Leaderboard


Popular Content

Showing content with the most kudos since 04/30/2017 in all areas

  1. 3 points
    Hello, In ERA 6.5 a new column in computers table is added, which is called "remote host", which should include the public IP of the computer. This is disabled by default ( Column contains reverse DNS lookup or remote IP.). NOTE: The logic behind is similar as in case of ERA V5. Regards, Michal
  2. 3 points
    Marcos

    Massive Ransomware Attack

    Actually ESET Endpoint Security v6 and ESS v9+ (probably v8 too but I'm not 100% sure) have protected users from malware exploiting the SMB vulnerability to spread via LAN since April 25 with the network protection module. Since the vulnerability is in SMB, NOD32 Antivirus cannot protect against exploitation at the network level due to missing firewall. The detection of an exploit exploiting the SMB vulnerability CVE-2017-1044 looks as follows. Apologize for not posting English version: I would also add that a WannaCrypt memory detection was added in update 15403 which was released at ~10:30 CEST, about the time when the outbreak started.
  3. 3 points
    Marcos

    Eset let computer sleep while scan

    It turned out to be doable. We'll consider adding an option to prevent standby in future versions of Eset's products.
  4. 2 points
    DinGo

    Won't Update

    The only answer is, it will be released when ESET are satisfied it is working correctly
  5. 2 points
    Marcos

    Won't Update

    This is a known bug that will be fixed in the next product update.
  6. 2 points
    MichalJ

    Obtain list of computers and MACs

    Hi Jim, Does this combination of report symbols work for you?
  7. 2 points
    Domo

    ESET Endpoint 5.0.2271 PCU ETA?

    Great, thanks. One small note, tho. The file path in txt files should be pointed to current directory. Ie file=/download/win/v5/eea_nt32_enu.nup should be file=eea_nt32_enu.nup etc.
  8. 2 points
    The distributor for Macedonia is NORT (http://www.nod32.com.hr). See their website for contact information.
  9. 2 points
    @silva_shells: That did the trick, thanks. Btw, I had to restart Windows before it took effect.
  10. 2 points
    If the problem persists, run the following commands and post the output here: sc query eamonm sc query ehdrv
  11. 2 points
    TomFace

    Stop telling me to renew my license!

    oldb (if you're still reading this) I am curious, just how much time was left on your license? And for what it's worth, uninstalling for that reason is just plain silly.
  12. 1 point
    Hello, no, reinstallation is not needed. In case there won't be any issues reported with the newer version of the module, the release will continue. Regards, P.R.
  13. 1 point
    Which to wait for a month more? Complete disgrace
  14. 1 point
    jadinolf

    Stop telling me to renew my license!

    I got my 13 day notice on 3 computers yesterday. Being stubborn, I will ride it to the end. Do I hate it? YES
  15. 1 point
    Will swap you for AOL install cd
  16. 1 point
    Did you run the ESET Uninstall tool in safe mode to remove it completely? The thing is that a v9 update group is set in the registry for some reason and therefore v10 can't update. Please try uninstalling ESET the same way as before but before installing v10 from scratch check if the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" exists. If so, do not remove it manually yet as we'd be very grateful for being able to troubleshoot the issue and find out what went wrong.
  17. 1 point
    tommy456

    new ransomware Xdata in Ukraine

    xdata ransomware on a rampage in ukraine
  18. 1 point
    ESET has released a command line tool for checking if a computer is vulnerable to the so-called EternalBlue exploit massively exploited by WannaCryptor recently. It's downloadable from https://help.eset.com/eset_tools/ESETEternalBlueChecker.exe
  19. 1 point
    itman

    Massive Ransomware Attack

    Signature needed by Eset for this ASAP: https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/
  20. 1 point
    A more appropriate WannaCry protection test: https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/
  21. 1 point
    itman

    Virus of the Past Ripper keeps showing up?

    There was a Ripper outbreak https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html last year but it targeted ATMs. Might be that Eset is identifying something is amiss with the MBR on that particular PC but mislabeling the theat. You can always just just repair the MBR to play it safe.
  22. 1 point
    Nubian

    ESET Endpoint 5.0.2271 PCU ETA?

    Domo, good catch! You are right. These files has been updated a few minutes ago. However, if anyone wish to place eea_nt32_enu.nup to a different directory than the mirror root: file=/desired_directory_in_mirror/eea_nt32_enu.nup
  23. 1 point
    Nubian

    ESET Endpoint 5.0.2271 PCU ETA?

    Hi Domo, the KB article has been updated to reflect the most recent endpoint version. Thank you for your patience.
  24. 1 point
    Domo

    ESET Endpoint 5.0.2271 PCU ETA?

