Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 08/31/2017 in Posts

  1. 5 points
    Greetings! Listed as fixed in 7.3 "An on-demand scan launched from the ESMC console could shut down the computer even if this post-scan action was not selected" is exactly what started happening after I've upgraded Endpoint clients to 7.3. Never happened before. The process C:\Program Files\ESET\ESET Security\ekrn.exe (WKST-VRN-BKP01) has initiated the power off of computer WKST-VRN-BKP01 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Other (Planned) Reason Code: 0x80000000 Shutdown Type: power off Comment: Computer scan completed That comes from scheduled scan policy (daily on-demand scan with post-scan action set to "no action"). All upgraded endpoint clients have been shutdown after this scan. Fix it please!
  2. 5 points
    https://www.eset.com/sk/o-nas/press-centrum/eset-tlacove-spravy/nadacia-eset-podporila-vyvoj-slovenskeho-testu-na-koronavirus-a-financuje-prvych-100-000-kusov/ Machine translation: Scientists from Slovak companies MultiplexDX, Lambda Life and ProScience Tech have joined forces with virologists from the Biomedical Center of the Slovak Academy of Sciences (BMC SAV) to build a reagent kit according to the World Health Organization (WHO) protocol for reliable detection of SARS-CoV-2. In the first phase they plan to produce and make available 100,000 PCR tests. The ESET Foundation supported the development of the test and finances the first 100,000 pieces to be offered as a gift to the Slovak Republic. Key components have been developed and manufactured by MultiplexDX, a company dedicated to developing and manufacturing innovative reagents for various molecular diagnostic methods. The Slovak PCR test is currently being validated in cooperation with a team of scientists from the BMC SAS. Preliminary results show not only the functionality but also the good sensitivity of the new test, comparable to the currently used diagnostics. “This means that our test is reliable and accurate and can help diagnose early-stage patients. We can produce key components for 100,000 PCR tests in two weeks, ”explains Pavol Čekan, founder of MultiplexDX. “In the process of validation and subsequent registration of the resulting report we cooperate with the non-profit organization CCCT SK. It will be estimated to take about three weeks, ”said Adam Andráško of ProScience Tech. "Virus detection consists of sample collection, RNA isolation and PCR diagnostics itself, with our joint efforts focused on the last step," said Ivan Juráš of Lambda Life. “I believe that the efforts of our scientists will be crowned with success, and we will have enough PCR tests from our own resources as important as coronavirus detection. This will help Slovakia not only in continuous testing, but we will also create a reserve in case there is a shortage of tests in the world, ”notes Robert Mistrík from the permanent crisis staff. The ESET Foundation supported the development of the test and provided funding for the first 100,000 units from the COVID-19 Effective Diagnosis and Prevention Fund. These tests will be offered as a gift to Slovak state institutions. “When creating the Fund, it was important for us to ensure effective mass-scale diagnostics, which can only be achieved through science. Even in such a critical situation, the importance of supporting science in Slovakia, which we have been dedicated to for a long time, thus proves important, ”says Richard Marko, CEO of ESET. Production capacities will primarily be available to diagnostic laboratories in Slovakia after the first 100,000 tests have been used. “We are ready to cooperate with state laboratories, flexibly respond to their needs and supply them efficiently. After meeting the needs of Slovak Laboratories, we can direct our capacities to other countries that would need our products, ”explains the authors of the test.
  3. 5 points
    False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!
  4. 4 points
    itman

    "pyrate", Behavior Blocker Bypass POC

    It's been a slow forum posting weekend and it appears this thread has run its course. We have all had the opportunity to "rant and rave" about Eset Home version protection features we all wished we had and in reality, probably never will have. So it is time to expose this Python POC for what it is - fake ransonware. Err ..... what, you say? The POC encrypted files. Well so does a lot of legit encryption and other apps including user created ones. So lets get into this. A few years back, the NextGen security software vendors were trying "to get traction" against the established AV vendors with their supposed superior behavior detection methods. Corresponding to this was the appearance a proliferation of ransomware "simulators" where one was encouraged to test their existing AV solution with. The most infamous of these was RanSim produced by KnowBe4: https://www.knowbe4.com/ransomware-simulator . I wrote a thread about the methodology used by this product and similar ones here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ . Eset subsequently commented upon Ransim tactics in their own publish article on Eset ransomware protection: https://cdn1.esetstatic.com/ESET/INT/Docs/Others/eset-vs-crypto-ransomware.PDF So let's get into some details on the POC. First, note this from the POC's author posting about it at malwaretips.com: Next is why no vendor on Virus Total detected the POC initially and I believe presently. That one is pretty straightforward. The ransomware portion of the POC never ran. The POC pauses program execution waiting for user input to continue. VT's automated sandbox analysis timed out waiting for input it does not respond to. In summary, I am not 100% ruling out that techniques used in the POC could bypass existing Eset ransomware detection methods. However, a POC must be developed deploying real world ransomware deployment and execution methods with the most important being the program runs uninterrupted and encryption activities performed against all existing files in C:\Users\xxxx\Documents\*, etc. directories.
  5. 4 points
    Aryeh Goretsky

