Leaderboard

Thanks for the heads-up peteyt, the user was banned.

@MarcosCan someone please ban this user. Reported another of his posts the other week. Noticed something strange as one of his post seemed to be exactly the same post I made. User is basically copying someones post and reposting and then editing at a later date to add a spam link. Possibly hopes users will not notice because the link is not originaly included but have been keeping an eye out

I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case. In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged. In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.

MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.

Nothing strange about it. The Eset off-line installer web site is always updated somewhat after the release hits the Eset update servers. Also the situation is identical to the current status, the ver. update is offered prior to an official announcement in the forum. More so currently in that it appears all the Eset support personnel at some conference this week.

No because virtually all third party firewalls are part of integrated AV security suites these days. The only full-featured stand-alone firewall actively supported is Comodo's. The rest are old Win 7 versions with kludges applied to get them to function on later OS versions.

As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected. This is how the detection would have looked like at that time: Log Scanned disks, folders and files: C:\test2\documento.exe C:\test2\documento.exe - Suspicious Object Number of scanned objects: 1 Number of detections: 1 And here is how ESET reacted with 2-month old modules: The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script... Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550; And the malicious process was terminated: AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.

I had the same problem as you, and I think it got borked during an in program version upgrade. So I'm gonna guess you did an in program version upgrade. I never noticed it until I was reading a post about someones problem with 'Desktop Notifications', and when I looked at my setup trying to find 'Desktop Notifications' it wasn't there, just 'Email notifications' just like yours. Fix-Do a clean install and all was good again.

I was having the same issue on a Pixel 2 after the Android 10 update. Permissions were set to Always. Disconnect/reconnect to home WiFi fixed the error. Thanx.

Servus Marcos, Yes indeed, a server restart was enough. The warning at least about HIPS is gone... Thx & Bye Tom

Running the Uninstall tool in safe mode first and then installing v12.2.30 from scratch should work.

See the firewall rules. The name of such rule commences with "Rule created by wizard".

My own opinion is your posting is inappropriate for this forum. You should be soliciting Eset user comments on your web site. Also security web sites such as wilderssecurity.com and malwaretips.com have sections for inquiries like this.

Just purchase Nod32 Antivirus for Linux Desktop and was sent the license key, license ID, and username. I have no way to activate my product without the "password" that was supposed to have been sent. Is anyone else experiencing this same issue? I've contacted support, but haven't heard back yet.

Last night I watched an episode of FRONTLINE. It revealed the use of Pegasus (Israel) by the Saudi Government to spy on its entire population's cellular use. It stated that Pegasus can crack ANY encryption. Any. Can this be true??? I have read that 'anything' can be cracked, but some encryption takes supercomputers and years to crack. I think Pegasus is extremely expensive to purchase and is 'sold' to Governments, law enforcement agencies, etc and not to the general public. So, the simple question is: Is there protection available against Pegasus enabled tracking (and the like)? Thank you in advance.

When esets_proxy is heavily utilizing the CPU, select esets_proxy on the CPU tab in Activity Monitor. From the menu choose Sample process and Save as. Please provide the file along with ESET Log Collector logs to customer care. You can also upload the files here.

Hello, this could be caused by importing our certificate for scanning the SSL communication. Even if it is not your default browser, we do that for all supported browsers installed on the machine. We do call the firefox.exe process during the certificate import, that's why it could be seen for a split second.

@Fenway I believe what you are describing is that the retailer you purchased it from is listed as the ESET Partner for your license profile, and you want to separate yourself from them. Short answer: If you renew through a different partner, the profile gets updated in kind. Renewing through ESET directly does not necessarily make this change, though at least then the "shady" retailer doesn't get your money again. To alleviate some of your concerns, while it does appear the retailer may have pushed you to purchase some extras, both MalwareBytes Premium and SuperAntiSpyware play nicely (for the most part) with ESET products. You may experience minor performance degradation, but nothing debilitating. Both of those products are meant to add protection against malware (ie., not "viruses" in the traditional sense). That said, as an account manager for one of ESET's Platinum partners, my suggestion to you would be to upgrade your ESET product to one which negates the need of yet more software installed on your machine. ESET NOD32 Antivirus is an excellent antivirus. But these days the enhanced features of ESET Internet Security or even ESET Smart Security Premium are necessary to protect against ransomware and other threats that aren't classified as "viruses" (think: social engineering scams, data theft, and so-on). We (myself, or any other ESET vendor) could upgrade your existing license for you, which technically would negate the need to have all that extra software on there. Regardless, renewing your existing license through a different partner will ensure your ESET license is associated with the new partner. I could do this. Any other partner could do this. I'd be happy to help if you like, though I am careful not to come across as advertising "buy through me" on here. If you want to chat, feel free to DM me and I'll gladly assist, though I am not here to solicit. Option B would be to call ESET and ask them for a few names of local companies that are official partners. Then, you can choose who you'd like to deal with. Cheers, Robbie // The Bald Nerd