    Thanks, Peter. While you at it, here's another related problem:
  25. 1 point
    RoHu

    Agent Installation Deployment on Windows 7 Pro

    I get this quite often, all the time. The easiest and quickest fix I found, was to uninstall the agent with a special uninstaller (don't want to mention here ) and then install it again running the script.
  26. 1 point
    Marcos

    Massive Ransomware Attack

    See my answer above. ESET products detect all known variants of WannaCrypt. However, on unpatched systems only ESET Endpoint Security v6 and latest home products with firewall can block SMB exploits at the network level.
  27. 1 point
    DinGo

    NOD32 Update Today

    Thanks for the support TomFace. I still feel that ESET should flag up if you are downloading a pre-release version though. As far as I was concerned it was a regular update. I've learned something froim this.
  28. 1 point
    Marcos

    Still Stuck On Ver. 10.0.390

    This option will be brought back in v10.2. To put it right, I didn't mean to discourage you from upgrading to 10.1 or newer versions; it's important to always use the latest version for good reasons. Only in case you often use the function for temporarily pausing protection from the tray icon menu, you might not want to hurry with upgrade to 10.1.
  29. 1 point
    itman

    Massive Ransomware Attack

    Ditto for Thunderbird; blocking of auto opening of e-mail attachments plus all active content is disabled by selecting the "text only" viewing option. However for web e-mail users, your options are limited to whatever protections your e-mail provider offers; those are usually next to nil.
  30. 1 point
    DinGo

    NOD32 Update Today

    I'm beginning to wish I hadn't started this thread
  31. 1 point
    TJP

    Still Stuck On Ver. 10.0.390

    Same here (and I'm in the southern hemisphere). I'll give Eset time to sort itself out as the current version works fine.
  32. 1 point
    Marcos

    Wannacry ransomware global attack

    In terms of detection you are protected. However, in order to stop attacks at the network level you would need to have ESET Endpoint Security v6 installed which contains firewall and network protection module. ESET NOD32 Antivirus nor ESET Endpoint Security v5 do not protect you from malware exploiting CVE2017-0144 at the network level. Since we have an ongoing topic regarding Wannacryptor at https://forum.eset.com/topic/11948-massive-ransomware-attack/, we'll draw this one to a close.
  33. 1 point
    Marcos

    jaff ransomware

    It's Filecoder.NLI. We are currently analyzing it and therefore it's impossible to tell now if decryption will be possible or not. Make sure that: - the latest version of ESET (v6) is installed on all machines in LAN - LiveGrid is enabled - HIPS, Advanced Memory Scanner, Exploit Blocker and Self-defense is enabled - no dangerous exclusions are set - all Windows hotfixes are installed I'd also recommend protecting ESET settings with a password and disabling or at least securing RDP.
  34. 1 point
    cyberhash

    NOD32 Update Today

    Usually when you cant update within the application itself, the files are sometimes available on the ESET website and you can manually download them from there. I did notice from the screenshot that @DinGo is probably on PRE-Release update method and probably why they have managed to update to the newer version. ESET always announce the new versions on the forum on release, when they are available to ALL users. Other users have also mentioned that EIS has also updated to a newer version(on another forum post), and again this may only roll out to users on PRE-Release updates. Even when REGULAR updates to the program itself are released, it can be a staggered release. Depending on which country you come from seems to affect how quickly the program updates are rolled out to you. I'm sure it wont be long before there is a post from one of the staff on here "Officially" announcing the update.
  35. 1 point
    Marcos

    About Ransomware AES-NI

    As far as I know, this Filecoder is run manually by an attacker after remoting in via RDP for instance. Therefore besides upgrading to v10 which contains ransowmare protection module, you should also consider disabling RDP or at least securing it.
  36. 1 point
    Regarding Amazon Kindle Fire HD, in the EMS FAQ (#12) it says And Will ESET Mobile Security for Android work on my Tablet device? also lists the limitations when installing on Kindle device. I'm trying to find specific information regarding what you wrote: If you can provide a screenshot of that on my.eset.com, that would help.
  37. 1 point
    Marcos

    Upgarde existing license

    Please contact your local distributor. They should be able to provide you with upgrade to ESSP for a small upgrade fee. If you have purchased ESET Internet Security, your license covers ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security (but not the Premium version which also includes Data encryption and Password manager).
  38. 1 point
    peteyt

    Doubt huge with my license

    I think he means contact your local distributor. Which country are you in? A lot of countries have their own local distributors who may be able to help you out
  39. 1 point
    itman

    Don't use public wifi?

