Leaderboard

ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker. Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.

This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.

I use the daily "seat of my pants" results. I know what works for me. No A/V program is 100%...that's why they get updated and evolve. In my opinion, these A-V test results (no matter who publishes them) only provide the trolls with food (in addition to being (for me) worthless data). We all know (or at least should know) that you never feed a troll. Regards, Tom

He has asked to cancel his account here. But yes, it's not normal that a user of a trial license would request a response within 1-2 hours 24x7 that is granted to VIP customers at an extra fee. Moreover, the problems with LiveGrid authentication suggesting an invalid username/password being used was highly suspicious too.

Internet Protection Module #1375 is rolled out on the pre-release update channel, and it works fine for me with the default Eset settings. There is no more need of whitelisting port 8009. Hopefully it will be rolled out soon on the regular update channel as well.

And eset has a password option if enabled. As i have pointed 100s of times and probably shouldnt anymore, the AV is only part of a security setup. Its no good using an AV with for example a no longer supported update or without all the latest patches. Until people realisle the importance of this problems like this will happen. But again as also mentioned we dont know what has happened and all we can do is suggest.

Work around for everybody who doesn't want to read the whole thread! Please also upvote it! (On page 4) All credits go to Lamar!

I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step: 01. Open Eset console | 02. Click "Setup" | 03. Click "Advanced setup" | 04. Click "Web and email" | 05. Click " Web access protection" | 06. click "Web protocols" | 07. Now you are on the right place | 08. Focus on "Ports used by HTTPS protocol" | 09. You have to see the text "443, 0-65535" in the input field. | 10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) | 11. Press "OK" | 12. If Windows asks for permission, press "Yes" | 13. Close ALL instances of Chrome | 14. Reopen Chrome | 15. Connect to your Chromecast | 16. Success! After the bugfix will have been rolled out, you can reset the original text you modified.

It's not you...we are transitioning our product release communications currently for all products but once the process is finalized, we'll resume posting.

The security report referenced is the aggregate event status one that shows ever 30 days. When you have questions about Eset settings, always click on the "?" on the GUI page. This will open Eset on-line product help which will show detailed explanations for the settings: https://help.eset.com/eis/12/en-US/idh_config_ui_notifications.html

You can disable these notifications in the Application statuses setup:

It's a javascript code that downloads payload from another website. An administrator has probably already cleaned the website from malware; at least I'm unable to reproduce the detection. Or I don't match conditions (e.g. country) for the malware to be injected into viewed web pages.

First of all, ESET's firewall doesn't block any programs, only HIPS can. The firewall controls the network communication. By default, in automatic mode all outbound communication is allowed and all non-initiated inbound communication is blocked. Please continue as follows: - switch logging verbosity to diagnostic - enable advanced network protection logging under tools -> diagnostics - reboot the machine - reproduce the issue - stop logging - collect logs with ESET Log Collector and upload the generated archive here - provide information about the remote IP address whose communication with this machine was blocked.

https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

A very strong warning here. I just performed a detail scan of this web site using Quttera. It found a whopping 19 malware instances; all Javascript based: https://quttera.com/detailed_report/watchdoctorwhoonline.com

First of all, try uninstalling ESET and installing it from scratch, e.g. in case proxy or update settings were altered. If that doesn't help, continue as follows: - enable advanced logging under Help and support -> Details for customer care - run update manually - stop logging - collect logs with ESET Log Collector and submit the generated archive.

You can download the standalone mac endpoint installer at eset.com (download section). Specifically here: https://www.eset.com/int/business/endpoint-antivirus-mac/download/ Installation works in the way, that when you choose a product you want to install, agent will connect to ESET Repository (cloud download server), and will download and installed the respective product. You can cache installers by a proxy server placed in between, to optimize a network traffic. With regards to the appliance upgrade, instructions are available in the documentation: https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html

Marcos, thank you for the information and for protecting the legitimacy of the Forum. Best regards, Tom

Not so easy as it sounds. Valid only if you watch only free stuff via your Chromecast. If you pay US$ 20-50 per month for online movie channels, then three weeks of black screen due to another paid product's malfunction makes you impatient relatively fast. That is the natural behavior of customers.

Agree. You want a good product and proper fix! don't rush it😉

I fully support this comment as well - same issue and if this did not exist in the previous version means, something has been missed during the testing or planning the update and must be resolved. We pay for the service and expect the product to function correctly. Responsibility altering network protocols and potentially leaving our machines vulnerable is not the way it works. Chromecast is a widely used product so I epxect this to be fixed pretty quick.

As far as AV labs tests go, they have to be scrutinized for discrepancies. For example, on the latest comparative from A-V Comparatives, Windows Defender had an unusually high false positive rate using a much smaller malware sample size. Whereas on the latest AV-Test business test, WD had a low FP rate for a much larger malware sample size. Bottom line - take AV lab test results as a rough approximation in regards to a security solutions real world malware performance. Also always review as many test reports as you can from different AV labs and again, look for discrepancies.

@display3958023 The reason is simple. All in one installer is available only for Windows. Information is available in the help of ESET Remote Administrator: https://help.eset.com/era_admin/65/en-US/deployment_scenarios.html?fs_local_deployment_aio_create.html In case of a mac product, you can either generate an agent live installer script, or deploy the agent installer manually. Installation of the security software product can be then performed using a software install task. PS: I would strongly recommend to upgrade your server to ESET Security Management Center V7, which was released more than a year ago.

