Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 08/31/2017 in Posts

  1. 4 points
    Aryeh Goretsky

    Rules of the ESET Security Forum

    Welcome to the ESET Security Forum! ESET is pleased to provide you with this resource in order to make it easy for you to ask questions and receive answers about ESET's products and services. Understand that the ESET Security Forum is a private community for existing customers of ESET, prospective customers who are interested in ESET's software, ESET employees and business partners. Because of this focus, it is not like a general public forum, where conversations take place on a variety of non-ESET and non-security related topics. With that in mind, we have the following rules in place: When registering for an account on the forum, please fill out the information accurately and correctly. Do not enter the Username and Password for your licensed ESET software, but instead choose a username (in Latin) unique to this forum. You should also choose a suitably complex password unique to this forum as well. Do not create multiple accounts. If a person is found creating multiple accounts, ESET reserves the right to take whatever actions it deems necessary, including banning, blocking, deleting and/or merging them. The exception to this rule is ESET staff, who may create multiple accounts for testing purposes. No impersonating other forum users, ESET employees or other people. Use appropriate language in the forum. No vulgar, obscene or rude language will be tolerated. No vulgar, obscene or otherwise offensive images or video will be tolerated. ESET staff have the right to move, edit or modify messages that you post. This may be done for clarity, to move a message to more appropriate forum where it will receive more attention, or for other reasons outlined in these rules. All decisions by ESET staff are final, and not open to discussion. This list may be updated at any time. Please periodically visit this page to review any updates. Do not post direct links to any executable files, malicious/suspicious software or web sites in public messages, even if you think the software or site is clean and incorrectly detected by ESET. Break up the URL by inserting spaces into it, or replacing the protocol handler with an obfuscated one, like . Do not attach malicious or suspicious files to messages, even if you think they are clean. Write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post any personally identifiable information (PII) about yourself, such as an email or mailing address or phone number, in a public message. Do not post the username and password or license key for your ESET software in a public message. Do not post links to software cracking tools, license key generators, pirated copies of software or other illicit software in the forum. If you wish to report a site, write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post private correspondence (private messages, email, etc.) publicly within the forum. Do not post "A vs. B" or "Which product is best?" type messages in the forum. Do not post overtly commercial messages in the forum (this includes in your signature). Do not pre-announce releases. Due to differences in scheduling, it may sometimes take several hours after a release has appeared on ESET's web site for the release announcement to appear here in the forum. Do not abuse the forum's rich text controls. Messages and signatures with inappropriate font selection, including size, color and, for signatures, length, may be edited by forum staff to conform to standards of decency. Do not ask other users for logs, especially if they may contain sensitive or other personally identifiable information. Posts made on behalf of a 3rd party company may only be made from accounts registered with an email address from the company's domain (verifiable by ESET staff). Do not use the "Report post" function for other purposes than reporting inappropriate content requiring moderators' attention. Do not report possibly incorrect detections or blocks (false positives) in the forum unless they may affect a lot of users. If you think that your application or website is detected or blocked incorrectly, please report it to ESET as per the instructions at https://support.eset.com/kb141. Be civil, do not post sarcastic, offensive or mocking comments towards any person or entity. Do not post messages that are off-topic, keep the discussion to the point and do not lead it astray. To discuss a different, unrelated issue or question, always create a new topic. If you have any questions or comments, please contact one of ESET's moderators. Last Revised: 5 March 2019.
  2. 3 points
    False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!
  3. 3 points
    Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
  4. 3 points
    Hello, we will be rolling out this change by the means of a module update in the upcoming weeks.
  5. 3 points
    As introduced here (KB News) and here (KB Alerts), I am unpinning those threads and replacing with this one. We now have RSS/email subscriptions for News, Alerts, and Customer Advisories. Information and instructions to subscribe is available here: Subscribe to ESET Knowledgebase Support News, Alerts and Customer Advisories
  6. 2 points
    Perry

