Leaderboard

Hello, ESET is a private business. It is not an agency of the Slovak Republic, or any other government for that matter. Since the unwarranted invasion of Ukraine and illegal annexation of Ukrainian territory by Russia, ESET has worked steadfastly to help its neighboring country, ranging from donating hundreds of thousands of euros to charities involved in relief efforts, to providing additional security software and services, which includes numerous investigations into and blocking of attacks on Ukraine's critical infrastructure. For more information on ESET's support of Ukraine, see the following: ESET Response Center - Ukrainian Crisis ESET WeLiveSecurity blog - #Ukraine tagged articles As you enjoy reading The Guardian, here is another, more recent article from their website you might find of interest: https://www.theguardian.com/world/2024/mar/30/slovakia-brain-drain-populist-leader-robert-fico. Please carefully read the entire article, especially the last sentence. Although my last name is Ukrainian, I am one of ESET's American employees. Like my Slovak colleagues, I have been working tirelessly to help Ukraine where I can, and I hope this answers your questions about ESET's commitment to Ukraine. Regards, Aryeh Goretsky

Can confirm that running the task is now possible. However, after running the ESET PROTECT Components Upgrade task I'm now unable to log in to ESET PROTECT again. Login failed: Connection has failed with state "loginConnectionStateNotConnected"

As of 4/16/24, there still appears to be no fix for this for the on-prem appliance. It still require a server to be selected, and the selection dialog is still empty. Any idea when we might see a fix (which I assume would be an updated appliance)? Can't really move to the Rocky-based appliance until it is. Server v11.0.215.0, Web Console v11.0.193.0.

I wouldn't worry about those being modified by malware. The drivers themselves aren't malicious, but ESET must have (recently?) been aware of a way to use these drivers in a malicious way (as in they are possibly vulnerable), and is blocking them to play it safe. Also, it only seems to care about the NVFlash utility's drivers themselves, and nothing with the BIOS files of your old GPU. As for why this happened out of nowhere, Windows usually does file indexing for Windows Search randomly in the background.

We expect the problem to be fixed tomorrow. In particular, you should be able to finish creation of the task without the need to select a referenced server.

I had an issue with ProtonVPN not connecting with Wireguard protocol. This fixed it for me. Thanks a lot

Just to add to Aryeh's well-put answer, I would like to react to A country's international position very much depends on the current government. Up until the recent elections in late 2023, Slovakia's government was very pro-Ukraine since day one of the invasion. Anyway, since its inception, ESET has seen several governments in Slovakia, leaning to either side of the political spectrum - and regardless of the government at any given time, ESET has always maintained its core values and principles, which are also reflected in the links provided by Aryeh. We will now lock this topic, as politics have no place in this forum and tend to create heated discussions, but we wanted to provide you with accurate information to address your concern.

Try temporarily re-enabling SHA1 support by running: update-crypto-policies --set DEFAULT:SHA1 Then enable advanced security as per https://support.eset.com/en/kb7930.

Description: Show all module infos from agents in ESET Protect Detail: We need the possibility to see all versions of all modules of all ESET Products on connected agents (clients/servers), e.g. the HIPS support module. Description: possibility to enforce communication from agent Detail: We need a possibility to enforce the communication from the agent to the ESET Protect console from the agent. A wake-up call via EPNS will not work, as we are not allowing the clients to be connected to the internet.

Description: Bundled-configuration/file/certificates for migration to new server. Detail: Currently migrating to a new server is a confusing mess. Perhaps future ESET PROTECT servers can have an option to gather all necessary configurations/files/certificates into one bundle that can be imported into the new server. This of course means that the old server and the new server must be running the same version (or binary compatible) of ESET PROTECT. (i.e. cannot migrate from ESMC to ESET PROTECT)

Description: More templates Detail: New options to choose from in dynamic templates such as: Computer name, tags, IP address and etc. Pretty much all available columns from Computers section.

Migrated to new virtual appliance for Endpoint Server (formerly Centos) to Rocky Linux according to the guide. The migration went smoothly without any errors. https://help.eset.com/protect_deploy_va/11.0/en-US/index.html#new_va New VM started without any issues. Able to see the status of the clients. However when I tried to create a new task to upgrade the components, the Eset server is not displayed in the Reference Eset Protect Server. Clicking on the Select Server option will display empty list -- no server. Tried updating the the clients using the context menu, update, update products also failed. Kindly advise. Thanks.

