or have you activated them using offline license file ? In case the second one, you will have to reactivate with a new license file, in case the first one, can you verify that your endpoints can access https://edf.eset.com/edf? When connectivity to our license servers is broken somehow, your endpoints are not able to get the updated license information. Last option could be, that the license did not correctly export to our update servers, however for that we would need your public license ID, so we can check whether there are no sync issues with your license.

Actually you have to use different tasks to upgrade applications: Components upgrade task is required to upgrade ESMC Agents Software installation task is required for upgrade of other ESET applications

@Marcos thanks for the clarification that it will be solved with the next update V13, but as asked by @BeanSlappers, any indication when this might happen? Will there also be communication that this issue is fixed? So users know when to setup again a new Phantom Account? I do want to avoid that I am too early and have to do it again Thanks.

No the phantom account is part of eset Anti Theft - if you mark a device e.g as missing only the phantom account will work and possibly (although I'm unsure of this) if someone logs in it may help to detect their location. As someone who uses eset on their PC mainly (do not currently own a laptop) it is not something I have used

Hi, I'm unable to access stormfront.org from any of my PCs with EIS installed. I'm getting the following message in any browser: This doesn't happen on other PCs NOT running ESET products. Can someone from ESET fix this please? Alternatively can i whitelist this site in ESET settings? Oh and before anyone asks why I need to visit this site, I work/report for Hope Not Hate Cheers

According to this article: https://www.lifewire.com/how-to-download-install-directx-2624489 , DirectX 9 is supported on Win 10. Additionally, it might be required if an app requires use of one of its files. This appears to be the case for Eset. DirectX 9 can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=35 . What I believe is the problem is the DirectX 9 file Eset requires somehow got deleted or corrupted on this Win 10 build. Installing DirectX 9 would be preferable to running a Win 10 repair or full install. Note: installing DirectX 9 does not replace or affect the running status of DirectX 12 which is the version used by Win 10.

A workaround should be already included in Endpoint 7.2. As for an actual fix in the VMWare driver, I have no clue if they have already included it in their products. However, a workaround on our part should suffice in order for the issue to not manifest.

Please provide list of installer parameters you are using to deploy AGENT (only parameter names, no need for passwords or other sensitive details). From log it seems you are performing so called server-assisted installation, but probably with wrong hostname:port configuration, resulting in communication failure. Also once ESMC is installed, you might use also live installer created in console to deploy AGENT, it has no parameters so it would be much simpler.

This issue is fixed in the Internet protection module version 1382, which is currently in testing. You will be able to remove https://esmc from the whitelist when it's released for your product version(s).

To me it seems weird that you're getting an error about missing a DirectX 9 dll since DirectX 12 is a part of the OS. Moreover, there is no stand-alone DX12 installer that you could run on Windows 10 to repair it.

Hello, you are using unsupported MySQL version (5.5) which is no longer supported in ESMC 7.1. The only option is to upgrade your database to the one supported by ESMC 7.1 or downgrade ESMC back to 7.0 till you are able to process the upgrade.

Join the club. I and many others have been asking for file wildcard capability for years.

This seems like an issue we are already aware of. Please proceed as described here: https://support.eset.com/kb7272/ , but please enable Protocol filtering advanced logging as well. Don't forget to disable logging before Part II. Then please send me the created logs via PM. Then, you can try if changing this setting makes any difference: F5 -> Web and email -> Web access protection -> Web protocols -> Ports used by HTTPS protocol Change the current value (I expect there is 443, 0-65535) to 443. We don't need any logs from the state when the setting is changed, at least for now. Thanks.

@schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510

I think this behavior has been already reported and probably fixed in the meantime. Maybe @Marcos will know more details of whether module responsible for scanning network has been updated in the meantime. It is also possible that update was canceled which might explain why only specific devices were affected.

Appears not be an issue anymore after I found some nasty hidden pagefile malware and cleared it out of there. The Event log entry hasn't appeared since then. The question is what the malware was trying to do with ecmds.exe?