Leaderboard

You are just angry at something that you can't change , all companies do the same , they release an update and then they give the change notes after a while , or go meet Microsoft , they won't tell you what changed. or say hello to Steam I don't represent ESET , and I don't work for them , but a delay of a bit or few hours after being posted in their download page and after that to their forum , it doesn't mean anything bad , they have posted it they didn't hide them , It's just a matter of a little bit of time delaying the upgrade so you can read the notes and after than initiate your upgrade or delay it for next version.

Hello @itman, the .exe itself is not malicious, it loads the .dll, which is being detected... Peter

I am 100% there with you, I am now disappointed that you make the effort to test the software, report the errors found to the German support and all reported errors in the final, or so-called final, in my eyes nothing more than a very bad beta version is to find again + to find the errors of the previous build again, if this continues with Eset, I will also consider whether I should pay for it and that although I am an absolute Eset I'm a fan and have been using it since NOD v2, I am really very disappointed!

Mobile Security needs some kind of permissions for Anti-Phishing to work properly , have you enabled that?

It's enabled for newly created and modified by default which is enough. Moreover, web access, email protection, startup scanner and idle-state scanner have it enabled by default too.

If you ran a custom scan, make sure that you didn't enable scan without cleaning:

Hello, this option is already available in ESET Cloud Administrator console. Currently, as agents are updated via "Components upgrade task", which does not differentiate between agents, and other components of the ESMC infrastructure (server / webconsole) this option was disabled. However, in Cloud the server is fully hosted / maintained by ESET, so "one click agent updates" are possible. Please note, that for the future releases we work on "automatic agent upgrades", meaning agents would automatically upgrade themselves to the version compatible / matching with the server.

Simple answer here folks is Eset normal channel release updates are region specific. Select countries will see the release prior to other countries. It has always been this way.

ESMC is a complex mission-critical product and it's important for administrators that it runs reliably all the time. Upgrade should be performed after backing up the database and at the time when administrators can afford to solve possible issues should something go haywire during upgrade. Likewise administrators do not let server systems upgrade automatically and immediately after the OS maker releases updates not addressing critical vulnerabilities.

Got it, Turns out I had made the change already. My memory just isn't what it used to be. Getting old isn't fun at all, but it beats the alternative. Thanks to both of you for your help.

Hello, Our service provider is currently having issues with deliverability to certain email domains, yours included; they have raised an issue with their upstream email provider. In the meantime, we apologize for the inconvenience. Tomas

Since this forum is not a channel for disputing detections and url blocks. we'll draw this topic to a close. Only the security malware lab is entitled to make decisions about url blocks. In this case, the blocks appear to be ok. Aggressive or misleading ads are subject to detection as well.

Hello @Mr.Gains, thank you for your post, to resolve the issue you describe (I believe I understood correctly) I suggest to do the following in an EFDE Policy: set "Maximum uses" under "Recovery Password Uses" to 2 AND "Automatically generate new recovery password" under "Recovery Password Uses" to YES AND "Generate when (uses remain)" under "Recovery Password Uses" to 1 This way you will restrict use of one recovery password to 2 uses, and after the 1st use a new one will be generated and will become a valid recovery password AFTER EFDE connects with ESMC. With more attempts than set in a policy, it sounds like a bug. Could you please raise a tech. support ticket for this issue? we will investigate

You must use the "Warning" severity for the desired Web control rules to send the data to ESMC. However, be careful to not use it for rules that allow or block too many urls or it may have adverse effect on perfomance of the ESMC server if many clients start to send a lot of data.

That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules.

Itman doesn't work for ESET so he cannot know. I do and I don't know either because the module is being tested and no ETA is available. All we can say at this point that the module will be released soon, most likely within a couple of days.

never mind.. Sorry for the noise. [1] answered my question. [1] -

I turned on startup scan in normal mode and enabled AppVerifier in safe mode. When I returned to normal mode, ESET did not load into the system, and the issue cannot be triggered. I tried manually open ESET Security through Start Menu, but nothing happened after I clicked the icon.