    There is also a man-in-the-middle technique know as "dual forking." Your encrypted traffic can be intercepted an decrypted on one "fork" while the original encrypted traffic is held in suspense by the other fork. This allows the hacker to extract for example, your logon and password data. Once the desired data is extracted, the suspended encrypted traffic is released. This technique bypasses any SSL encryption tampering validations since the original SSL encrypted traffic is never manipulated. Below is an excerpt from an article on the subject of public Wi-Fi use. I recommend you read the entire article here: https://www.howtogeek.com/178696/why-using-a-public-wi-fi-network-can-be-dangerous-even-when-accessing-encrypted-websites/ Malicious Hotspots Most dangerously, the hotspot you connect to itself may be malicious. This may be because the business’s hotspot was infected, but it may also be because you’re connected to a honeypot network. For example, if you connect to “Public Wi-Fi” in a public place, you can’t be entirely sure that the network is actually a legitimate public Wi-FI network and not one set up by an attacker in an attempt to trick people into connecting. Is it safe to log into your bank’s website on public Wi-Fi? The question is more complicated than it appears. In theory, it should be safe because the encryption ensures you’re actually connected to your bank’s website and no one can eavesdrop. In practice, there are a variety of attacks that can be performed against you if you were to connect to your bank’s website on public Wi-Fi. For example, sslstrip can transparently hijack HTTP connections. When the site redirects to HTTPS, the software can convert those links to use a “look-alike HTTP link” or “homograph-similar HTTPS link” — in other words, a domain name that looks identical to the actual domain name, but which actually uses different special characters. This can happen transparently, allowing a malicious Wi-Fi hotspot to perform a man-in-the-middle attack and intercept secure banking traffic. The WiFi Pineapple is an easy-to-use device that would allow attackers to easily set up such attacks. When your laptop attempts to automatically connect to a network it remembers, the WiFi Pineapple watches for these requests and responds “Yes, that’s me, connect!”. The device is then built with a variety of man-in-the-middle and other attacks it can easily perform. Someone clever could set up such a compromised hotspot in an area with high-value targets — for example, in a city’s financial district or anywhere people log in to do their banking — and attempt to harvest this personal data. It’s probably uncommon in the real world, but is very possible.
  40. 1 point
    Marcos

    Don't use public wifi?

    SSL certificates can be obtained by anybody. I'd say there are still many users who don't even check the padlock icon in the address bar for https connections and even less those who check which CA actually issued the certificate. A green padlock does not automatically indicate 100% trustworthiness as it's easy to obtain a certificate for anybody these days (let's mention just "Let's encrypt" CA issuing certificates used by many scam websites). On the other hand, EV certificates can be generally trusted; they are mainly issued for bank institutions and it's not that easy to obtain one.
  41. 1 point
    Thomas Fecke

    Don't use public wifi?

    Hello Ford, the connection between your Client and the Target Homepage is SSL encrypted. But if u use Public WLANS, ur Traffic could be manipulated. Before the Signal reaches the Internet. https://en.wikipedia.org/wiki/Man-in-the-middle_attack So the Attacker just can replace ur SSL Certificate and redirect your Traffic. Are you Safe with ESET? The Phishing Filter will help you a lot. If the Router gets replaced by a MITM Router your Client will " Auto reconnect" and ESET will warn you about this. But, if you connect to every Random WIFI there is a possibility your Traffic gets manipulated. So always proof to which WIFI u try to connect
  42. 1 point
    CMS

    ERA6 - how to upgrade agent?

    I think the confusing thing here is that it's the same task that is used for upgrading the server. Certainly confuses me!
  43. 1 point
    TomasP

    How to gift a license to someone?

    Hi Phoenix, Regarding physical purchase of a product box, it is easy - you purchase a box and give it someone who then registers it. As for direct online purchase of a digital license, this can vary from country to country, as our partners may have different methods of ordering and registering the license, so it would be best to contact them, as suggested by Gonzalo in the post above.
  44. 1 point
    MichalJ

    Install ESET Endpoint Antivirus

    Hi Emil, If you have your computers in domain, the best option for deployment would be to: - either use the GPO / SCCM deployment menthod - or create the all in one installer of Endpoint / Agent (with offline file inserted) and use the standalone deployment tool to push those in the network. Concerning the update distribution, if the ERA has internet, then you can install the HTTP Proxy, to tunnel the update / other ESET traffic via this server (it will block all other internet connections, except this proxy). If there is no option of using the proxy, then I would recommend to either use a mirror created from one of the Endpoint clients, or use the standalone mirror tool, to distribute the updates.
  45. 1 point
    Also it doesn't help that Eset uses the same acronym, PUA, to refer to Potentially Unsafe Applications and Potentially Unwanted Applications. Suggest Eset adopt the PUP acronym for the later.
  46. 1 point
    I forgot where I read this but I've seen several articles about how antiviruses are being exploited by malware, if I remember correctly the malware takes advantage of the high system privileges that AVs have and infects the system. So I'm wondering if Eset Nod32 4.0.82 prevents this type of attack? Also when is Eset Nod32 4.0.82 going to be released?
  47. 1 point
    Phoenix

    Hibernation

    Hibernation means the computer is fully shutdown albeit the current state is saved to the hiberfile.sys so when you startup your computer, everything that you had opened is still there as if you didn't shutdown. So ESET has nothing to do with that and it certainly won't do anything when the computer is hibernated, it's fully OFF anyway
  48. 1 point
    Matt, I had a similar issue. I went to Eset's main site, downloaded their installer again and re-installed the software. It worked for me and the errors disappeared.
  49. 1 point
    Marcos

    JS/ProxyChanger.bw help

    Make sure that you have no automatic configuration script set up in the Network settings and the appropriate box is unchecked as shown below:
  50. 1 point
    Hi blearyeye, I've just had the same error as you after upgrading to Windows 10 then reinstalling ESET NOD32 Antivirus. After finding your post, I found Windows Defender antivirus was running in the background? After disabling this, the Real-time protection and HIPS became enabled automatically. I'm not an IT person, so if someone else wants to add and/or if I have to do anything else, that would be great.