Leaderboard

Hi, We had multiple talks with Intel and evaluated this technology. It may be really interesting but for poorly written security software ;-) Our real-time memory scanner has negligible performance impact. Our HIPS is monitoring operations of the processes and only new or changed executables pages are needed to be scanned, which are not created from image on the disk (like exe or dll). In standard applications there are almost no pages that need to be checked (with exclusion of JIT, we have it handled). Additionally their scanner is just a pattern matching. We do much more - deep analysis of file to extract DNA features.

Dear ESET Endpoint Security / Antivirus users, It’s been quite a while since we released the 6th generation of our Endpoint solutions, so a question regarding generation 7’s availability shows up from time to time. The simple answer is: it’s close. As we are approaching the final stages of development and preparation for the global release, we would like to share it with you so you can try it before it gets released officially and give us feedback on it, which is very valuable for us. Those of you who visit our forums regularly have probably already noticed some mentions of the promised new features, but let me briefly summarize: The Ransomware shield feature known from the products for home users to improve protection against file-encrypting ransomware. Time-based scheduler for Web control and Device control, so you as an administrator can allow / restrict access to websites and devices based on time. Automatic upgrades and many more - to find out more, join the BETA program. In case you are interested, just sign up here, or send me a private message, I will then send you instructions on how to proceed. There are just 6 simple use cases we would like you to test and share your feedback on. Besides those, you are free to enjoy the test ride with our new flagship for endpoint protection. Also by joining the BETA you agree with our BETA Program agreement. I hope that you are excited, so do not hesitate and sign up for the private BETA test right now! We are looking forward to your feedback. Thank you in advance, Peter Randziak

Hello, Based on your feedback, and in order to further improve user experience on our forum, we have just launched a new feature - reputation rank badges. These image badges, shown in user info pane next to each user's posts, reflect their reputation rank and provide a better visual understanding of the user's level of experience on our forum. We hope that you like this addition and that it will make using our forum just another bit easier and more interesting! On behalf of ESET Staff, Tomas

Windows Updates are excluded from https scanning so ESET should not prevent them from being downloaded. We are not aware of any issues with Windows updates that would be caused by ESET.

Hello today I have gotten a notification that a threat was removed from my computer. I am very responsible and careful, so this was a first time in years something like this has happened, and has me worried. It was a .js file with some long, hash-like string that was stored in %username%\AppData\Local\Microsoft\Windows\INetCache\IE\FREZXU48\ folder: Now, apparently this file was created and accessed by SkypeBrowserHost.exe, which is a component of Skype, that seems to share browser cache with Internet Explorer. The file is in a legit folder and it itself results in negative when tested by ESET Internet Security. I believe that SkypeBrowserHost.exe is specifically used to display ads in Skype using the IE framework. I did not do anything questionable from security standpoint in recent days, or even months. I do not use, and have never used Internet Explorer in recent years. I don't think I've launched it once since last clean Windows install. The way I see it there are two possibilities: 1, This is a false positive. 2, The advertising platform Skype uses to display ads has been compromised and SkypeBrowserHost.exe is being taken advantage of to deploy malicious software. The latter option concerns me a bit. If that could be the case, shouldn't this be something that should be reported to Microsoft? UPDATE: I am getting this removed threat warning now every single time I launch Skype (Classic version for Windows desktop).

I think this is what you are after. It's a new feature of ERA v7 and Endpoint v7 which will be unveiled later this year:

You're welcome. The only useless question I know of is the one not asked.

See the first quote above dated 4/11 from Marcos.

If the scan progress hangs like in your screen shot, then it's a known issue of v11.1.42 which has been fixed in the mean time. It will be addressed in the next service build of v11.1 which should be released some time soon.

Hello guys, @howardagoldberg The reason why v11.1.42 installers were pulled down was, that we have identified an issue with migration of some of the non-default settings when upgrading from v11.0 via uPCU. Other types of upgrade, such as installation via Live Installer, offline installer or PCU were not affected, as later investigation revealed. In order to mitigate impact on users, we decided to temporary pull down 11.1.42 until the issue is addressed on the product side. We released hotfix module update distributed alongside standard Detection engine updates to mitigate the issue for users, who already upgraded to 11.1.42.0 so they do not need to downgrade. Regards, P.R.