    Rules of the ESET Security Forum

    Welcome to the ESET Security Forum! ESET is pleased to provide you with this resource in order to make it easy for you to ask questions and receive answers about ESET's products and services. Understand that the ESET Security Forum is a private community for existing customers of ESET, prospective customers who are interested in ESET's software, ESET employees and business partners. Because of this focus, it is not like a general public forum, where conversations take place on a variety of non-ESET and non-security related topics. With that in mind, we have the following rules in place: When registering for an account on the forum, please fill out the information accurately and correctly. Do not enter the Username and Password for your licensed ESET software, but instead choose a username (in Latin) unique to this forum. You should also choose a suitably complex password unique to this forum as well. Do not create multiple accounts. If a person is found creating multiple accounts, ESET reserves the right to take whatever actions it deems necessary, including banning, blocking, deleting and/or merging them. The exception to this rule is ESET staff, who may create multiple accounts for testing purposes. No impersonating other forum users, ESET employees or other people. Use appropriate language in the forum. No vulgar, obscene or rude language will be tolerated. No vulgar, obscene or otherwise offensive images or video will be tolerated. ESET staff have the right to move, edit or modify messages that you post. This may be done for clarity, to move a message to more appropriate forum where it will receive more attention, or for other reasons outlined in these rules. All decisions by ESET staff are final, and not open to discussion. This list may be updated at any time. Please periodically visit this page to review any updates. Do not post direct links to any executable files, malicious/suspicious software or web sites in public messages, even if you think the software or site is clean and incorrectly detected by ESET. Break up the URL by inserting spaces into it, or replacing the protocol handler with an obfuscated one, like . Do not attach malicious or suspicious files to messages, even if you think they are clean. Write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post any personally identifiable information (PII) about yourself, such as an email or mailing address or phone number, in a public message. Do not post the username and password or license key for your ESET software in a public message. Do not post links to software cracking tools, license key generators, pirated copies of software or other illicit software in the forum. If you wish to report a site, write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post private correspondence (private messages, email, etc.) publicly within the forum. Do not post "A vs. B" or "Which product is best?" type messages in the forum. Do not post overtly commercial messages in the forum (this includes in your signature). Do not pre-announce releases. Due to differences in scheduling, it may sometimes take several hours after a release has appeared on ESET's web site for the release announcement to appear here in the forum. Do not abuse the forum's rich text controls. Messages and signatures with inappropriate font selection, including size, color and, for signatures, length, may be edited by forum staff to conform to standards of decency. Do not ask other users for logs, especially if they may contain sensitive or other personally identifiable information. Posts made on behalf of a 3rd party company may only be made from accounts registered with an email address from the company's domain (verifiable by ESET staff). Do not use the "Report post" function for other purposes than reporting inappropriate content requiring moderators' attention. Do not report possibly incorrect detections or blocks (false positives) in the forum unless they may affect a lot of users. If you think that your application or website is detected or blocked incorrectly, please report it to ESET as per the instructions at https://support.eset.com/kb141. Be civil, do not post sarcastic, offensive or mocking comments towards any person or entity. Do not post messages that are off-topic, keep the discussion to the point and do not lead it astray. To discuss a different, unrelated issue or question, always create a new topic. If you have any questions or comments, please contact one of ESET's moderators. Last Revised: 5 March 2019.
  6. 3 points
    You are just angry at something that you can't change , all companies do the same , they release an update and then they give the change notes after a while , or go meet Microsoft , they won't tell you what changed. or say hello to Steam I don't represent ESET , and I don't work for them , but a delay of a bit or few hours after being posted in their download page and after that to their forum , it doesn't mean anything bad , they have posted it they didn't hide them , It's just a matter of a little bit of time delaying the upgrade so you can read the notes and after than initiate your upgrade or delay it for next version.
  7. 3 points
    I think this is resolved in just-released ESMC 7.2 where it look like this:
  8. 3 points
    We are currently debugging the issue. Most likely we will be able to address it via an automatic HIPS module update.
  9. 3 points
    Marcos