Modules are stored in "C:\Program Files\ESET\ESET Security\Modules" by default.

Starting Windows in safe mode is not possible only if the Device Control driver edevmon.sys has been removed from the disk without being correctly unregistered from a filter chain. A solution is to boot from another medium (e.g. SysRescue) and copy edevmon.sys from another machine with the same OS and ESET installed to C:\Windows\System32\drivers.

I am using an used laptop,i found some malware and uninstalled them,but i am not sure that is enough.In other words,what else do i need to do?

Im having this problem too. For me this is terrible...I am a personal trainer and I use chromecast to cast the days workout into my 2 classrooms. I can't operate without it. When will this be fixed?

Microsoft added Tamper Protection in Win 10 1903. Oddly, it has to be manually enabled. I keep looking for a published bypass if it, but so far so good for Microsoft. It also appears to "have held its own" against the latest and greatest version of Trickbot which tried its darnedest to disable it: https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/ Such can not be said for MalwareBytes or Sophos.

There is a default dynamic group Problematic computers which is defined as: That said, any machines that have a protection feature disabled will fall into this dynamic group. Then in Notifications enable this one which you can customize, if needed:

Don't believe this is an Eset firewall issue. When I was on the Sage web site, I received multiple alerts from uBlock Origin filter on FireFox about adware/tracking activities on the web site. Post a screen shot on any alerts from Eset it is generating while on the Sage web site.

Details are provided here, on the forum post:

No that's what worried me. Browser wasn't running at the time either. I've done a restart and it's stopped now. But things that go away by themselves generally reappear by themselves. It was really unsettling...

Can this thing we call technology get any more complicated? I really feel for the non-IT types.

You are right from the technical point of view. From the valued customer's point of view the phrase "bug" is simply a synonym to ... "problem" ... "issue" ... "unexpected behavior" ... etc. I would rather highlight the fact that Eset did not belittle the importance of this question, and did promise an urgent solution.

Then the only option will be to remove the agent, and try to install it again.

Well, I guess we have "come full circle" on this discussion. So let's summarize the options: 1. Local Chromecast dongle IP address exclusion. The Kaspersky article implies multiple addresses might be needed. Don't know fully what that is about but could imply router dynamic address assignment. Therefore static address assignment would be required as previously posted. 2. Exclude port 8009 from SSL/TLS protocol scanning. No qualms with this one since it wasn't being previously scanned. I also believe other ports might need exclusion but "time will tell" on that one. My own thoughts on this issue is the whole subject of allowing an IoT device direct access to your PC. But that's another separate topic discussion. A footnote comment. Eset has "opened Pandora's Box" in regards to future issues in regards to performing SSL/TLS scanning of all ports. I for one, will avoid assistance on any of those issues.

For more information, please refer to: https://support.eset.com/kb6567/ https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf

The best way to look at pua also is there are many programs that people use that could be risky e.g. there are many people using registry cleaners and similar stuff. They are often risky and its debatable if they should be used, sometimes they may also try to install unwanted extra stuff, nag you to upgrade and other suspicious stuff but people use them and they like them. I often see people asking why their favourite software gets classed as a pup and its usually for something like that. With pups its not a virus so its down to the user to decide if the risks are acceptable

I always recommend turning it on and exclude any such application by the detection name if it begins to be detected then and is intentionally used for legitimate purposes by the user. PUsA also cover tools that can be used by attackers to stop or uninstall AV in case of a breach via RDP for instance.

Dear Marcos, Please advise so it's to be better if this feature still in turn off for the common users?

Not sure what you would like to know about these updates. The engine as well as some other modules are updated 6 times a day to cover recently discovered malware.

Hello Jirka, For the first problem, I would first apply "reset the RD sensor database" task, to validate whether the white-list is working (as once reported the data are kept, even in case the RD sensor whitelist is actually working). Alternatively, I would uninstall the RD sensor at all, if it reports too many false positives. With regards to the second problem, I would recommend to contact your customer care, as the error is generic, and does not give is exact reasoning for what might be the failure. Regards, Michal

This is a duplicate of https://forum.eset.com/topic/20263-eset-internet-security-122230-internet-connection-problem/. Creating duplicate topics is forbidden by our forum's rules. Having said that, we'll draw it to a close.

You'll now find it in Advanced setup under Tools -> Notifications -> BASIC -> Display notification about successful update

Can you please provide more information? Screen shots would be helpful. Regards, Tom

Looks like your Configuration Engine module didn't update. After installing v12.2 the screen in question should look like as follows: Please collect logs with ESET Log Collector and provide me with the generated archive.

During installation you are asked if you want to participate in Customer experience improvement program. If you later decide to not participate, you can disable it in the advanced setup. There you will also find a web link with information about what data is collected.

@OrthoC Ok, so no "care-less" but "effortless" We are working hard to design applications that will be simpler and would require fewer clicks, fewer steps, and fewer time in general to work with them. And automation is one of the paths we will for sure follow. This exactly shows us, how important this is!

https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware Every AV company must not rely on machine learning itself. We use a combination of different approaches, including AI and ML, as also mentioned at https://www.eset.com/int/about/technology/. Related documents and articles: https://www.eset.com/blog/enterprise/is-the-ai-hype-muddling-the-meaning-of-machine-learning/ https://cdn1.esetstatic.com/ESET/BLOG/Whitepapers/2018/ESET_AI_hype.pdf https://www.welivesecurity.com/wp-content/uploads/2019/02/ESET_MACHINE_LEARNING_ERA.pdf

False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!