Currently v11.0.159 is the latest available. In about two weeks we'll be releasing a new v11.1. As for support of Spring Creators Update, v11.0 and even v10 should be fully compatible.

Just a few notes regarding run command task you should be aware of: task is executed in context of ERAAgent process, which is by default running as daemon with root privileges task actually takes user input and uses it as an shell content, which is executed be aware that system daemon as is AGENT has no direct access to user desktop. This complicates interaction with user desktop or user applications. Using methods for personification are required. Also be aware that environment (env variables) and permissions might be different as when using administrator account. execution of task is asynchronous, which means AGENT won't be waiting for result, and also there will be no output/exit code available in ERA console. And for this specific scenario, I guess restarting another daemon should be possible, but what I am not sure is whether it helps. ESET daemons are auto-started, so this error might indicate problems - for example installation might be corrupted, or maybe only ESET kernel extensions need manual approval, as is case for masOS 10.13.

Unfortunately this is bug in FQDN detection. It is triggered by fact that client machine has multiple IP addresses (maybe it is in multiple networks, i.w. wifi and lan). It has been discussed in much more detail in topic https://forum.eset.com/topic/14526-macs-computer-names-doubling/ . Issue should be resolved in upcoming release. Possible workaround is to disable or modify computer renaming task, so that instead of FQDN, computer name is used to rename machines (in case it contains correct data).

We cannot clean PUAs by default because of legal reasons.

Please find an answer at VT: https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy Information we share When you submit content to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive content that their engines do not detect as potentially harmful and are catalogued as harmful by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines. Our service terms require participating anti-malware and security companies to adhere to VirusTotal's Best Practices when using the samples. Files, URLs, comments and any other content submitted to or shared within VirusTotal may also be included in premium services offered by VirusTotal to the anti-malware and ICT security industry, with the sole aim of improving research and development activities, expecting it to lead to an overall safer internet and greater end-user protection. Participants include a broad range of cybersecurity professionals focused on product, service, and system security and security products and services.

We are working on a fully 64-bit version of ECS/ECSP.

Click on your name (upper right hand corner) while being logged in, then click on profile. Once there, click on "see my activity". It should be listed there.

Hello, we will be rolling out this change by the means of a module update in the upcoming weeks.

Please see my comment above. Updates were stopped and the detection will be removed momentarily.

Hello, I am having exact same problem.

Are you getting the pop-up only when launching IE or other browsers as well? Please provide me with logs collected by ELC to start off.

With Windows updates, there are no problems so far

Please collect logs with ELC on that machine and provide me with the generated archive for perusal.

Hi, This feature has already been discussed with some customers. The problem is that it defeats the purpose of rules - if an admin wants to block certain type of files then why give users an easy way to "smuggle" these files into your company (e.g. just put it in a DOC file)? The problem with *.tmp can be solved easily, but if we find a good use case for "Is in a container" setting we will certainly implement it.

Developers have already replied you: Please note that supporting HTTP/2 means implementing full client and server functionality as specified by standards. This isn't directly related to certificates, and changing the TLS handshake to advertise HTTP/2 support is one of the easiest things to implement. This is not something that can be accomplished in a week or even in 2-3 months. I'd say it takes almost a year to do the implementation and subsequent testing properly. I assume you even didn't expect Microsoft to code Windows 10 in less a year from scratch; it definitely took them years.

Please upgrade to the latest version 11.1.42.1 which has it fixed.

Hi @Peter Randziak im previously beta tester for home products, how can i get involve in endpoint products beta testing?

I've upgraded from 8.0.319 to v11.1.42. It takes 2 intermediary updates to v9.x, e.g. due to the change of certificates that occurred a longer time ago but you will finally update to the latest version. Or you can uninstall v8 and install v11.1.42 directly.

This is a known issue present in v11.1.42 and will be fixed in the next service release.