    IObit Constantly Triggering ESET

    The PUA detection is correct. It's optional. For more information what PUA are, please read https://support.eset.com/en/kb2629-what-is-a-potentially-unwanted-application-or-potentially-unwanted-content. If you think that benefits of using a particular PUA outweigh possible risks, you can exclude the PUA from detection.
  10. 3 points
    Marcos

    License Activation Issue

    ESET NOD32 Antivirus for Linux desktop is a legacy product. Legacy products do not support activation but require a username and password for update.These are not usually included in the license email since current products require only a license key for activation but can be provided by customer care on request. I'm gonna send you a personal message with your U/P momentarily.
  11. 3 points
    ESET has been protecting users worldwide for decades already and have always provided state-of-the-art protection. While it was always our digital worlds that ESET has been protecting, now with the epidemic of the SARS-CoV-2 coronavirus the need to protect also users themselves became inevitable. Besides supporting various scientific and charity events, we are now creating a fund to support effective diagnosis of SARS-CoV-2 coronavirus, giving 300,000 EUR to support the purchase of a diagnostic system capable of analyzing 4000 samples per day. By purchasing ESET's products you can be sure that you also support science and charity. Machine translation: https://translate.google.com/translate?sl=sk&tl=en&u=https%3A%2F%2Fwww.eset.com%2Fsk%2Fo-nas%2Fpress-centrum%2Feset-tlacove-spravy%2Fspolocnost-eset-vytvara-fond-na-podporu-ucinnej-diagnostiky-koronavirusu-sars-cov-2%2F Recognizing the seriousness of the SARS-CoV-2 coronavirus spread, ESET has decided to engage in the fight against the epidemic in Slovakia. The ESET Foundation has therefore set up a COVID-19 Effective Diagnosis and Prevention Fund, to which ESET will contribute EUR 300,000. The amount will be increased later if necessary. The aim of the newly established fund is to provide, in the first phase, the necessary equipment for improving the quality of diagnostics and introducing comprehensive testing in Slovakia. Since its inception, ESET has dedicated itself to the diagnosis of computer viruses and is symbolic to support the diagnosis of biological viruses in this situation. Even at such moments, the importance of science, which can make a significant contribution to solving the situation, has been shown. ESET Foundation supports science and research and is the organizer of the ESET Science Award. “We have set up a fund to support the effective diagnosis and prevention of coronavirus because we believe that only a systematic scientific approach will help us manage this epidemic. At the same time, it is essential that we think ahead today and take steps to relaunch the economy. General and systematic testing of the population will help in returning the employees to the work process and thus also help the Slovak economy, ” explains Richard Marko, CEO of ESET. Through the Fund, ESET will support the purchase of high-performance diagnostic equipment, the development of systems for more efficient online diagnostics, or contribute to the cost of operating or collecting and transporting samples. Public and private medical diagnostic institutions and laboratories operating in Slovakia that are authorized to diagnose this type or to take and transport SARS-CoV-2 related samples may receive financial support. These institutions can contact the ESET Foundation at nadacia[at]eset.sk . The expert guarantor in the evaluation of the use of the fund's resources is the recognized Slovak chemist Robert Mistrík. “After the first discussions, we are considering co-financing the purchase of the Roche cobas 8800 System, or co-financing its operation. This device is able to do real-time RT-PCR tests at lower unit cost and shorter time in automatic mode. It can evaluate up to 4,000 samples in a single day. We will look for a partner to operate this device. Of course, the fund will also be open to other solutions supporting its goal, ” concludes Robert Mistrík, the fund's expert guarantor. More information about the Fund for the Support of Effective Diagnosis and Prevention of COVID-19 can be found at www.nadaciaeset.sk .
  12. 3 points
    Description: Color code failing tasks Detail: The server used to color code the tasks that are failing. I'm running the latest ESMC, and now, that doesn't happen, and I have a hard time figuring out which tasks are failing. Is there a way to color code it again, or where can I see it? All I get is a generic email saying: "At least one client task has invalid configuration and therefore will fail."
  13. 3 points
    The ESET Knowledgebase YouTube Channel celebrates its 10-year anniversary today! https://www.youtube.com/user/ESETKnowledgebase/community Check out the infographic for our lifetime YouTube statistics for the channel. The ESET Knowledgebase channel includes step-by-step video tutorials demonstrating the key processes and features of our ESET products, from ESET NOD32 Antivirus and ESET Internet Security to business products like ESET Security Management Center. In addition, our channel is yet another way for our customers to reach us with feedback and questions. We make every effort to respond to support-related comments and yes, we do take video suggestions!
