Leaderboard

There will be a fix for the issue in both Endpoint and ESET NOD32 for Linux desktop according to the latest news.

As I wrote, there will be a hotfix of ESET NOD32 for Linux desktop that will address the issue.

@Kirill Licenses for ESET products are not sold for a specific product version. Meaning, that with your current license you will be eligible to use the new V7 as well. Linux Endpoint product is the last one running the old version of architecture / scanning core, and it will be updated to V7 soon. We are already running a beta program (available here), V7 should not have this issue at all.

The current up-to-date version for desktop edition is the v4 Endpoint edition v7 is running as BETA currently , once it goes stable I believe they will start looking at building the v7 for desktop. The fix that Marcos talked about would be probably a small fix (hotfix) that will solve the issue with browsers and that's it , not a major upgrade.

Hi, You should create a full chain certificate which contains SSL cert, intermediate, root and private key. - Download XCA and install it. - Download OpenSSL and install it. 1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it: -----BEGIN CERTIFICATE----- (Your Primary SSL certificate from C:\temp\your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate part from C:\temp\TheTrustedRoot.crt) -----END CERTIFICATE----- 2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it! 2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside C:\temp\server.pemkey 3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform: cd C:\OpenSSL-Win32 openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx 4.) Your PFX file is now ready to be used.

You have a rootkit there. Either boot from a clean medium (e.g. ESET SysRescue) and run a full disk scan, or do the following: - start Windows in safe mode - move C:\Windows\System32\Ms96FB23EEApp.dll to another folder, e.g. to c:\eset - start Windows in normal mode - run a full disk scan.

In fact, I provided a proof that on Windows 10 ESET detected and blocked execution of the ransomware and protected the user where the other "free" AV failed. If you have a proof that ESET doesn't protect users well, please provide a proof and support it with logs and other necessary stuff.

Moreover, url scan and website content scan are two completely different things.

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

Unfortunately that is hard to confirm without testing or more date, but ERA 6.4 was definitely not tested in such environment. Errors seems to be more related to installer script, nor ERA Agent, but it might have the same issue - incompatibility with macOS 10.15 environment.

https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/ Ref.: https://support.eset.com/en/ransomware-shield-bypass-mitigations

Did receive the parental license information on the same day. That is why I did not understand why the ESET Security did not have a license as well. With that in mind I will continue my search for a "good price" on the ESET for Android. Thank You

Each distributor provides technical support for local customers and contacts ESET HQ in cases when deeper investigation is needed. After contacting customer care, you should receive a confirmation email with a ticket ID. If you didn't receive any, check the spam or junk folder. You can also try contacting customer care via the web form that is available through the wizard https://www.eset.com/uk/customer-care-wizard/.

Yes, this was a false positive, fixed at approx. 7:45 CET.

This is now resolved, in case it helps anyone I logged into the VA and enabled Webmin, I then accessed Webmin using a web browser, Servers section, ESMC then there was an option to repair ESMC Agent Connection. I entered "localhost" for the Hostname and the ESMC port then clicked the repair button and it fixed it and updated to 7.1 as I had this task queued from last year.

There are no delays in providing update files on update servers. The difference is caused by the default interval for checking for new updates which is 60 minutes. That said, it should take 1 hour at maximum for all machines to update to a particular engine version. Unlike EMSL, Windows v7 product use streamed updates to get updates against a group of threats every few minutes. However, in case of VBA malware only ESET Dynamic Threat Defense (supported by Windows Server products v7+) could shorten the reaction time and possibly recognize the malware even before it starts spreading by analyzing attachments possibly carrying malware in cloud.

The issue will be addressed both in Endpoint and NOD32 for Linux desktop.

Eset does use a blacklist of known botnet C&C servers. Only they know what it contains. However, Eset also uses this Botnet detection for inbound brute force attacks. Another thread on same alert here: https://forum.eset.com/topic/21967-increasing-botnetcncgeneric-detections/

These settings are for Endpoint 7.2. If applied to older versions, they are converted to the appropriate setting (e.g. PUA balanced or cautions detection will merely enable PUA, setting it to Off will disable PUA detection). Aggressive detection is applied only by Endpoint 7.2+. We recommend upgrading to ESMC 7.1 and Endpoint 7.2.