Great, finally started testing

Websites that utilize EV certificates (those with the owner listed next to the green padlock icon, typically bank sites) as well some reputable websites are not filtered by default. This can be disabled in the advanced setup.

Try clearing browser's cache. Please do not report issues in this "Future changes..." forum since this is intended only for posting suggestions for future versions.

You can perform the Software Install task without automatically rebooting. Under the task's Settings section there is a checkbox labeled "AUTOMATICALLY REBOOT WHEN NEEDED".

I'd recommend upgrading server products at the maintenance time. Upgrading to a new version requires a restart, otherwise older drivers will remain loaded until the next system restart which may cause unexpected issues, especially if you upgrade to a new major version (e.g. from EFSW v4 to EFSW 6).

Antispam functionality in ESET business products version 3 and 4 will soon expire. The end-of-life (EOL) for these products is March 31, 2018. See https://support.eset.com/kb3592/ to check the EOL status for your product. Products affected: ESET Mail Security for Microsoft Exchange Server (version 4 and earlier) ESET Mail Security for IBM Domino (version 4 and earlier) ESET Smart Security Business Edition (version 4 and earlier) ESET Mail Security for Linux (version 4.0.10.0 and earlier) ESET File Security for Linux (version 4.0.10.0 and earlier) ESET Gateway Security for Linux (version 4.0.10.0 and earlier) After expiration, machines with versions 4 and earlier of these products will continue to be protected against malware, however the existing Antispam protection will no longer function. Important notice to users of ESET Remote Administrator: If you have installed versions 3 or 4, you also need to upgrade to the latest ESET Remote Administrator version to fully operate all your newly upgraded products. Migration/upgrade instructions File/Mail/Gateway Server products: https://support.eset.com/kb3580/#EMSX

Good grief.. I have a suggestion to resolve this. Don't use a flag in the language description. Problem solved.

I have manually updated one of my machines to ESET Smart Security Premium v11.1.42.0. On installation the option to select the language is offered. English is identified with a US flag and (as a UK resident) I find this annoying and insulting; Spanish isn't shown with a Mexican flag or Portuguese with a Brazilian flag. Please respect the identity and origins of the English language and use the UK Union flag.

You can see files pending for submission in C:\ProgramData\ESET\ESET Security\Charon but they are in an encrypted form. However, it doesn't mean they will actually be submitted; the program will first query LiveGrid servers if they are really needed. If you want to submit only files that you want to, disable the LiveGrid feedback system and submit files manually. However, we don't recommend using the in-built form since many users submit tons of of non-malicious stuff and your submission could get lost among them. Please follow the instructions at https://support.eset.com/kb141/ to submit suspicious files.

@katycomputersystems Thank you for the feedback. We are already tracking improvement for that, it was requested by several MSPs in the past, who are using different tools for having access to the machine, but also by some customers, doing the same.

Enabled LiveGrid logging and nothing shown in the Event log. Below is a TCPView screen shot what I am observing. Also packet count, 6, and byte count, in the 3K range, are what I am observing. Will get the logs to you shortly.

Personally, I think this would allow us to sell a lot more ESET. Going a bit further, I wonder if it is possible to get the expiration date of the installed product? Then a month or two before the competing product is due for renewal, we as MSP's can go in and quote for the renewal. Andy

Looks like BPP pre-release module dated 03/20 added support for the current stable 1password extension. Thanks.

Actually if you Google on ScRegSetValueExW, noted is that the Win event is logged for almost all AV products.

I'm British too but this is not really an issue @Skier. There is probably only about 20% of the software on the planet that offers a EN-GB combination and even less of a percentage that offers and EN-GB with a British flag. Outwith a flag being present in during installation, you will never see it again If you have ever written code in any language on a computer , the industry standard is EN-US and probably the sole reason why it's been adopted by the masses this way. Plus anyone that is under the age of 30 will be unlikely to even realise that there is a difference, as autocorrect does people's spelling for them nowadays and still favours the EN-US format. Even the word "Realise" is only slightly different in the US , being "Realize" , or "Specialised" becoming "Specialized" for example.