    MDM certificate

    Hi, You should create a full chain certificate which contains SSL cert, intermediate, root and private key. - Download XCA and install it. - Download OpenSSL and install it. 1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it: -----BEGIN CERTIFICATE----- (Your Primary SSL certificate from C:\temp\your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate part from C:\temp\TheTrustedRoot.crt) -----END CERTIFICATE----- 2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it! 2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside C:\temp\server.pemkey 3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform: cd C:\OpenSSL-Win32 openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx 4.) Your PFX file is now ready to be used.
  7. 2 points
    Marcos

    Win32/TrojanDownloader.Delf.BTT

    You have a rootkit there. Either boot from a clean medium (e.g. ESET SysRescue) and run a full disk scan, or do the following: - start Windows in safe mode - move C:\Windows\System32\Ms96FB23EEApp.dll to another folder, e.g. to c:\eset - start Windows in normal mode - run a full disk scan.
  8. 2 points
    Ekrn.exe is the crucial process responsible for protection. It starts with Windows as early as possible.
  9. 2 points
    itman

    Files encrypted by ransomware

    I have long argued that what is need is a "professional" version of Eset consumer products. For example, the above mentioned EES 7.2 aggressive option could be one feature provided. Another I would like to see is more aggressive reputational scanning options such as the ability to alert/block unknown non-system processes and the like. Etc., etc.. To date, this has fallen "on deaf" Eset ears.
  10. 2 points
    Well surely this is not a direct solution to your problem but don't use uTorrent, use open source, ad free alternative Qbittorrent: https://www.qbittorrent.org/
  11. 2 points
    It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
  12. 2 points
    Description: Prevent sleep during scan. Detail: Windows can put the computer to sleep before the scan is finished. That is very annoying. There should be an option to prevent that from happening. Oops, it's a coincidence that @zeromido asked someting similar here right above. Before I started typing, I first searched the forum for "scan prevent sleep".
  13. 2 points
    Another nice feature for the firewall component that would help a lot with maintaining the firewall rules: Description: Firewall rules cleanup of unnecessary / invalid entries Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.
  14. 2 points
    Chris Todd

    Introduce yourself

    Greetings from Australia. My name is Chris, retired Electronics Engineer. I have been using ESET products for many years and am well satisfied with the protection they give me. I am a bit of a "tinkerer" and have 4 installations Windows 7-32, Windows 8-32 , Windows 10-32 and 64 on the one machine. being able to boot into an old version of Windows for recovery procedures has "saved my bacon" a few time when things went awry or got too scrambled in W10 which I use most of the time. An interesting fact about me ?? Nothing exciting ! I am a traveller, haveing visited over 70 countries on fact finding vacations. I am an AVID chatter using SKYPE and other forums with acquaintances in mainly sanish speaking countries.
  15. 2 points
    This will change as of ESMC (ERA v7) in the way that handled threats will be resolved automatically.
  16. 2 points
    I have checked this with the developers, and we are going to change the behavior in V7. If you select "only computers", all of the computers under "DN" will be synced, not only direct parent ones. So it should behave according to your expectations. With regards to the "users", what is the usecase for you? For what do you use the? Do you manually create linking between users & devices, or use the user variables in policies for Endpoint or MDM?
  17. 1 point
    The current up-to-date version for desktop edition is the v4 Endpoint edition v7 is running as BETA currently , once it goes stable I believe they will start looking at building the v7 for desktop. The fix that Marcos talked about would be probably a small fix (hotfix) that will solve the issue with browsers and that's it , not a major upgrade.
  18. 1 point
    Marcos

    Eset Uninstalled by itself

    First of all, installing an antivirus without taking other measures, such as keeping the OS fully up to date and patched, avoiding opening suspicious email attachments, clicking suspicious links or keeping RDP enabled without restrictions is not enough. Moreover, no security solution can ever protect from 100% of threats. Not sure what happened, if your files were encrypted by ransomware or what you actually paid for. Technical support is provided to our users for free. Also without any further logs, proof and information what actually happened it's unfair to blame ESET.
  19. 1 point
    The patch was included in the Jan. cumulative update for Win 10 release last Tues.. For Win Server 2016 and 2019 which are also vulnerable, one will have to check with Microsoft on how the patch is being delivered or download the patch from the Win Catalog web site.
  20. 1 point
    Microsoft has already released a hotfix for the vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
  21. 1 point
    Rami