  14. 3 points
    Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
  15. 3 points
    @AStevens.SHG Hello, Concerning the more options in the reports, some of the changes are going to be introduced, but not all of them. However, we are planning a bigger redesign for the future version, which might make it simpler. Other requests are tracked in the feature backlog (authentication screen changes, AD sync changes, and export of data from "computers screen") and I believe that some of them will be done in the future versions (not in the 7.0, but into the future releases). I can´t comment now about details, as we are still scoping, and setting up the road-map plans. But your votes will be added to already tracked backlog items.
  16. 3 points
    Hello, thank you for the feedback. I have positive news for you - we are continuously improving the ways how reports are built & are adding further filtering options in the soon to be released version. So the filter by action is added in the upcoming version & you are also able to filter out some entries from the "installed applications" report, by choosing condition "is not one of" (screenshots attached).
  17. 3 points
    Nice thread, I have tens of comments to ERA server / functions. ERA is not user friendly in most cases.... I will post something. Description: Dynamic groups rules / tasks Detail: I would like to be able to show all rules/tasks linked to dynamic groups. Or to be able to find where rules are linked. I would love to disable group/rules instead of only delete or edit them to dysfunction it. It is nearly imposible to read ties. Description: task history deletion / filter and so on Detail: I would like to be able to delete (mass delete) task history. I have tens of ASAP task and they are only messing in my log. I would like to be able to see which computers were affected by the single task when pointing to a TARGETS column. Why I have to edit history of the task to see which computer was affected? I would like to click on 1 computer(s) to open the list or show the list. Description: trigers Detail: ASAP. Sometimes ASAP fails and I have no idea why.... Computer was online. I think rule should wait for online status or give me better feedback Description: Failed / Trace message Detail: When I point on the FAILED status I would like to receive more information what happens without opening the HISTORY of the COMPUTER. BTW FAILED ICON should allow me to open history.... Trace message is sometimes to long and I am unable to read whole message. Description: Repository Detail: Choosing ESET version from a repository is not user-friendly. I have to be very careful to chose the right version. Description: Reports Detail: Why I cannot export report Computer name Identifier type Identifier value Adapter IPv4 address Computer nameDevice manufacturerDevice modelOS nameOS versionAdapter IPv4 addressRemoteHost and so on ? When I chose some identifier other identifiers are disabled. Why? I would like to be able to find report using some SEARCH function. Description: ELA Detail: Why I am unable to fully maintain a license that customers gave me under my administration? I am unable to remove computers which are not activated under ERA. I have to open ELA portal using my customer's credentials. Why I can not edit ELA credentials on my ERA server? Description: Upgrade Detail: When I am upgrading EEA using ERA I have to activate them afterward. Why? Product was already activated. Description: Variables in tasks / templates Detail: I would like to have variables in task / dynamic groups. For example I have 4 activation tasks (4licenses). I would like to activate product which is not activated when joining dynamic group based on FOLDER group. When computer from AAA company join the NOT ACTIVATED group, the AAA-ACTIVATE task will be used. When computer from BBB company join the NOT ACTIVATED group, the BBB-ACTIVATE task will be used. Description: Applied policies tree Detail: I would love to see the tree of policies which are applied on a computer and would like to be able to identify which policy rule won the policy over-ride battle. I am not satisfied with list of policies. Description: Threats infection and cleaning Detail: I am not unable to simply perform an action on threats whir where not automatically solved by EEA. For example, I would like to choose threats and click on "DELETE" or "CLEAN" or other things. I am able to mark them only as RESOLVED Description: Sorting / filtering Detail: I can filter columns by STATUs or LAST CONNECTED, but I am unable to do multi filter. For example I would like to sort all computer by WORST FUNCTIONALITY and LAST CONNECTED, because working with offline computer does not make sense. And so on.....
  18. 3 points
    As introduced here (KB News) and here (KB Alerts), I am unpinning those threads and replacing with this one. We now have RSS/email subscriptions for News, Alerts, and Customer Advisories. Information and instructions to subscribe is available here: Subscribe to ESET Knowledgebase Support News, Alerts and Customer Advisories
  19. 2 points
    Hello @itman, the .exe itself is not malicious, it loads the .dll, which is being detected... Peter
  20. 2 points
    SlashRose

