Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 07/26/2019 in Posts

  1. 5 points
    Marcos

    ransomware attack

    ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker. Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.
  2. 4 points
    Marcos

    ransomware attack

    This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.
  3. 3 points
    TomFace

    AV-TEST and ESET

    I use the daily "seat of my pants" results. I know what works for me. No A/V program is 100%...that's why they get updated and evolve. In my opinion, these A-V test results (no matter who publishes them) only provide the trolls with food (in addition to being (for me) worthless data). We all know (or at least should know) that you never feed a troll. Regards, Tom
  4. 3 points
    Marcos

    ransomware attack

    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that: - the detection for the ransomware was added at least 2 months before the incident - password protection of ESET's settings was not enabled - detection of potentially unsafe applications was disabled We also found out that: 1, A brute-force RDP attack was performed: - Administrator had 22 377 failed login attempts - ADMINISTRATOR had 5 438 failed login attempts - ADMINISTRADOR had 1 102 failed login attempts - ADMIN had 710 failed login attempts 2, There was a suspicious RDP connection from a foreign country 3, A local user GhostUser has been created recently 4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application) 5, Event logs have been recently cleared. This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
  5. 2 points
    Marcos

    HOW TO DISABLE RENEWAL REMINDER?!

    You can disable these notifications in the Application statuses setup:
  6. 2 points
    Marcos

    no files in qurantine

    He has asked to cancel his account here. But yes, it's not normal that a user of a trial license would request a response within 1-2 hours 24x7 that is granted to VIP customers at an extra fee. Moreover, the problems with LiveGrid authentication suggesting an invalid username/password being used was highly suspicious too.
  7. 2 points
    lamar

    Eset Blocking Chromecast

    Internet Protection Module #1375 is rolled out on the pre-release update channel, and it works fine for me with the default Eset settings. There is no more need of whitelisting port 8009. Hopefully it will be rolled out soon on the regular update channel as well.
  8. 2 points
    peteyt

    ESET was automatically uninstalled

    And eset has a password option if enabled. As i have pointed 100s of times and probably shouldnt anymore, the AV is only part of a security setup. Its no good using an AV with for example a no longer supported update or without all the latest patches. Until people realisle the importance of this problems like this will happen. But again as also mentioned we dont know what has happened and all we can do is suggest.
  9. 2 points
    Blackbox88

    Eset Blocking Chromecast

    Work around for everybody who doesn't want to read the whole thread! Please also upvote it! (On page 4) All credits go to Lamar!
  10. 2 points
    lamar

    Eset Blocking Chromecast

    I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step: 01. Open Eset console | 02. Click "Setup" | 03. Click "Advanced setup" | 04. Click "Web and email" | 05. Click " Web access protection" | 06. click "Web protocols" | 07. Now you are on the right place | 08. Focus on "Ports used by HTTPS protocol" | 09. You have to see the text "443, 0-65535" in the input field. | 10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) | 11. Press "OK" | 12. If Windows asks for permission, press "Yes" | 13. Close ALL instances of Chrome | 14. Reopen Chrome | 15. Connect to your Chromecast | 16. Success! After the bugfix will have been rolled out, you can reset the original text you modified.
  11. 2 points
    It's not you...we are transitioning our product release communications currently for all products but once the process is finalized, we'll resume posting.
  12. 1 point
    Does any of the following make a difference? - pausing ESET's firewall - pausing real-time protection - disabling protocol filtering in the advanced setup - disabling HIPS and rebooting the machine
  13. 1 point
    The best way is always to create a support ticket
  14. 1 point
    jdashn

