Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 12/18/2018 in Posts

  1. 6 points
    Aryeh Goretsky

    A holiday message from ESET for 2018

    Hello, With the holiday season upon us, and the forthcoming New Year just around the corner, it's time to put aside the keyboard and mouse for a moment and spend some time with friends and family. But before we do that, I did want to take a moment to wish each and every one of you a happy holiday, greetings of the season, and best wishes for the new year. We realize that you have many choices when choosing security providers, and thank you for trusting us to protect you in 2018 and all the years past. And, of course, we look forward to providing you with the same high levels of security in the years ahead. Thank you for being part of the ESET family. Best regards, Aryeh Goretsky
  2. 4 points
    TomFace

    Merry Christmas

    I'd like to wish all the ESET Administrators, Moderators, Staff, Associates, Partners, Forum members and guests (including all the families) a Merry Christmas. Have a peaceful and joyous holiday Best regards, Tom
  3. 2 points
    Tornado

    MalwareTips

    Downloaded the first sample with very few detections on VT and ESET picked it up as JS/TrojanDropper.Agent.NQS and the second link shows that ESET already detects it. Don't forget that ESET Advanced Memory Scanner would likely detect it as soon as it decloaked in memory.
  4. 2 points
    I've captured a short demonstration video of how ESET detects today's fresh Filecoder.FS by HIPS/AMS with 3 weeks outdated modules. Moreover network was disabled to prevent updates and possible influence by LiveGrid:
  5. 2 points
    sindbad

    Thank you

    Hi all, I want to thank all the great administrators, staff, contributors and ESET users. Because all of us together, this product gets better and ever each time. I love the way that ESET does care for everyone out there. Respect for the great team. Again, thanks for making such a great software. I just love it.
  6. 1 point
    BALTAGY

    MalwareTips

    Hi, I want to know why ESET don't join forums like MalwareTips to detect new viruses/Ransomwares more faster ? An example: https://www.virustotal.com/#/file/05bfd83bb0d4e7d27bbfc2c057b2b692612de808cc4bca73d9e0ae1d9d479623/detection I know it's a new Ransomware but it could be detected by now ? Another Example: https://www.virustotal.com/#/file/3203dc5ea66e86755254214b7b1ca8cb38271978e3ac2bdda35bce973ed0146c/detection And Merry Christmas everyone
  7. 1 point
    Hello @cutting_edgetech, While you are on the "Network connections" tab in the ESET GUI, right click in the "Network connections" pane and uncheck "Show only TCP connections". UDP connections should now show along with the TCP connections. I hope this helps...
  8. 1 point
    There are several ways how to create a new policy in ECA: Update profiles can be managed here:
  9. 1 point
    How to setup ESET firewall so as to allow connections only through my VPN? help! ----------------------------------------------------------------------------------------------------------------------------- 25/12/2018 : I changed VPN provider and it actually has this in it's APP settings. I only had to enable the setting and now i have internet only when i have the VPN logged in!!! Thank you !
  10. 1 point
    Marcos

    Unable to Download

    Are you unable to open www.eset.com in a browser?
  11. 1 point
    That TCPView only shows TCP connections is logical if you look at the name. I agree. The EIS tool is called "Network connections". That name suggests that all network connections are shown.
  12. 1 point
    Mike_M

    EES 6.7.500 Crashes Macs

    Installed the beta 6.7.600.0 patch on the MacbookPro with most issues and so far so good no more crashes! Thanks!
  13. 1 point
    Marcos

    Miss

    After installing Parental Control I would check if it works alright, e.g. by temporarily blocking some websites or applications. Also please let us know the brand and model of the phone as well as the version of ESET Parental Control. Some phones come with aggressive battery savers which may disable security applications.
  14. 1 point
    @sindbad We are already tracking improvements to be able to generate reports based on the license usage (used license). I will extend it with your request.
  15. 1 point
    sindbad