    Slow Virus Scan After Update

    I am 100% there with you, I am now disappointed that you make the effort to test the software, report the errors found to the German support and all reported errors in the final, or so-called final, in my eyes nothing more than a very bad beta version is to find again + to find the errors of the previous build again, if this continues with Eset, I will also consider whether I should pay for it and that although I am an absolute Eset I'm a fan and have been using it since NOD v2, I am really very disappointed!
  21. 2 points
    Mobile Security needs some kind of permissions for Anti-Phishing to work properly , have you enabled that?
  22. 2 points
    Hello, this option is already available in ESET Cloud Administrator console. Currently, as agents are updated via "Components upgrade task", which does not differentiate between agents, and other components of the ESMC infrastructure (server / webconsole) this option was disabled. However, in Cloud the server is fully hosted / maintained by ESET, so "one click agent updates" are possible. Please note, that for the future releases we work on "automatic agent upgrades", meaning agents would automatically upgrade themselves to the version compatible / matching with the server.
  23. 2 points
    itman

    Eset Internet Security 13.2.14.0?

    Simple answer here folks is Eset normal channel release updates are region specific. Select countries will see the release prior to other countries. It has always been this way.
  24. 2 points
    Marcos

    ESMC Auto Upgrade

    ESMC is a complex mission-critical product and it's important for administrators that it runs reliably all the time. Upgrade should be performed after backing up the database and at the time when administrators can afford to solve possible issues should something go haywire during upgrade. Likewise administrators do not let server systems upgrade automatically and immediately after the OS maker releases updates not addressing critical vulnerabilities.
  25. 2 points
    SCR

    License Auto Renewal

    Got it, Turns out I had made the change already. My memory just isn't what it used to be. Getting old isn't fun at all, but it beats the alternative. Thanks to both of you for your help.
  26. 2 points
    TomasP

    NO Forum Email Notifications

    Hello, Our service provider is currently having issues with deliverability to certain email domains, yours included; they have raised an issue with their upstream email provider. In the meantime, we apologize for the inconvenience. Tomas
  27. 2 points
    I'm stating two issues here in one topic. First, ESET has two types of installers, one is an online installer and the other is offline. But both are totally misleading. The offline installer is merely a 53 mb file which only installs the product but the all the modules data is downloaded after installing. Then the online installer which should do what the name suggests but it doesn't. All it does is downloads that 53 mb installer and install and of course downloads all the modules data after installing. Why even say it an online installer while it's definitely not! Highly misleading. Literally every AV I ever tried, all of their online installer download the whole product including modules and signatures, etc. ESET is the only exceptional one. Same goes for which is supposed to be ESET's offline installer. Almost all AV who still provides an offline installer installs the full product and only download the required new updates after installing unlike ESET. I don't understand! If you want to give users the option for an offline installer then that should contain every modules, updates till the day of creation and for the online installer it must download everything first then install the product. The second issue is, ESET update downloading speed right after installing is always very slow for me. Most of the time it only use 10-20% of my bandwidth even when there is no other internet activity. I started using ESET when version 12 came out and so far it has always been this way. My internet is already pretty slow so only using 10-20% bandwidth makes the process extremely annoying. Update download speed is always slow I guess but since the daily signature updates are only a few kilobytes, those are not noticeable but the first update is. Why does this happen? Why can't ESET make use of the rest of the free internet bandwidth?
  28. 2 points
    The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script. Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120
  29. 2 points
    Marcos

    Steam update problem

    Yes, it was a false positive created by the mechanism for automatic generation of detections.
  30. 2 points
    Marcos

    Steam update problem

    It should be fixed in the upcoming module update.
  31. 2 points
    Yeah, the problematic driver that we saw in another case with BSOD was from 2016 too. Please uninstall v7.2 in safe mode and install 7.3 after starting Windows in normal mode.
  32. 2 points
    After update to new version it works. Thanks
  33. 2 points
    peteyt

    Windows 20H1

    Updated today to the stable version of build 2004 and haven't seen any issues. Seem to be slowly rolling it out now
  34. 2 points
    Mitchell

    Microsoft Teams issues

    Seems that creating the following rule is sufficient: Name: Allow Teams Helper App: /Applications/Microsoft Teams.app/Contents/Frameworks/Microsoft Teams Helper.app Action: Allow Direction: In Protocol: TCP & UDP Ports: Remote Remote Port: All Destination: Entire internet
  35. 2 points
    Marcos

    Update Error?