    Eset Blocking Chromecast

    I am guessing there are parts of what is in pre-release that are more complex to test, and could have further reaching impact than the exclusion of a port for scanning. Which would be why they've not released this 'fix' as it's a part of a larger update package, that is still being tested. I wonder, though, if this piece could be released to the general codebase, before the testing on the rest of the 'update' is completed. I would guess that you're just going to be doing the exclusion of the ports for scanning on the back end, so pretty simple to test and know is working. Is this maybe one of those cases where Dev and Testing don't know that this part of the update is turning away home use customers, and causing a lot of consternation among the client base (likely a TON more than what you see here, we all know in support you only ever get 1% of complaints via forums, or email -- easier to buy a new product than complain). Heck maybe if Dev and Testing knew they'd be able to put this available for release, but I can't see that with a fully functional forum like this that the moderators here aren't regularly working with dev/test and letting them know of the daily buzz on the forums (heck a few might even have accounts and read?). I'd imagine that releasing a portion of an Update is relatively simple, seeing as how everything has been made more modular with eset, but honestly I dont know how development works here, could be that to uncouple this update from others would mean far more work and delays in other areas. Could be that a large enterprise customer is asking for a feature, and that has been fast-tracked, and other projects have to wait. I guess really what i'm saying is that who knows why it's taking so long, yes it could be that they're waiting to click that button for no 'good reason' aside from 'thats how we do it' .. or it's a lot more complex than the minimal information that we get via the forums would lead us to believe.
  15. 1 point
    lamar

    Eset Blocking Chromecast

    These workarounds are easy for most of us here, but please see that there are a lot of customers who simply does not dare to make any modifications in the default settings since they are afraid of causing an untraceable or even irreversible mistake by mistyping or misclicking while they are performing such technical steps they do not understand clearly. Therefore impatience is a natural reaction of them. On the other hand I agree that unproven hurrying would not be a good way as well. Both standpoints are reasonable.
  16. 1 point
    am_dew

    Eset Blocking Chromecast

    I think Leann is looking for a permanent solution, not a workaround or pre-release update. It has been a month and it's very easy to understand why some people are getting impatient.
  17. 1 point
    Leann

    Eset Blocking Chromecast

    Has the issue been fixed? I still cannot access and it is a month now. I am getting very inpatient over this.
  18. 1 point
    An absolutely fascinating article: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
  19. 1 point
    It's a javascript code that downloads payload from another website. An administrator has probably already cleaned the website from malware; at least I'm unable to reproduce the detection. Or I don't match conditions (e.g. country) for the malware to be injected into viewed web pages.
  20. 1 point
    First of all, ESET's firewall doesn't block any programs, only HIPS can. The firewall controls the network communication. By default, in automatic mode all outbound communication is allowed and all non-initiated inbound communication is blocked. Please continue as follows: - switch logging verbosity to diagnostic - enable advanced network protection logging under tools -> diagnostics - reboot the machine - reproduce the issue - stop logging - collect logs with ESET Log Collector and upload the generated archive here - provide information about the remote IP address whose communication with this machine was blocked.
  21. 1 point
    https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
  22. 1 point
    itman

    JS/Adware.Agent.AA Application

    A very strong warning here. I just performed a detail scan of this web site using Quttera. It found a whopping 19 malware instances; all Javascript based: https://quttera.com/detailed_report/watchdoctorwhoonline.com
  23. 1 point
    Marcos

    Server Not Found

    First of all, try uninstalling ESET and installing it from scratch, e.g. in case proxy or update settings were altered. If that doesn't help, continue as follows: - enable advanced logging under Help and support -> Details for customer care - run update manually - stop logging - collect logs with ESET Log Collector and submit the generated archive.
  24. 1 point
    The simplest solution for this assuming you're not using a proxy connection is to do what U.S.-CERT recommends: https://www.us-cert.gov/ncas/alerts/TA16-144A In Win 10, turn off all proxy settings as shown in the below screen shot: As far as browsers go, almost all are set by default to use OS proxy settings.
  25. 1 point
    You can download the standalone mac endpoint installer at eset.com (download section). Specifically here: https://www.eset.com/int/business/endpoint-antivirus-mac/download/ Installation works in the way, that when you choose a product you want to install, agent will connect to ESET Repository (cloud download server), and will download and installed the respective product. You can cache installers by a proxy server placed in between, to optimize a network traffic. With regards to the appliance upgrade, instructions are available in the documentation: https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html
  26. 1 point
    TomFace

    no files in qurantine

    Marcos, thank you for the information and for protecting the legitimacy of the Forum. Best regards, Tom
  27. 1 point
    lamar