    Design change

    I only need full disk. I dont need email and removable media. So I am looking forward for the future.
  16. 1 point
    @katycomputersystems Functionality to change the group in the computer details is coming back. It was accidentally removed during the redesign. @Zen11t We have a project/ feature tracked to globally control all of the interactive windows for the future. I will add your comment to there.
  17. 1 point
    Description: anti-phishing Ignore button disable optionDetail: when user open a phishing website user can ignore the warning and open the site. We need a function where we can disable "Ignore threat" button. I did't find any option under Anti-phishing protection settings. Please add it to ESMC policy's too.
  18. 1 point
    Marcos

    Upgrading Mail Security for Exchange

    I would strongly recommend uninstalling v4 completely, otherwise settings will be preserved which may cause issues with HIPS.
  19. 1 point
    MartinK

    Missing Network attack protection from policy

    New module 1663.15 should remain installed even if you change configuration to "release" as it was previously.
  20. 1 point
    rainmakerraw

    Firewall engine

    I'm a long time user of pf on BSD and macOS, and iptables on Linux. I get very frustrated by the firewall availability on Windows machines, as they're generally nowhere near as fine-grained or powerful as *nix offerings. Eset's Internet Security finally gave me the control I desired; namely per-interface/IP zones and rules, to easily allow application-specific traffic over VPN interfaces but not the LAN/ISP etc. It even now has a top-to-bottom ruleset like pf. Nice! On my MacBook Pro I currently use the excellent built-in pf firewall, with Murus Pro acting as front-end. I'm more than capable of writing pf rulesets/conf files by hand, and always double-check the resulting pf.conf before pushing it into production, but a GUI is quicker to generate the initial config so whatever. My question is, does Eset's Cyber Security Pro for Mac utilise macOS' underlying pf, or does it use a custom engine? I'm really hoping it just acts as a GUI front-end for pf, as it's such a feature rich, powerful and battle-tested firewall there's no real reason to change it. Eset do make a nice GUI (and excellent AV) though, so that'd be icing on the cake. I did do a search before posting, but the one topic I saw asking this and a few other questions had all questions answered but this (most important!) one. Thanks in advance.
  21. 1 point
    Hi DJD, I'm in the same boat at you - migrating from Microsoft SCEP - it's disappointing to see a lack of documentation and support around deploying and managing this on macOS but as always, the community has got your back! After some conversations with other helpful members of the MacAdmins Slack in #endpoint_security we've worked out how to get ESET AntiVirus configured in via the command line - both the system level settings and user-specific GUI stuff. This is all still fresh and it's the weekend but I will write this up fully soon, like I did for SCEP at my blog https://soundmacguy.wordpress.com - here's the short of it: For system level settings: Set up ESET how you need it in the GUI - scan options, disable the email/web modules etc. Then export your settings as a file via the menu icon --> Setup --> Import/export settings. Then you can use the command line esets_daemon to import them (you need to specify the full path to esets_daemon of course - I've omitted it for simplicity here): esets_daemon --import-settings /path/to/settings/file You should kill the GUI and daemon as part of this process then re-load them to avoid user nags, e.g: killall esets_gui launchctl unload /Library/LaunchDaemons/com.eset.esets_daemon.plist esets_daemon --import-settings /path/to/settings/file launchctl load /Library/LaunchDaemons/com.eset.esets_daemon.plist Then restart or log out/in to bring the GUI back - or you can add the necessary commands to do that in a script, but this might vary depending on your management tools - I would work out the username of the logged in user then run an open command on the ESET application in their context, myself - a bit beyond the scope of this post. What's slightly annoying about this is you can't change settings in a granular, programatic way - it's just the whole file's worth or nothing. Maybe ESET support can offer some guidance? For user level (GUI) settings: You'll notice that the settings file doesn't account for GUI preferences that are user specific (everything under Preferences --> User --> Interface/Alerts and Notifications). If you've turned off the web and email modules, you'll see nags about that too which are suppressed with those user level preferences - definitely something we don't want! Anyway, those are stored in the file ~/.esets/gui.cfg and you can modify those with the old esets_set command, much in the same way as you did with scep_set. You can apply individual settings to it with esets_set, or just capture that file and re-import it, e.g: esets_set --apply=/path/to/exported/gui.cfg --cfg=/Users/username/.esets/gui.cfg This has to be run in the current logged in user's context (i.e. via a Launch Agent, or with something like Outset, or appending sudo -u username to the commands if running at root level with Jamf, it depends on your environment) and the --cfg flag needs to have the full path to the user's home directory - ~ didn't work in my testing. That's easy enough via a script - e.g #!/bin/bash loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' ) killall esets_gui "/Applications/ESET Endpoint Antivirus.app/Contents/MacOS/esets_set" --apply=/path/to/exported/gui.cfg --cfg=/Users/"$loggedInUser"/.esets/gui.cfg open "/Applications/ESET Endpoint Antivirus.app" I haven't tested the above example but it should work. This is basically identical to how you'd do it in SCEP and I have a detailed post about that here: https://soundmacguy.wordpress.com/2017/11/19/managing-microsoft-system-center-endpoint-protection-scep-part-3/ For proper management of the those user GUI settings I'm looking to replace ESET's Launch Agent with my own script that will set the preferences then open the GUI when users log in - that'll make sure they revert back at each login in case users change things. It'll also avoid the need to kill the process first (except during installation/deployment in the first place - that's another piece of the puzzle I'm working on but it should be solvable). ESET - it would be really great to have some administrator-level documentation on the esets_set and esets_daemon commands please (hint - the ESET Linux documentation and manpages are good here - maybe we could have manpages for the macOS version too?) - we've basically had to dig in and work all this out for ourselves. 🙂 An interesting thing I noticed was that if you install ESET on top of SCEP, it'll handle the uninstall of SCEP as well as pick up its settings - both GUI (for the logged in user if present, taking root ownership of ~/.esets - not good!) and system level stuff. Last nugget of goodness - you can grab loads of useful information with esets_daemon --status I'm working on a few Jamf Extension Attributes to pull things like the definitions versions/dates, real-time protection status etc from it (I did this with SCEP but tended to scrape files instead - I like this better but didn't discover scep_daemon until afterwards and never got around to it...) - it's quite straightforward. I'm sure other management tools could leverage it as well. Hope this helps!
  22. 1 point
    rainmakerraw