Purchase a new license from the Eset web site or an authorized Eset retailer. Places like Amazon, eBay, etc.. are not authorized Eset retailers. If you have made customized changes within the Eset GUI, export those. Uninstall your existing Eset version. Reboot if not specifically requested to do so after uninstall. Install the Eset version you just purchased and activate it with the provided license key. If Eset previous settings were exported, import those into the newly installed Eset verion. Neither MBAM or SuperAntiSpyware are needed. If MBAM is installed, its real-time protection should be disabled since it can conflict with Eset's like real-time protection.

Hi, there are a few restrictions here: Web Console can process 32768 characters. However, if you copy-paste a longer command, it would silently cut out the end. Linux and Mac are able to process the full length of the command. Windows has restriction for 8191 (read more https://support.microsoft.com/en-us/help/830473/command-prompt-cmd-exe-command-line-string-limitation) I hope this helps.

That particular rule is checked in my installation. Seeing as it's a built in rule, I'd expect it to be checked by default. Edit: I just reset all rules to default and that rule is definitely checked.

Save yourself some time and stop looking. There is no option in the Eset GUI for 12.2.30 in regards to enabling AML. That won't exist until ver. 13. The scenario here is the same prior to when advanced behavior blocking was implemented. That is the feature in the form of the module being present is fully functional as far as I am aware of.

Consumer VPN use is widespread now. Eset 12 has many bugs related to VPN use, and the devs are negligent in fixing these bugs. In fact they're never fixed for years, and the impression is, Eset package is simply not tested by devs to be continuously used in consumer VPN environment. Eset also has no controls or interface features related to VPN use. Examples are regular excessive lengthy Eset CPU and HDD load when switching VPN on and off. Also Eset Firewall failure to restore settings in Interactive Mode after firewall is switched off while VPN is enabled, and then switched on while VPN is disabled, or vice versa. When reading Eset Help docs, the impression is Eset team purposely ignores the overwhelming trend on the consumer market during last years of using VPN, and devotes no technical or knowledge base articles to this very issue. Further, when contacting Eset support, they bring every fake reason to refuse investigating issues related to Eset failures to work properly in VPN environment. In Help docs, Eset writers make it look that VPN is only used and of interest to enterprise market, and consumers should not ask any questions, or report any bugs related to Eset consumer products systematically failing for years to work properly with VPN. Instead of saying "Thank you" for reporting never fixed bugs, Eset reps claim they can't find one's license, or its expired, or how it was obtained etc, trying to find a reason to refuse the bugs investigation. Meanwhile, reporting bugs is users free gift to Eset, and the bugs must be fixed to benefit all paying and testing product customers, regardless who reported them and under what conditions. Most large companies have Bug trackers where anyone can enter bugs, it does NOT require any license proof at all, because bug reports are free donations to the very rich Eset company, allowing it to get ever richer. On this forum, Eset reps also systematically ignore all user posts and threads related to VPN issues with Eset. This seems to be thick culture within Eset company of aggressively ignoring and denying existence of burgeoning consumer VPN market, thus making Eset less and less attractive to consumers despite cosmetic changes in slightly updated new product versions. I know my post will be deleted, ignored again, or attacked by Eset paid guns, who also attacked them in the past, while Eset has no intention to change this ill long obsolete culture of ignoring consumer VPN market.

Since you continue ranting and personally attacking moderators which is against the forum rules and ignore the proof above that ESET protected our users even with outdated modules unlike many other AV vendors, we'll have to take an action.

Not sure if that was an error ha but thought id add that i never made that comment in regards to windows firewall. As i mentioned and have mentioned previously as shown by the image bellow by default you cannot see the app name because "allow communication for" is shown even though there is an action area. Also as seen bellow previous versions had icons to help see rules As you said this seems to have happened when they changed to the metro design. Wonder if there was a way to show the app names with icons with the metro style design

When will be the official release and How to install the early access?