    Eset Blocking Chromecast

    Not so easy as it sounds. Valid only if you watch only free stuff via your Chromecast. If you pay US$ 20-50 per month for online movie channels, then three weeks of black screen due to another paid product's malfunction makes you impatient relatively fast. That is the natural behavior of customers.
  28. 1 point
    URBAN0

    Eset Blocking Chromecast

    Agree. You want a good product and proper fix! don't rush it😉
  29. 1 point
    Vader

    Eset Blocking Chromecast

    I fully support this comment as well - same issue and if this did not exist in the previous version means, something has been missed during the testing or planning the update and must be resolved. We pay for the service and expect the product to function correctly. Responsibility altering network protocols and potentially leaving our machines vulnerable is not the way it works. Chromecast is a widely used product so I epxect this to be fixed pretty quick.
  30. 1 point
    itman

    AV-TEST and ESET

    As far as AV labs tests go, they have to be scrutinized for discrepancies. For example, on the latest comparative from A-V Comparatives, Windows Defender had an unusually high false positive rate using a much smaller malware sample size. Whereas on the latest AV-Test business test, WD had a low FP rate for a much larger malware sample size. Bottom line - take AV lab test results as a rough approximation in regards to a security solutions real world malware performance. Also always review as many test reports as you can from different AV labs and again, look for discrepancies.
  31. 1 point
    @display3958023 The reason is simple. All in one installer is available only for Windows. Information is available in the help of ESET Remote Administrator: https://help.eset.com/era_admin/65/en-US/deployment_scenarios.html?fs_local_deployment_aio_create.html In case of a mac product, you can either generate an agent live installer script, or deploy the agent installer manually. Installation of the security software product can be then performed using a software install task. PS: I would strongly recommend to upgrade your server to ESET Security Management Center V7, which was released more than a year ago.
  32. 1 point
    Marcos

    Eset updates

    Modules are stored in "C:\Program Files\ESET\ESET Security\Modules" by default.
  33. 1 point
    Starting Windows in safe mode is not possible only if the Device Control driver edevmon.sys has been removed from the disk without being correctly unregistered from a filter chain. A solution is to boot from another medium (e.g. SysRescue) and copy edevmon.sys from another machine with the same OS and ESET installed to C:\Windows\System32\drivers.
  34. 1 point
    itman

    ESET was automatically uninstalled

    Worthless if the attacker has remote control of the system. He will just enter the CAPCHA characters as you would if physically present at the device. As far as the CAPCHA validation server is concerned as long as the response are the valid characters requested, it satisfies the validation. Solutions such as Emsisoft primarily use CAPCHA to control disabling of real-time protection; not to validate software being uninstalled. Your best protection against hidden misuse of software uninstallers is to always keep UAC at its maximum level. This will ensure you get a UAC alert when such activity is taking place. Your overall best protection against unwanted system activities is to always use a standard user account for normal system activities. As such, any unwanted system activities requiring elevated privileges such as software install/uninstall will fail since that account lacks those privileges.
  35. 1 point
    Koissen

    Remove malware completely

    I am using an used laptop,i found some malware and uninstalled them,but i am not sure that is enough.In other words,what else do i need to do?
  36. 1 point
    Rsladeasu