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 17.1.11 have been released and are available for download. Changelog: Version 17.1.11 FIXED: transparency lag while moving the application window FIXED: BSOD on Win10 RTM build Known issues: N/A Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version If your ESET security product has not updated automatically yet, you can enforce product update by manually checking for update in the Update panel or wait until it updates automatically. Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 17.1.11 have been released and are available for download. Changelog: Version 17.1.11 FIXED: transparency lag while moving the application window FIXED: BSOD on Win10 RTM build Known issues: N/A Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version If your ESET security product has not updated automatically yet, you can enforce product update by manually checking for update in the Update panel or wait until it updates automatically. Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

Thank you, I've forwarded the dumps to developers for perusal. Will keep you posted. P_ESSW-18149

Problem fixed now with update 17.1.11.0 and HTTP/3 enabled works fine! 👌

If a policy that blocks the USB drive is pre-pended to the local Device control rules, then the only option to allow it in override mode is by disabling Device control.

I found it in the category of promotional cookies listed by some commercial websites: Name:CID Purpose:Used by Adriver to deliver targeted ads to a user based on their browsing habits Provider:.us.ck-ie.com Service:Adriver View Service Privacy Policy Country:United States Type:server_cookie Expires in:7 day This cookie is used for gathering data on how visitors use the website. Adriver is a Russian operator of an Internet advertising management and control system. I found an article that deals with this service provider and others, visit this page: https://adalytics.io/blog/adtech-not-checking-user-tcf-consent Look for the article "Belgian user visits euronews.com". You get a nice little chain of how websites synchronise cookies with a number of third party data brokers and ad tech providers without the user's permission. Had the SSL certificate used by the us.ck-ie.com web server not been revoked, and had ESET not alerted us, we would not have noticed the illegal data exchange going on in the background without the user's knowledge.

Sorry for the late response. I couldn't sent the log files do to the size of one of them. But this solved it on the endpoints that I was getting this error.

Hi Kieran, That's worked for me on the 2 devices I was stuck on thank you.

There will be a hotfix 17.1.11 soon which will fix the lag caused by transparent background introduced in v17.1.9.

I think you need to review your security policies. Why are you allowing users to install random pieces of software? If they require specific software then they should be requesting it. You should also remind people if their computers are found to have unauthorised software then they will face whatever punishment your company deems necessary. The same goes for computers being locked when they are not present. Your policy should require that if a user steps away from their computer then they are responsible for locking it. If the computer won't lock then they need to report it so that it can be fixed. Relying on a screensaver to lock a computer is a last line of defence. An auditor would very likely ask you why users don't lock computers themselves.

Okay, so after 1:25h it finally finished. So if anyone else has this occurrence. Get some tea and wait patiently. 🙂

Does disabling HTTP/3 network traffic scanning in the advanced setup make a difference?

hola! detectamos que a una pc ingreso el virus XMRig miner y fue muy complicado quitarlo, de hecho este virus se AUTO Excluyo del antivirus y se instalo como servicio. A alguien le paso algo similar con este virus?. Saben si ESET tiene las herramientas para evitar su ingreso? Machine translation: We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service. Has anything similar happened to anyone with this virus? Do you know if ESET has the tools to prevent your entry?

I don't know if there's a technical reason why the problem is not on the list or if it needs to be added in future versions of PROTECT. Currently we track it as a possible bug. P_EP-30146

Hello @Sec-C thank you for sharing this, the team responsible has a task tracked to analyze possibility of using it. Peter Note for us: P_EESU-1800

Done I sent you a PM

If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time.

Hi, you must write complete path to process binary. It is not sufficient to use application bundle only. Wildcards are not supported. e.g. if I want to exclude Safari I should create process exclusion with process path: /Applications/Safari.app/Contents/MacOS/Safari

Any update on when this fix will be available for the on-prem VMWare appliance?

Here's an article on RPC port 135 attacks: https://cqr.company/web-vulnerabilities/unsecured-remote-procedure-calls-rpc/ .

Thank you for all the help kieran

I enabled HTTP/3 scanning on my ESSP Win 10 x(64) Pro 22H2 installation and can ping w/o issue. Then there is the question of what does HTTP/3 scanning have to do with ICMP processing?

I've tried to migrate, I reinstalled the Rocky Linux VA 6 or 7 times without any error. I've tried with same IP and different IP methods. When I want to connect first time to Web Console with Administrator password I receive communication error. I've tried with Edge and Chrome from different computers and also with incognito mode. Searching the forum, I found that maybe it's something from Tomcat chiper config, but without success. Last time I installed Rocky Linux VA without pulling database from the other server, this is how logging in the web console works. Centos VA is up to date with the latest updates from Eset

Hi @santoso, Both licenses can be used for ESET PROTECT (cloud) activation. If you use also ESET PROTECT on-prem, you will have two separated consoles until you migrate on-prem to cloud. For more info, follow this guideline (scenario 2.). Greetings.