I believe that this article sums up nicely why pirated software should not be used: https://www.maketecheasier.com/dangers-of-using-pirated-software/ . Also some security software does scan for pirated software. MalwareBytes is one of them. Also a number of the web sites that assist in free malware removal will refuse to provide help if they detect cracked software on a device.

Hello, While ESET does not condone software piracy (or any other kind of piracy, for that matter)*, neither is ESET the software police. That said, it is important to keep in mind that peer-to-peer file sharing programs can be bundled with potentially unwanted applications, adware or even outright malware. They can also introduce privacy issues, such as the leaking of sensitive or confidential information due to improper configuration, as well as security vulnerabilities which can be subject to exploitation by threat actors. And, of course, there is also malware which may make use of peer-to-peer networks for various reasons, from spreading as a worm, for use as command-and-control infrastructure, exfiltration of stolen data, and so forth. Web sites involved in the facilitation of software piracy often have limited opportunities for revenue generation, as legitimate advertising networks, payment processors, e-commerce providers and other businesses may be unable or unwilling to do business with them for legal or other reasons. As such, these web sites may turn to other means of funding continued operation, including the display of advertisements from less-than-reputable ad networks/brokers, which may introduce malicious advertisements (malvertising) using exploit kits to compromise a computer through the web browser, to other schemes, such as mining cryptocurrency in the web browser to generate revenue for the site operator. Another thing to consider is that many customers do not want programs which facilitate the theft of intellectual property on their computers and networks. The reasons for this can range from the mundane (wanting to avoid legal liability) to concerns about more draconian actions: In Russia, software piracy can be treated as a criminal matter by the Russian federal tax police, and having pirated software on computers can lead to the arrest and imprisonment of employees, harsh financial penalties the dissolution of a company and/or the forced transfer of a company's assets. This happened to several non-profits who were accused of pirating Microsoft software in Russia. To their credit, Microsoft quickly responded by providing the Russian non-profits with legal licenses for its software, and now makes its software free for use by non-profits in Russia in order to prevent this from happening again. While that is an extreme kind of scenario, it does show how regimes can use software piracy as a pretext to shut down organizations of which they do not approve. From time to time, ESET has talked about some of the malware using and abusing peer-to-peer networks, probably the most famous of which is the Conficker worm. Some additional examples of malware which make use of peer-to-peer networks, can be found on ESET's VirusRadar site: MSIL/Antinny Python.Filecoder.P (ransomware targeting .torrent files) Win32/AutoRun.IRCBot.FE Win32/Skopvel Win32/TrojanDownloader.Agent.PUC Win64/GoBot2 Further information about risks, as well as mitigations, can be found on ESET's WeLiveSecurity blog: Limewire, free software and the for-fee membership BitTorrent family susceptible to DRDoS attacks Mac malware spread disguised as cracked versions of Angry Birds, Pixelmator and other top apps How black hats misuse the torrent ecosystem for fun and profit As previously stated, ESET is not the software police. ESET does, however, have a stated goal of protecting its customers from threats, and those threats can come from many sources, including peer-to-peer file-sharing networks, applications and their associated web sites. Regards, Aryeh Goretsky *ESET holds no position on Talk Like a Pirate Day.

Here's an analysis of what appears to be a later version: https://any.run/report/c77cf8ebd52d044362c7f5d1a8e3fc444488371985a8c0f2902420b93bc44001/2bdc9ed2-5ebe-42a9-beb4-f35fa778bd37#registry In this case, the determination was suspicious.

Hey man, thank you for taking the time out and directing me to links to the other threads about this. I guess regarding what you said and what @itman posted this looks like my only way out. I guess I have no other option and I will just run the un-installer of ESET and remove it from my computer. Then I'm guessing a reset and visit the website and do a fresh install and just configure everything from there again from scratch and it will solve the problem? That is what worked for you? Thanks for the info about ESET not saving old installers. Since v12.2.29.0 is buggy and I don't have v12.2.23.0 saved anywhere I guess I will wait for a fixed update release? I'm guessing ESET is pushing a new version soon since so many people have posted issues with WNC and Windows 10 that they will be releasing an updated version soon. I'd rather fresh install from that version, I'll also be away from my main PC for a few days so hopefully I will be able to do something when I'm back and a new version will be out hopefully soon. Thanks for the information on this and will keep you guys posted in this thread. Thanks for everyone that came out for the help. Appreciate it.