@fchelp Default trigger expiration is set for "one month" , not one day. I have attempted to create a new trigger now, and it sets expiration day for 19th February 2018.

Description: Trigger tasks based a definied activity time frame Details: Maybe it would be useful a possibilities to create tasks for a group of computers wich were active in a specifield time frame. For example "if they were not active during on the last two weeks" or "if they are active at the moment". Description: Delete the duplicated computers automatically Details: Day by day I find "duplicated" computers on the system. I created a report to find these computers (Group by: Computer name and Count: Computer), then time to time I delete the older entryes. It is a bit confusing. Description: Make a task chain Details: It would be wonderful a new possibility to make a task chain. For example: Task 1: Update the EES Task 2: Trigger a pop-up window on the affected client (Please restart your computer or Your computer will restart in 60 minutes) Task 3: Wait 60 minutes Task 4: Restart the client

@fchelp For the version 7.1 we are planning improvement related to asset tagging (assigning tags to computers based on meeting criteria) and then using those for filtering / automation. Also, in the upcoming version of 7.0, it will be possible to to save "filter sets", with kept values, that will allow to quickly filter relevant web console sections, with those. I do understand the use-case, and you can be assured, it´s in our plans. Also, you can drill-down from the report results, choose the computers into the "computers pane" and then do an action / task. Isn´t this sufficient? The same is valid for the "import computers from reports to task" (7.1).

Description: Schedule database backup to network/email Detail: Most UTM appliances offer feature of scheduling configuration backup to certain email or network path. I have not found this option yet in ERA VA 6.5? Description: Schedule policy apply time Detail: Give possibility to schedule policy. I want my employees who use notebooks to have one policy while working hours and one policy during lunch or during non working hours. Description: Generate report for configured policy Detail: My managers sometimes want report on how policy is configure for certain departments, employees. Description: Policy in XML format Detail: editing policy via XML can be done via custom built tool if you provide schema. I don't have to spend too much time in web interface. Policy can be designed by security consultant in tool and then he can send me XML for me to import to ERA. Description: Application/Process usage report Detail: Dashboard that would report apps/processes running on users PC and show additional data like network connections, CPU, RAM usage...something like "light" Sysinspector. Description: Apache HTTP Proxy vs Mirror Detail: Please give some tabular feedback/log in ERA interface what clients have downloaded and when what updates. Searching apache log in virtual machine is time consuming. Description: ESET Authentication server Detail: I'm using EAS in v5 to authenticate with zone. I've asked before for this feature to be ported to virtual appliance but no response was given. I have need for client firewall to know is it really on my network or somewhere else. Having trusted source that confirms to client firewall "yes you are on corporate network" is big thing for us. Maybe you have solved this in other way that I'm not aware yet? Description: FQDN rules in firewall Detail: We are using many CDN content from online services, like O365, Google Drive etc. Basically, we have clients that leave network and we want them to be able to access only certain services when they are off corporate network. Some services provide IP address for firewall, some FQDN. Do you have any plan to implement FQDN rules?