This seems to be a known issue that doesn't exist in Endpoint v7.2. It will be fixed in ESET File Security 7.2. Unfortunately I can't tell when it's due for release at the moment.

When making a statement like this, please provide details on what occured. If for no reason other than to determine if there is an on going issue with existing Eset protection methods. Today's AV products are designed to prevent malware from being downloaded and installed on devices. Pertaining to malware that may have existed prior to AV installation, AV detection is limited in what it can detect. For example, you may have had a backdoor installed or some other stealthy hidden malware that is difficult to detect via signature or behavior methods. When it comes to today's malware, the axiom, "An ounce of prevention is worth a pound of cure" very much applies.

First of all, installing an antivirus without taking other measures, such as keeping the OS fully up to date and patched, avoiding opening suspicious email attachments, clicking suspicious links or keeping RDP enabled without restrictions is not enough. Moreover, no security solution can ever protect from 100% of threats. Not sure what happened, if your files were encrypted by ransomware or what you actually paid for. Technical support is provided to our users for free. Also without any further logs, proof and information what actually happened it's unfair to blame ESET.

The patch was included in the Jan. cumulative update for Win 10 release last Tues.. For Win Server 2016 and 2019 which are also vulnerable, one will have to check with Microsoft on how the patch is being delivered or download the patch from the Win Catalog web site.

I expanded column header and found 2 columns that were also configured cleared them and everything is working properlu Thank you

Microsoft has already released a hotfix for the vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

🤝

You can find that here : I believe Google did some kind of change in Chrome that change is making problems with the legacy code of v4. EDIT : Also I am sorry If I was rude or aggressive with my reply , I didn't mean that. But you made me angry

Sorry for pressure. My fault. But you are just looking at wrong browser, it would not be affected at all, as I understood. Also (not for being rude, but for numbers and talking about the same things) - the problem potentially affects more than a half of users of linux platform. The ones, who use ESET product for this platform, actually.

Hello, As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement. I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users. HTH

To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority. One of such certificate authorities is let's encrypt who provide certificates for free. ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store. @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.

As for the files that could not be opened and scanned, just ignore those messages. They all seem to be standard files that are exclusively used by the OS or you don't have permissions to access them. As for the scan time, most likely it was not the first on-demand scan you've run so the scanner already had information about whitelisted files and skipped them.

Hello guys, I opened a ticket with the dev team to check the logs provided by @Camilo Diaz In case you have the logs (as described by Marcos), or are willing to record them feel free to provide me with them so I can have them checked... Regards, Peter

As I wrote, it's a rootkit so you and other apps / AVs won't normally see it. You should see it in safe mode.

Hello, What you have to do is to configure the proxy for both the agent, and the mac security product. In case the macs are showing not correct "last connected time" it would mean that they are not able to connect to the server at all, which is the thing you should troubleshoot. To confirm this, please check the status.html of one of the mac agents. Also, what makes me confused is, that you mix topic of proxy and mirror. When you refer to mirror, do you mean actual offline generated mirror by mirror tool, or you utilize the proxy caching function. In this case, you just need to configure both agent / endpoint to communicate via proxy, and they should get the updates from there automatically. Please note, that in ESMC 7.1 you can configure proxy details for the agent live installer, and also choose a policy that will be applied to the machine. @Marcos can you please move this to "ERA" portion of the forum?

You are lying here. Yes, NOD32 maybe does not specifically affect browsers. But to intercepting launching viruses you installing intercepting library affecting all applications. Even which launched via systemd. Error SIGILL (Illegal instruction from Chrome output in terminal) usually means that application was compiled for newer CPU which have instructions which you CPU does not have. In past Chrome already started to SSE2 instructions which was not on Pentium 4 and some Atoms CPUs. But in this particular case reason is different since after uninstalling ESET Chrome 79 starts working normally. Maybe during injection your code in Chrome (from library libesets_pac.so ) something leads Chrome (or maybe ESET) to execute illegal instruction. Besides Chrome CUPS subsystem (printers) not working with ESET. I don't know since when. In logs both says "ERROR: ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored." Maybe because of NOD32 unable to inject libesets_pac.so code using LD_PRELOAD in Chrome and inject successfully some other library then it leads to inconsistent behavior. Visually Chrome 79 with ESET installed blinking randomly with some freezes. Chrome uses dedicated processes for rendering pages which only "streaming" rendered content to main process with UI for presenting to user. Maybe Chrome 79 using some new IPC methods to transfer rendered content which NOD32 intercepts and parsing for too long (causing blinking in main UI process' OpenGL Context). I've never looked to Chromium source code so I'm not sure if I'm right about new IPC (if it is new). Also I mine cause graphical system in Ubuntu is X11. It is better to other victims of such error to reply if you are using Wayland (in case X11 do not answer to prevent flooding in thread). It is maybe related. To check which system you are using enter in terminal following command: echo $XDG_SESSION_TYPE