The notifications are not shown anymore, if our blocking web page is shown directly in a web browser. Those notifications are redundant in such cases. It involves anti-phishing and PUA protection, to name a few cases.

@m.gospodinov That was exactly the recommendation I wanted to give. Please note that you can also play a bit with the dashboards, make the "table view" displayed as default, and also when you edit the report template you can edit the "top 10" setting, so if you have more than 10 different problems you can list them all (that depends on size of your network mostly).

Oh wow. Yea I only update ESET when I get a notification that a new version is available then I click update and it asks me to restart and I restart and I figure all is well. I haven't re-installed ESET ever because I've had no reason to on my main PC. Oh wow, so the only solution is a clean install? Ugh. Is v12.2.23.0 still available? I don't want to upgrade to the latest version, as its buggy right now. Thanks for letting me know you had similar problem, is that how you fixed it clean install only? Can you still export/import settings or no? I wish there was an easier way ...

I checked everywhere and I don't have the Notifications menu like you do for whatever reason. It doesn't come up anywhere at all .... wth is going on? How would I lose the Notifications menu and only have it show email notifications.

Note that email notifications is a sub-section of Notifications:

@Marcos Thank you for the quick reply. I am not sure what version you are using but I do not see that screenshot in my version of EIS v12.2.23.0. I checked my interface and do not see those settings.

Yes, its a well known bug by now ..........it appeared with this buggy update to 12.2.29 . Rolled back to previous version 12.2.23 , with NO BUGS at all !! I dont understand why (!) ESET still did not react .............WHEN WILL THESE TROUBLES GET FIXED !!! I contacted support already , they want to look in my PC , but whats the use without a new update , its not our OS , this is an ESET-problem ...................!!

If ESET Internet Security says its firewall is active, but WSC reports both ESET and Windows firewalls are switched off: Is ESET fully functional, with no security breach/issues? Is my computer fully protected correctly by ESET at this time? Thanks

Just a repeat of what @Marcos said above. ESET products are not an anti piracy solution but a security product. There are entities (bodies) that deal with piracy in general. The only connection is that a large volume of pirated products are generally where viruses and malware are placed and why ESET and other security products detect them.

In fact, we do not aim that combating piracy in general. That's not what an antivirus or security software is supposed to do in the first place. If administrators want to prevent illegal stuff from being used in their networks, they can use application control for instance to control what application users can run.

Try the newer version of EIS when available later this week or by the beginning of the following one.

To put it right, you can export and import cfg within gui in legacy versions but cfg files between v8 and v9+ are not compatible.

Elaborating, Eset switched the GUI to the Win Metro interface on vers. 9+. As such, all ver. 8 custom rules and the like will have to be re-entered from scratch. This does bring back painful memories ..........................

It is not possible.

EIS connects to our servers in order to fetch the category for a particular domain.

Not true, it takes VT some time to update. Plus VT doesn't take into account when a particular file was blacklisted in LiveGrid which happened hours ago. ECLS Command-line scanner, version 7.0.2097.0, (C) 1992-2018 ESET, spol. s r.o. Module loader, version 1018.1 (20190709), build 1054 Module perseus, version 1554.1 (20190731), build 2050 Module scanner, version 20053 (20190920), build 42838 Module archiver, version 1291 (20190823), build 1305 Module advheur, version 1193 (20190626), build 1175 Module cleaner, version 1195 (20190610), build 1293 name="70e50d0eae76044b3c022cdb423bd47e525a8891", threat="Win32/Filecoder.NXW trojan"

Thank you for the feedback. I will check on our side, whether there is anything to be done to change it. I agree, that impossibility to turn it off when anything is wrong is an inconvenience. I will try to give you update here next week.

More details on this ransomware is here: https://translate.google.ru/translate?hl=ru&tab=wT&sl=ru&tl=en&u=https%3A%2F%2Fid-ransomware.blogspot.com%2F2019%2F09%2Fgoransom-poc-ransomware.html It is using XOR for encryption activities. Suspect this is why it is "flying under the radar" of security solutions monitoring for specific crypto API's.

We are aware of it; it was actually an issue that we tried to work around in v12.2.29 but it caused other issues resulting from WSC not responding in a timely manner. Most likely it will be reported to and discussed with Microsoft's developers since the process of registration to WSC is handled by Windows itself and it's beyond any 3rd party sw vendor. There should be a newer version available soon that will have the workaround reverted which may affect timing and the notification may go away.

False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!