    Eset Blocking Chromecast

    Im having this problem too. For me this is terrible...I am a personal trainer and I use chromecast to cast the days workout into my 2 classrooms. I can't operate without it. When will this be fixed?
  37. 1 point
    Microsoft added Tamper Protection in Win 10 1903. Oddly, it has to be manually enabled. I keep looking for a published bypass if it, but so far so good for Microsoft. It also appears to "have held its own" against the latest and greatest version of Trickbot which tried its darnedest to disable it: https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/ Such can not be said for MalwareBytes or Sophos.
  38. 1 point
    There is a default dynamic group Problematic computers which is defined as: That said, any machines that have a protection feature disabled will fall into this dynamic group. Then in Notifications enable this one which you can customize, if needed:
  39. 1 point
    itman

    Firewall Issue

    Don't believe this is an Eset firewall issue. When I was on the Sage web site, I received multiple alerts from uBlock Origin filter on FireFox about adware/tracking activities on the web site. Post a screen shot on any alerts from Eset it is generating while on the Sage web site.
  40. 1 point
    MichalJ

    Collect log policy

    Details are provided here, on the forum post:
  41. 1 point
    Mrsbex74

    Constant Certificate Warning

    No that's what worried me. Browser wasn't running at the time either. I've done a restart and it's stopped now. But things that go away by themselves generally reappear by themselves. It was really unsettling...
  42. 1 point
    am_dew

    Eset Blocking Chromecast

    Can this thing we call technology get any more complicated? I really feel for the non-IT types.
  43. 1 point
    lamar

    Eset Blocking Chromecast

    You are right from the technical point of view. From the valued customer's point of view the phrase "bug" is simply a synonym to ... "problem" ... "issue" ... "unexpected behavior" ... etc. I would rather highlight the fact that Eset did not belittle the importance of this question, and did promise an urgent solution.
  44. 1 point
    MichalJ

    esmc server not talking to itself

    Then the only option will be to remove the agent, and try to install it again.
  45. 1 point
    itman

    Eset Blocking Chromecast

    Well, I guess we have "come full circle" on this discussion. So let's summarize the options: 1. Local Chromecast dongle IP address exclusion. The Kaspersky article implies multiple addresses might be needed. Don't know fully what that is about but could imply router dynamic address assignment. Therefore static address assignment would be required as previously posted. 2. Exclude port 8009 from SSL/TLS protocol scanning. No qualms with this one since it wasn't being previously scanned. I also believe other ports might need exclusion but "time will tell" on that one. My own thoughts on this issue is the whole subject of allowing an IoT device direct access to your PC. But that's another separate topic discussion. A footnote comment. Eset has "opened Pandora's Box" in regards to future issues in regards to performing SSL/TLS scanning of all ports. I for one, will avoid assistance on any of those issues.
  46. 1 point
    peteyt

    EIS New Scanner Option Feature?

    The best way to look at pua also is there are many programs that people use that could be risky e.g. there are many people using registry cleaners and similar stuff. They are often risky and its debatable if they should be used, sometimes they may also try to install unwanted extra stuff, nag you to upgrade and other suspicious stuff but people use them and they like them. I often see people asking why their favourite software gets classed as a pup and its usually for something like that. With pups its not a virus so its down to the user to decide if the risks are acceptable
  47. 1 point
    Marcos

    EIS New Scanner Option Feature?

    I always recommend turning it on and exclude any such application by the detection name if it begins to be detected then and is intentionally used for legitimate purposes by the user. PUsA also cover tools that can be used by attackers to stop or uninstall AV in case of a breach via RDP for instance.
  48. 1 point
    HANDJOJO

    EIS New Scanner Option Feature?

    Dear Marcos, Please advise so it's to be better if this feature still in turn off for the common users?
  49. 1 point
    The security report referenced is the aggregate event status one that shows ever 30 days. When you have questions about Eset settings, always click on the "?" on the GUI page. This will open Eset on-line product help which will show detailed explanations for the settings: https://help.eset.com/eis/12/en-US/idh_config_ui_notifications.html
  50. 1 point
    False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!
×
×
  • Create New...