Leaderboard

Received your get well greetings today and believe me they were most appreciated. For you who do not know it, I recently spent 5 weeks in the hospital. Diagnosis was heart failure. I know I am improving but It's going fairly slow. In order to celebrate my improvement I installed Smart Security on a Windows 10 computer. Seems fine.Thanks again fellows.

Get well soon Mr Jadinolf. Prayers are with you and thank you for being a part of the community my friend !

ESET doesn't send visited URLs unless related to malware detection. Blacklists are local; either downloaded within the Rapid response module or by LiveGrid in regular intervals. Only Parental control (not part of ESET NOD32 Antivirus) sends DNS requests in an encrypted form to ESET's servers to determine a particular website's classification.

FusionCore is a PUA which is typically bundled with installers as a dll. The detection is correct. PUA detection is optional.

Great seeing you back here! Get well soon!

Wishing you a speedy recovery.

Dear Linux community, We’ve been working on the new generation of our solution for Linux servers for quite a while. The hard work of the development and QA team was materialized into the first BETA version, which we would like to share with you. If you are interested in getting a copy and chance to get hands on experience with it, just leave a comment here or send me (@Peter Randziak) and @TomasP a private message. We are looking forward to your participation.

In this matter, answer to your direct question is : NO, ESMC / ERA is not serving as repository for update modules / installation files. You have however following options: If you have selected the option to setup Apache HTTP Proxy during the installation it will configure all ESMC components and security products to communicate via the HTTP Proxy which is set up on the ESMC server. You can use whatever proxy you have, and just configure ESMC server / agents / security products, to communicate via the proxy. It should be by default caching installers. If you have completely offline environment, as Marcos suggested you can use mirror tool for creating a update mirror, and then host it either using a web server (like IIS) or let the clients update from a folder that is accessible by them. You will have to configure their policies. In this setup, also activation via offline file is needed + you won´t be able to use ESET Live Grid as it´s a cloud based reputation system. In your setup, the option 1 would be the one I would recommend.

We are looking into it. It's possible that this feature will be moved to the System cleaner which is intended to be used after modification of system settings by malware.

Since it was detected on a Windows machine, it should be in quarantine. Please gather logs with ESET Log Collector but also with "quarantined files" selected in the ELC menu. The detected file will be included in the generated archive and we'll be able to check what exactly was detected.

Please confirm that the problem is gone now with the Archive module 1283.

Access groups are configuring user-access context. When you create a new user, you define "home group", which is also home access group for a selected user. If you create user with home group "Tvaika" all of his objects (policies / tasks, etc ...) will be located in this group. By default, it´s set to "all", therefore the reason why you need to remove the filter. In permission sets, you define access to objects (object is in fact anything inside ESMC, including computers, tasks, policies). If you grant read only access for a user to group "Tvaika" and set "policies", they will be able to see them. In your case, you just misunderstood the filter. It´s not "assignment filter" (to which group it is assigned to) but "access rights filter".

Personally, I never was concerned about unsolicited incoming echo reply request since my router's firewall blocks them by default. As far as Eset goes, I have it set to defaults in regards to Known Networks; i.e. use Windows Settings. The Win firewall is set to Public profile. Also for the record, the Eset default inbound firewall rule for ICMP IPv4 does not specify Trusted Networks in its Remote setting field. This would be the proper setting for the other ICMP protocol settings other than Echo Reply. Bottom line - you have a bug in that default ICMP rule. -EDIT- Actually, it doesn't matter if external incoming echo reply requests are allowed since Eset will only allow corresponding outgoing echo reponse requests from the Trusted Network. The only concern would be an ICMP flood attack which Eset's IDS will detect and alert.

By default echo to ping from outside trusted zones should be blocked. Please check if you have trusted zones configured properly.

Only warning and critical severity records are transferred to the ESMC server. By default, they are logged only locally on clients with normal severity.

Applying the Scheduler settings via a policy with "Replace" selected should replace scheduled tasks on client(s) with the new Scheduler settings.

Pretty sure this is the bugger: https://www.virusradar.com/en/Win32_Tinukebot.B/description since its using dllhost.exe: And again, starts from:

You wrote that the version of your ESMC server is 7.0.471.0. This is currently the latest version of the ESMC server for Linux as per https://support.eset.com/kb3690/. If you send an ESMC Compotenent upgrade task to the server, it should do nothing since the the latest version is already installed.

This is interesting. The IP address, 51.15.90.178, associated with the URL blacklisted is in Paris, France and appears to be associated with a gov. web site; UK Government Department for Work and Pensions. A UK gov. web site hosted in France? In any case, a web connection from C:\Windows\SysWOW64\dllhost.exe definitely is not normal. For the time being, you could create an firewall rule to block all TCP/UDP traffic inbound/outbound for IP address 51.15.90.178. Once it is determined what is causing the dllhost.exe traffic, you can delete the firewall rule.

Putting the permissive rule above the blocking one should do the trick.

Description: Web control policy - Blocked webpage graphic - customizable dimensions Detail: The Web control page says, and tests confirm that, a custom graphic is scaled to 90px x 30px. That's really small, and prevents usage of a lot of graphics, especially ones containing circles. Can we have option(s) for: square/rectangle or, scaling percentage, or custom values

It is a client task "Security Management Center Components Upgrade" (see documentation).

Hello @EdwardTus, sure, will send you more info privately in few moments. P.R.

Hi Please send to me :]

Is it a full moon or something ??? You are like a dog with a bone ................ Nobody is stupid enough to run known ransomware just to provide you with a "Screenshot". That's just like drinking poison to see if its strong enough ☠️