@Jaroslav Mixa Thank you for your constructive feedback. I would like to assure you, that your feedback is being heard. Below, you can find couple of notes, related to some products. @Dynamic groups rules / tasks - In the new version of ESET Remote Administrator, we will have a dedicated “group details” page, where you will see all tasks / policies set to a dynamic group and also a dynamic group template. @Task history deletion / filter and so on - I do not understand this use-case, what it is about. What do you mean “task history” ? @Repository - Do you have any envisioned behavior? In the upcoming version, we will allow updates by “one click” directly from the dashboard element, so doing client tasks are not relevant. @Reports – there are limitation in how reports could be assembled, which are related to internal database structures, and how various tables are combined. It´s not possible to combine all of the tables together. However, there are improvements planned for the upcoming version of ESET Remote Administrator. @ELA – we will be releasing a new solution, called ESET Business Account & new version of ESET MSP Administrator (also intended for ESET resellers managing multiple customers) which will have a proper user management, and will allow full control of the product. @Upgrade – is this related to upgrades from V5 to V6, or V6.x to V6.x+1? If the first case, was the V5 having username &password set in its configuration? If it was the second case, have you contacted ESET Support, as this should not happen (and never happened in my test environment, license was always kept). @Variables in tasks / templates – this can be achieved by a group hierarchy. Basically have a static group per company, and then dynamic groups placed under specific static group. For the future (most probably next year) we are working on improved automation framework + further improvements for MSPs / resellers managing multiple companies, that should simplify their management / license operation. @Applied policies tree – this is a long term task, that we are working on, however it´s a complicated task to achieve. But we are aware, that finding why a specific setting is applied, when multiple policies are used. @Threats infection and cleaning – we will introduce multiple changes in the upcoming release of ESET Remote Administrator, for both automated resolving, and manual resolving (actions). @Sorting / filtering – This will be possible. For the future release, we are preparing multiple changes with regards of filtering / sorting in the webconsole. I would like to also offer you an opportunity to participate in a dedicated customer research session, where you can discuss your feedback concerning our products directly with representatives of ESET Product Management and UX teams, that can help you address them, and also inform you about planned changes in ESET Products. If you are interested, please send me a private message, we can discuss this further.

Nice thread, I have tens of comments to ERA server / functions. ERA is not user friendly in most cases.... I will post something. Description: Dynamic groups rules / tasks Detail: I would like to be able to show all rules/tasks linked to dynamic groups. Or to be able to find where rules are linked. I would love to disable group/rules instead of only delete or edit them to dysfunction it. It is nearly imposible to read ties. Description: task history deletion / filter and so on Detail: I would like to be able to delete (mass delete) task history. I have tens of ASAP task and they are only messing in my log. I would like to be able to see which computers were affected by the single task when pointing to a TARGETS column. Why I have to edit history of the task to see which computer was affected? I would like to click on 1 computer(s) to open the list or show the list. Description: trigers Detail: ASAP. Sometimes ASAP fails and I have no idea why.... Computer was online. I think rule should wait for online status or give me better feedback Description: Failed / Trace message Detail: When I point on the FAILED status I would like to receive more information what happens without opening the HISTORY of the COMPUTER. BTW FAILED ICON should allow me to open history.... Trace message is sometimes to long and I am unable to read whole message. Description: Repository Detail: Choosing ESET version from a repository is not user-friendly. I have to be very careful to chose the right version. Description: Reports Detail: Why I cannot export report Computer name Identifier type Identifier value Adapter IPv4 address Computer nameDevice manufacturerDevice modelOS nameOS versionAdapter IPv4 addressRemoteHost and so on ? When I chose some identifier other identifiers are disabled. Why? I would like to be able to find report using some SEARCH function. Description: ELA Detail: Why I am unable to fully maintain a license that customers gave me under my administration? I am unable to remove computers which are not activated under ERA. I have to open ELA portal using my customer's credentials. Why I can not edit ELA credentials on my ERA server? Description: Upgrade Detail: When I am upgrading EEA using ERA I have to activate them afterward. Why? Product was already activated. Description: Variables in tasks / templates Detail: I would like to have variables in task / dynamic groups. For example I have 4 activation tasks (4licenses). I would like to activate product which is not activated when joining dynamic group based on FOLDER group. When computer from AAA company join the NOT ACTIVATED group, the AAA-ACTIVATE task will be used. When computer from BBB company join the NOT ACTIVATED group, the BBB-ACTIVATE task will be used. Description: Applied policies tree Detail: I would love to see the tree of policies which are applied on a computer and would like to be able to identify which policy rule won the policy over-ride battle. I am not satisfied with list of policies. Description: Threats infection and cleaning Detail: I am not unable to simply perform an action on threats whir where not automatically solved by EEA. For example, I would like to choose threats and click on "DELETE" or "CLEAN" or other things. I am able to mark them only as RESOLVED Description: Sorting / filtering Detail: I can filter columns by STATUs or LAST CONNECTED, but I am unable to do multi filter. For example I would like to sort all computer by WORST FUNCTIONALITY and LAST CONNECTED, because working with offline computer does not make sense. And so on.....