Yes, the scans with this build take much longer, it takes about twice the scanning time for the same files as the previous build!

The only known issue with v13.2.15 is that the registry and WMI scanners attempt to scan also non-existing objects. This will be fixed via a module update soon. As for other issues, I'm not aware of other users having reported them with one exception. Please report them to your local ESET support with steps how to reproduce them. If necessary, the support will ask for further logs necessary for troubleshooting. As for a bug-free software, there's nothing like that. We don't live in a perfect world and every software maker releases new versions and updates to address reported issues. Even Microsoft releases monthly updates with fixes.

I mean newly created and modified files

It's possible to use the PASSWORD="%password%" parameter (https://help.eset.com/era/53/en-US/idh_ra_remoteinst_commandline.html) from the command-line.

I will also add that in-product updating is always a more secure update method that manual updating; contrary to popular belief. Manual updating opens one up to a phishing attack. A recent example is the WastedLocker ransomware that deployed a fake Google Chrome update request.

Correct. However, I don't see any good reason for not updating modules automatically.

Hello, Yesterday NOD32 urged me to upgrade to 13.2.15, but there was no official mention of this new version here. Only a few hours ago you published here such an announcement post... This is a bad way of work - before I upgrade, I wish to know what is changed. Please, in the future - do not release the binaries to be updated at clients before you have a public matching post with details about the new version. Thank you.

EFI/Computrace detection is correct, it's not a false positive.

Try deselecting WMI and registry in the targets setup. The number of not scanned files should decrease significantly.

I'd recommend opening a ticket with your local support. Provide ELC logs as well as a dump of ekrn (create it via the advanced setup -> tools -> diagnostics -> create). Prior to creating the dump, do following: - turn off protected mode - restart the machine - attempt to activate the product - create a dump of ekrn but not later than 20s after you attempted activation

As far as I know, it's a rule of thumb that vendors publish changelogs with the release which also happened this time. In the course of testing a new version, changes may not be final and may still occur to the final version.

First, just what is KMS-R@1n.exe? https://www.quora.com/What-is-KMS-R-1n-exe-Does-it-affect-my-computer?share=1 If you are using a "cracked"; i.e. illegal version, of the Windows OS or any other legit Microsoft software, removal of KMS components will cause all licenses associated with them to become invalid. If all your software licenses are legit paid ones from the software manufacturer, then there is no reason for KMS associated components to remain on your PC. This situation is also a classic example of why Eset does not enable the potentially unwanted software option by default. Eset's stance to date is they are not the "software license police." The previous said, using of cracked software these days is a risky undertaking since the crack installers are increasing being used to push malware on installed devices.

Maybe it has something to do with the license you've used for activation. We do not sell to Iran. What is the public ID of the license you've used?

1, Reproduce the issue. 2, Check the wizard for the most recent blocked communications. 3, Allow the desired communication. The wizard will create a rule. 4, If the issue is resolved, check details of the created rule and create a policy with the same rule.

It's already available in the repository:

If you run 2 scans in a row without any module update in between, the second scan will be significantly faster (unless you have a lot of archives on the disk). However, if modules are updated between the scans, the second scan will not be that quick since cached results from the first scan will be invalidated.

Do you have Endpoint v7.3 installed? Next week we're going to release a hotfix v7.3 which will also have some issues with Scheduler fixed so it might be worth to try it then.

Automatic updates are ensured via the regular automatic update task in scheduler. You can control how often the task will run. By default it's 60 min. but it's also possible to shorten it to 10 min. if I remember correctly. The "more frequent updates" settings refers to streamed updates that are downloaded every few minutes.