That's a huge number so a dedicate machine with http proxy will likely be necessary. ESET Dynamic Threat Defense runs files potentially carrying malware in a sandboxed EDTD cloud environment. It leverages multi-stage analysis, where it combines advanced detection techniques with behavioral analysis and machine learning. Scan results are shared among all computers in an organization. In combination with Mail Security products, EDTD allows for delaying email delivery until a result of scan is received and only then clean email is passed to mailboxes. EDTD substantially improves protection from malware spreading in Office documents for instance. As of Endpoint 7.2, it's possible to block execution of files downloaded via email clients and browsers until the scan result from EDTD is received. If you are interested in trying out ESET Dynamic Threat Defense, please contact your local ESET distributor or drop me a message. Another product for enterprise users that we offer is our EDR solution ESET Enterprise Inspector which provides you with insight into what's going on in your network. With more than 200 pre-defined rules you get a good overview of possible security incidents that you can subsequently respond to or track them back to the source.

Make sure you check for updates again: https://www.ghacks.net/2020/01/08/firefox-72-0-1-fixes-a-security-vulnerability-that-is-actively-exploited/

Hello, sorry for the late response. Both Apache and PHP are planned to be updated in the first half of this year. Regards, Tomas

Hello @Patrick van Lier, You just need to remove the corresponding DNS entry (as per the screenshot below) and restart the ESA Core Service.

Here is Quttera's detailed report on 9anime.to: https://quttera.com/detailed_report/9anime.to It found 23 malicious JavaScript files on the web site. All appear to be hosted at defpush.com.

I just install ese internet security 2020.after that i cannot access to some websites

The fact that a particular AV detects more than ESET doesn't make it better. Rogue applications also find a lot of issues even on clean operating system and it doesn't make them better, quite the contrary. If you think that ESET has missed a threat, feel free to submit MBAM's quarantine to samples[at]eset.com and we'll most likely confirm that the object is not subject to detection.

You shouldn't do it since the site is being detected as hosting malware.

Do you know when this update will be released publicly? Or how can I avoid this error? At the moment, I get a BSOD several times a day, as well as data loss in some programs due to incorrect file saving. The minidump shows the same driver with the same parameters. As an option, I see only the complete removal of ESET Internet Security, since it is not known when the update will be released.

I assume the problem is you have "Restrict URL addresses" enabled. According to the help: To only allow access to URLs listed in the Allowed URL list, select Restrict URL addresses.

It is unclear what you want to do. Refer to this Eset knowledgebase article for options available when the potentially unwanted application alert appears: https://support.eset.com/en/what-is-a-potentially-unwanted-application-or-potentially-unwanted-content

If you think that using a particular potentially unwanted application outweigh possible risks, you can exclude it from detection by unfolding advanced options in the alert window, checking "Exclude signature from detection" and then clicking "Ignore". Afterwards the particular PUA detection won't be triggered again.

It's because of this: https://support.microsoft.com/en-us/help/2664888/computer-stops-responding-when-you-run-an-application-that-uses-the-wi So the solution is to make sure the hotfix is installed, then install EFSW and enable Web & Network protection during installation.

You can create 2 rules, one permissive rule with the trusted zone added on the Remote tab and another blocking rule without any IP address or zone specified and put the permissive rule above the blocking one.

@TheMartin Thanks for the feedback / suggestion. I will contact our documentation team, and ask them to prepare the tutorial (video / documentation) with the topic "how to update my ESET environment on the latest version in the simplest way". I agree, it would be a helpful content, which should be more actively promoted in documentation and KB.