Alright ii eea 10.0.3.0 amd64 ESET Endpoint Antivirus

All the following URL's show PUA in Firefox; https://prod-master.il2sturmovik.net https://alpha.il2sturmovik.net/ https://alpha2.il2sturmovik.net/

I was able to open the site in a browser, it was not blocked.

There are mixed multiple layers and features, to clarify them: ESET Browser Privacy & Security = browser extension with privacy and security features for visited websites and user data/settings Safe Banking & Browsing = protected browser that allows you to run isolated browser instance from desktop shortcut, or protect existing browser when Secure all browsers setting is On Regarding to blocked file, wait 1-2 days for ESSP 17.1 update where you will have a possibility to manually allow blocked file on your own. When you trust your vendor that inject that file to your browser, you will be able to allow it. Of course such action may brings browser unstability, but when something goes wrong, you will know what products are in conflict, how did you do that and how to restore it back.

Would this work for you? <operation type="TcpIpConnect"> <condition component="Network" property="DestinationIpAddressV4" condition="is" value="13.69.128.10"/> </operation>

Unfortunately the problem still exists with the latest version of ESET Endpoint Security (11.0.2044.0). Even in this version we're unable to find a function to disable this message. If anyone knows of a way to do this (aside from disabling the whole browser protection), we'd love to hear about it.

Description: "does not contain" filter is missing in ESET PROTECT's report template filter settings Detail: In ESET PROTECT, there is a rather limited choice in the report template filter settings. For example, it is not possible to create a filter condition to exclude the occurrence of any string ("does not contain" condition).

In that case what we need is an option to filter out that information on the PROTECT side. Or a filter for alerts in general. Having to wait several years for OSes to change is not a solution.

Description: ESET Protect Cloud ability to store and view changes made to policies in Audit Log. Detail: Customer is in the healthcare industry and has to abide by many high level certifications and audits which many deal with logging changes in their operating environment. Currently attempting to use the "Show object details" when viewing Audit log of a particular policy; however this only shows the current policy settings and does not display a log of changes made. ESET products play a key role in their protection and having this ability to track specific changes within the many policies that they have plays into this area of logging important changes. Without having a native ESET log that shows specific changes from one edit to the next, they are lacking in this area when it comes time to present to auditors and other certification bodies. This would be a huge benefit to their company in particular and also serves as a great feature to include in ESET overall.

Description: Disable Warning "Your operating system is outdated" in ESET Protect Details: On the clients we can disable this warning, need options to hide on ESET Protect too.

Hello there, I have a question regarding a coherent security concept with ESET products. We use ESET Endpoint Protect and Server Security. It is clear to me which product exists for which purpose. Unfortunately, however, the roles of the systems are not always entirely clear. Especially in the security context, an endpoint is a computer system that is used by an end user and therefore all measures defined according to the security concept must be guaranteed. According to this definition, such an endpoint can also be a Windows server, for example. Maybe because it's easier in virtual environments like ESX or because it's e.g. is a virtual terminal server. The reasons are varied. I hope it comes across correctly from my side that a client role does not automatically have to be a client operating system. As mentioned again and again in this forum, there was always the answer that server security is the right solution, which I would like to question as the status quo. The goal of a security product (regardless of its product name) must be, in addition to protection against malware, to protect the user. Not only in Germany, for example, underage trainees and interns have to be protected from external content. I would also like to configure everything via a security product if possible. Unfortunately, the server security, the web control, firewall and e.g. the protected browser. All topics that I now either deal with via the infrastructure security solution or I take the unsupported route of installing ESET Endpoint Security on this handful of servers. Since I really like the ESET products, it is very unusual that there is an apparent gap in the concept. You might at least consider removing the installation lock from Endpoint Security at the customer's own risk. As is well known, the operating systems are not that different. Thank you for some structural considerations! Stay safe! Michael

I fully support this, it would be nice to have web control and firewall included in server security as well

Hello ESET Team, I have a customer requirement, that Web Control needs to be deployed and enabled on Terminal Servers. Please let me know how that requirement can be met. Thanks in advance.

The logging severity must be changed to Warning if you want Web Control records to be transmitted to ESMC. However, the higher number of visited urls be reported to ESMC, the more likely the ESMC server will stop responding due to being inundated with tons of Web Control data.