    Chrome 79 always starts a core dump and crashes

    You can find that here : I believe Google did some kind of change in Chrome that change is making problems with the legacy code of v4. EDIT : Also I am sorry If I was rude or aggressive with my reply , I didn't mean that. But you made me angry
  22. 1 point
    You shouldn't do it since the site is being detected as hosting malware.
  23. 1 point
    itman

    Again & again coming message window

    It is unclear what you want to do. Refer to this Eset knowledgebase article for options available when the potentially unwanted application alert appears: https://support.eset.com/en/what-is-a-potentially-unwanted-application-or-potentially-unwanted-content
  24. 1 point
  25. 1 point
    Aryeh Goretsky

    Friends visit and want my wifi

    Hello, ESET is not in the wireless networking business, but using a guest wireless network without access to your own internal network of machines is a good start. Keeping the router up-to-date with the latest firmware from the manufacturer is important, too. If they are no longer providing updates, you can look to see if firmware from a third-party is available, such as DD-WRT, or replace the router with a new, supported device. If you are using ESET Internet Security or ESET Smart Security Premium, you can use the Connected Home Monitor feature to see what is attached to your internal network. For scanning other people's computers, you may want to consider using a USB flash drive with ESET SysRescue Live installed to it. Regards, Aryeh Goretsky
  26. 1 point
    Rami

    Files encrypted by ransomware

    It's now detected by ESET : Win32/Filecoder.NZG In my opinion what needs to be improved is the machine learning and HIPS , but I am not expert like those who program at ESET for sure , also as SeriousHoax said , Application Manager and Reputation(rep is already there) , to be combined with everything , so the AI could try to decide if this app is trying to do malicious things or it's not. But I could be mistaken , I don't know , but also as ITman said , nothing is 100% safe.
  27. 1 point
    You should not log into the phantom account or it will be reported to you as a suspicious operation in the Anti-Theft portal.
  28. 1 point
    What I would try as a last resort before raising a ticket would be to remove the licenses from your ESMC, and try to re-add them again, either manually, or via the business account credentials. Adding them in our test environment shows correct expiration dates, for December 2021.
  29. 1 point
    Is he a decent tester? I rarely watch any of these videos normally as they can be sneaky with how they test e.g. disabling key features. Not heard of this channel
  30. 1 point
    TheMartin

    Automate updates

    Thanks Michal, I guess what would be nice at this point is a simple tutorial how to keep the agent and security product up to date on a group of systems. So I have a server group I deal with manually, but for workstations I just tick the "do not reboot if required" box and let the user reboot when they see the message. I'd just like to automate for all of them. I have found the "outdated applications" panel so I've been using that for the week, which I guess is the simplest method at this point. Looking forward to micro PCU and auto agent updates in the future.
  31. 1 point
    Dear Linux community, We’ve been working on the new generation of our solution for Linux desktops for quite a while. The hard work of our development & QA teams, using technologies developed for the ESET File Security for Linux 7, were materialized into the first BETA version of our Endpoint product, which we would like to share with you. To mention just few of the top new features: Completely new distributed architecture, natively 64-bit, with better performance, security and stability New technology for On-access scanning by means of ESET-in-house-developed lightweight kernel module Optimized for multi-core performance Compatible with latest ESET Security Management Center 7.1 If you are interested in getting a chance of a hands-on experience with it and see the full list of improvements, just leave a comment here or send me ( @Peter Randziak) and @TomasP a private message. We are looking forward to your participation.
  32. 1 point
    @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510
  33. 1 point
    I was having the same issue on a Pixel 2 after the Android 10 update. Permissions were set to Always. Disconnect/reconnect to home WiFi fixed the error. Thanx.
  34. 1 point
    When esets_proxy is heavily utilizing the CPU, select esets_proxy on the CPU tab in Activity Monitor. From the menu choose Sample process and Save as. Please provide the file along with ESET Log Collector logs to customer care. You can also upload the files here.
  35. 1 point
    Description: ESET Sandbox + ESET Auto SandBox Details ; I Want add ESET sandBox + ESET auto SandBox like avast sandbox + auto sandbox The avast! Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. Programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files. This feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab.
  36. 1 point
    BeanSlappers