    Firewall engine

    Hi Peter, I downloaded the latest version and installed it for testing as requested. With all due respect this is a brief ad-hoc test to check whether things have improved since my experience with the previous version. With that in mind this is just a quick note of my experiences, sans my usual fully referenced, stated-methodology and formatted results etc reporting. That said... Unfortunately, Eset Cyber Security Pro still has no fully manual/policy mode, unlike the Windows version, so I left the mode set to automatic with exceptions. Three zones were then set up: Pretty self-explanatory. 'Home' zone for the physical ethernet LAN subnet, 'WireGuard' zone to cover the VPN tunnel on utun1 (which brings a public ipv4 address to the local machine, hence the need for strict local firewalling), and 'VPN' as a catch-all for any other VPN address (IKEv2, WireGuard, OpenVPN) which all providers I use issue in the 10.0.0.0/8 range. As with the previous version, the zones required explicitly specifying as Eset still doesn't pop up a network detection dialogue when a PAN interface (eg utun1) makes a connection. Indeed, even with these zones specified and the interface being up, the app still doesn't know it's there: Alas, this could just be a GUI quirk. That said I noted that in the firewall settings under Interfaces only physical interfaces (Ethernet, Bluetooth, Wireless etc) are listed. We'll go on to the rules, set them as desired and test: The first annoyance is that default profiles can't be deleted. I only want Home and Public as I either trust a network or I don't - and if any other situation ever presented (eg in a hotel with my MacBook Pro) I'd make a custom profile for it to suit. So I pretend Work doesn't exist and go to modify the Public rules to allow specified traffic inbound on the utun1/WireGuard (public IP) interface. All traffic is allowed outbound by default (which is fine), so it's not much of a test if we don't add more rules and see how they perform. I was shocked to see that the Public profile, by default, allows inbound traffic for all pre-existing rules including file sharing, screen sharing and so on. Seriously? On a public network? 🤪 That's purely idiotic opsec, and honestly you ought to find the person responsible and give them a shoeing. Those rules were summarily unchecked (it's impossible to delete them). I added a rule for Transmission (torrent client), to allow inbound traffic on port 26968 for the Public profile only. The app itself confirms the port is now open, and canyouseeme.org also confirms it can see the service (via my WireGuard public IP on utun1). 'Great', I think, 'the firewall must work properly now!'. Not quite. You see, changing the incoming port in Transmission to any random number also shows the port is open on the public (WireGuard/utun1) interface. In fact, all ports. That's weird, maybe I borked something adding the rule. So I even went so far as to delete the Transmission rule add then add a total deny all (in and out) rule for the Public profile. I confirmed the changes, exited from the Eset GUI and restarted Transmission. Guess what? It's still accepting traffic on any port. In fact on further inspection the whole machine was open over utun1 via its public IP to the entire internet. That is beyond serious. NB: In the above image I'd simply incremented the port used by 1. At first glance they may look the same - 26968 vs 26969. There was NO rule in Eset's list to allow this traffic, on any profile. In fact at the time this screenshot was taken, the 'deny all in and out' rule was in force! I'd also checked the option to log all blocked connections. The physical LAN (192.168.0.1/24 on en0) is of course protected by a hardware edge router and firewall (self-built), so no incoming connections reach that interface. The virtual/PAN interface utun1 is - as discussed above - wide open to the internet with a public IPv4 address. Despite this, and the deny all in and out rule, only two log entries ever showed up in the Eset Log Viewer - both random ICMP blocks. No other traffic was blocked, or logged. Port scans confirmed the machine was open to the internet despite Eset having a rule to deny all in/out (all traffic types) from the entire internet. Once this was confirmed and repeated (to verify), I quickly enabled pf again. Instantly my pf logs started filling with blocks from public IPs all around the world hitting my machine over utun1 (as you'd expect for any public facing node on the internet). So it's not as if there was no inbound traffic to block - Eset just couldn't see it. This is an extrapolation from my pf log after just a minute of it being re-enabled: In summary, in its present form the firewall is unusable at best, and misleading and dangerous at worst. It proclaims protection and displays reassuring green checkmarks, accepts lists of in-use subnets and IPs to be protected, but then silently doesn't actually obey rules because it either can't see or doesn't filter PAN/virtual interfaces. This would leave a less savvy user wide open to rootkits, local network penetration, or worse. Especially with the recent explosion in popularity of VPN services with worried every-day internet users and consumers. I respectfully suggest you make end-users aware of this issue and issue a fix pdq. Best wishes, Lee
  23. 1 point
    rainmakerraw

    Firewall engine

    Never mind. I tested it anyway and unfortunately the firewall has more holes than Swiss cheese. It doesn't recognise virtual interfaces (eg utun), so even when connecting to a WireGuard VPN interface/server (for example), Eset doesn't notice. Even when manually setting the rules and zones like this: 10.0.0.0/16 - Public - Block all incoming {Public IP} - Public - Block all incoming Once the tunnel is established (with a static public IPv4 address at the server end), all ports on the local machine are open to the internet, even with Eset running and configured to block everything. Seriously, seriously bad. I'll stick to Murus/pf then.
  24. 1 point
    Please no... This is security software Antivirus not updater.!!! Download any other updater software not eset.
  25. 1 point
    I would welcome the changes, as I currently enable strict cleaning to get similar results
×