Hello, If you bought the license from one of our official resellers, it is bound to the country the reseller is based in. If this is the case and you later moved to another country and would like to continue to use your license, please contact your local ESET office who can help you with that. However, in case you bought the license from a grey market, we can't guarantee its functionality, as it was probably obtained somewhere else for a cheap price and then sold to you online by an entity not authorized to do so. In situations like this, we can only suggest to contact the reseller who you purchased from, ask for a refund and get the license from an official source, which can guarantee license validity and customer support. Regards, Tomas

Just be aware, that if testing instance will be created on top of your existing ESMC database (as described in migration scenario), your original and new ESMC instances will share synchronized licenses in a way that when you modify list of synchronized licenses in one instance, it will impact also original/production servers, so my recommendation is to deploy completely new testing ESMC instance, instead of re-using existing database.

Hi @Cameron. Yes, you can easily setup a new ESMC server, deploy couple of endpoints. If you activate those endpoints, they will add to the total of your license, meaning if you for example have 100 licenses, and 95 are used on the "current ESMC", then you have 5 seats to use on the new ESMC instance.

Already replied here: https://forum.eset.com/topic/24551-domains-false-positive/ Again, this forum is not a channel for disputing detections and url blocks.

Thanks Marcus and yes we're having a look at these various products at the moment.

So far, so good. Will post again if it starts acting up again.

Before we can deal with particular issues we need to learn about them first. While I noticed this issue about 2 days for the first time, it was more-less random and since nobody else has reported it here, I was trying to find the common pattern and troubleshoot it further. Now that we've learned that more of you have run into it as well, we have reported it to the forum provider to look into it and fix the issue.

Indeed only DER format is supported for both import and export of CA certificates. We will have to check whether it is clearly communicated.

ESET Dynamic Threat Defense (EDTD) is an additional service that can be purchased. EDTD provides another layer of security for ESET products by utilizing a cloud-based sandboxing technology to detect new, never before seen type of threats. It substantially improves detection and protection from new threats both on servers and Endpoints where execution of downloaded files or files received via email can be blocked until results of EDTD analysis are received. If you don't have an EDTD license, do not enable it in policies. Otherwise I'd recommend to consider purchasing the service.

I want to add to this that this also happened to me on two computers that I was testing the upgrade on where it immediately performed a scan after the upgrade was completed and promptly shut down the computers. The event log confirmed it was an ESET-initiated shutdown after a scan completion. This is the same as the others have reported, but not a scheduled task, and not on demand, but immediately after the upgrade. Being located 1700 miles away from the office, and during a pandemic where no one else is in the office on a regular basis, it took a full week to get someone in there to turn these computers on. Fortunately, they were computers that were not in use by anyone, so were perfect candidates for this upgrade. Of course, I can't risk updating any other computers to 7.3 until this is confirmed as resolved.

As for submitting suspicious files found during a scan to ESET, you configure it after you launch EOS:

Seems that creating the following rule is sufficient: Name: Allow Teams Helper App: /Applications/Microsoft Teams.app/Contents/Frameworks/Microsoft Teams Helper.app Action: Allow Direction: In Protocol: TCP & UDP Ports: Remote Remote Port: All Destination: Entire internet

False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!

Hi Team, Description: Example REST API usage with Perl / Python Detail: An example document on how to use the API with Perl would be helpful you have one using C however I would just like to create a few script based calls to it using Perl for use with Nagios and other systems I have to integrate further with our other tools. Description: Failure Details inside Web Interface, Detail: Most of the time when a task fails it provides hardly any details why I need to follow the rabbit hole to the trace log, Description: Slackware Linux Support /+ Native x64 support without 32 bit libs Detail: I run 100s of Slackware Servers and have gone away from multilib etc, Also activate product from Remote Administrator rather than having to download an offline license for them Description: Use Latest option for software install Detail: Software install of ESET use latest option would be helpful eg tick a box and policy would always use the latest version available of eg Endpoint Antivirus when running the task Description: From Dashboard take filters and generate a Dynamic Group / Action Detail: I forever have out of date machine on the dashboard and have to copy the filters down and go an create a dynamic group from them to trigger an upgrade can a button be incorporated ( where you have generate CSV /PDF etc ) to say generate dynamic group please Thanks Tim