    Future changes to ESET web portals

    Have full control over devices connected to the account, like remote updates, remote settings, remote scanning etc.
  37. 1 point
    TomFace

    Forum Feedback

    A nice addition to the Forum...hopefully folks will take the time to read it.
  38. 1 point
    Description: Showing (or downloading) debug logs when tasks fail. Detail: Somewhat similar to my previous feature request, having the debug log generated during the task (akin to trace.log) and when it fails, there is a link to download the log file for that particular process. Rationale: It's to allow the Remote Administrator to figure out what is going on within the process without needing to go into the client's workstation.
  39. 1 point
    dwomack

    Welcome to the ESET Security Forum

    Welcome to the official ESET Security Forum! While here, you can ask questions or give feedback about ESET products and services, receive prompt answers from qualified support technicians and interact with the ESET community. Before posting, check out the video below and read the Rules of the ESET Security Forum VIDEO: If you get stuck, please check out our dedicated FAQ section and Help section.
  40. 1 point
    ESET's products are install-and-forget. You don't have to care about setting up anything and it will protect you in the background. It can't be easier than it already is in my opinion.
  41. 1 point
    Hello @pps, I would say the catch is in the fact that you are using customized message to be shown to the user ("Blocked webpage message"), which replaces the original wording including the categorization hint. On the other side, resetting the setting should instantly start showing the original wording, which seems not to work for you, so can you please double-check for me, if the blocking rule is category-based and not (overruled by) URL-based type? Maybe a screenshot from the "Edit rule" dialog? Thanks.
  42. 1 point
    @Rémi Primary reason was optimization of dev/QA costs, where MySQL is platform agnostic, so can run on both Windows & Linux systems. MariaDB is only for Linux. We have received few such questions, however it never went "too high" into the priorities list, in order to be done. We have however such item in the backlog for the future releases.
  43. 1 point
    Please add virtual keyboard for entering password on screen with mouse on vritual keyboard.
  44. 1 point
    separate scans for - a vulnerability scan AND a root-kit scan - ala - KTS
  45. 1 point
    TomFace

    Introduce yourself

    Hello chris020. Glad you are here.
  46. 1 point
    Personally, I think this would allow us to sell a lot more ESET. Going a bit further, I wonder if it is possible to get the expiration date of the installed product? Then a month or two before the competing product is due for renewal, we as MSP's can go in and quote for the renewal. Andy
  47. 1 point
    Yes--the suggestion for handling it without user notification is better. It's confusing and frustrating for users right now. The only other way to do it would be to make sure the user only gets one prompt.
  48. 1 point
    Description: Set default trigger to expire in a day Details: Currently when creating a new trigger the default is to expire the same time the trigger is created, so basically the trigger will never run unless manually changed, please change this to either force us to put in an expiration time, or change the default expiration to at-least a day later. Thanks
  49. 1 point
    Please open a new topic and provide more information, including hashes of the malicious files. It is not true that ESET is bad at protecting against ransomware, quite the contrary. Of course, if you have a weak overall protection and an attacker with admin rights manages to remotes in, no matter what security software you you since with admin rights the attacker can do virtually anything, including disabling the security sw prior to running ransomware. Again, no security software detects 100% of threats and if you claim the opposite, we could prove you to be wrong.
  50. 1 point
    You will need to show an example of an .exe that Eset HIPS did not detect running in Interactive mode. The only way I know that could occur is if you inadvertently created an allow rule while running in Training mode or by manual creation. One possibility for example is that an allow rule was created for a process to start another process. If the allow rule did not specifically state what process start up was allowed, then Eset will allow any child process startup from the parent process.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...