    With EDTD, any file potentially carrying malware is submitted for analysis in the cloud where the file will be run. Based on the behavior analysis and evaluation by 3 different machine learning models, the file is then evaluated either as malicious, highly suspicious, suspicious and probably clean. EDTD can be configured to block access to files downloaded by browsers or email clients until a result of EDTD analysis is received. Let's assume a spammed VBA office document with a malicious macro that is not covered by a detection. Without EDTD: A user receives the email and opens the attachment. Since there's no detection for it yet, it will be run. Depending on what it does, further operations may be detected by some of the protection modules (e.g. if it downloads payload from a blocked url, web access protection will block the download). If it dropped payload and ran it, the payload could be detected by Advanced memory scanner, Deep Behavioral Inspection, etc. upon execution. It could also happen that it wouldn't do anything that could be detected by other protection modules. The user would need to wait until the next module (engine) update to get the malicious document detected. With EDTD: The user receives the email. The attachment is sent to EDTD. The user attempts to open the attachment but EDTD blocks the operation (results from analysis have not been received yet). During the analysis the document is evaluated as malicious (e.g. the detection has been added in the meantime, the behavior of the document was suspicious, etc.). Once the analysis has completed, all machines in the organization are informed that the file is malicious and Endpoint on machines acts accordingly, ie. blocks access to the malicious document.
  36. 2 points
    itman

    Egui.exe want connect to 72.21.91.29

    Since you seem concerned about various Eset network outbound connections, here's a list of IP addresses and URL's used by various Eset products and features within: https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall
  37. 2 points
    Ok Live installer it is. Just a synonym but the meaning should be the same. The live installer can still determine the OS and install the full product from online and then install it. Maybe it would be even possible to implement something like multi-threaded download so that the download speed should be fast unlike the in product download speed which is terribly slow for me which is also I mentioned above. Is 85 mb would be the size of the installer for the whole package? I see that ESET currently downloads around 150 mb during the first update. So if the compressed version in an offline installer is only 85 mb then I think that's not big at all. That's probably the smallest I've seen. Even with my not so good internet it would only take over a minute to download that. Even a 150 mb installer shouldn't be considered huge and many other AVs have a lot larger ones. Also like you said, the live installer's job is to download the product without worrying about OS versions, etc so most people are likely to download the live installer anyway so a 85 mb or even a bit larger optional offline installer is fine and seems more appropriate than the current one.
  38. 2 points
    BeanSlappers

    Future changes to ESET web portals

    Have full control over devices connected to the account, like remote updates, remote settings, remote scanning etc.
  39. 2 points
    It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
  40. 2 points
    Thomas Stats

    Introduce yourself

    Hi there I am security expert and blogger. I am working in the IT area for over 10 years. All the gathered experience throughout the years I share with people at reviewedbypro.com. Its a cyber security website that helps people deal with various online threats by providing detailed and insightful reviews to those who are interested.
  41. 2 points
    Description: Merge the More tools menu into the Tools menu Detail: The current Tools menu only includes three less commonly used modules and leaves a huge blank space. However, the most commonly used modules (e.g. Log files) are included in the More tools menu, which needs one more click to enter. Merge the More tools menu into the Tools menu can make full use of the space and reduce unnecessary operations.
  42. 2 points
    It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.
  43. 2 points
    Description: A "Reset to Default" option for different parts of the ERA. Detail: This one has mainly been discovered due to my own fault. There are many things that can be played with within ERA which is great, however I think there are some of us that might play a little too much and then get to a point where we've changed so much of something that it doesn't work or doesn't give you what you want. For areas such as reports and policies, it might be a good idea to have a button that you can click while editing that restores the default values. That way, if you play around too much and feel like you just want it back to how it was before, you have a reset button as a saviour.
  44. 2 points
    Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI. Justification Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine. Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/
  45. 2 points
    That's how it works in ESMC (ERA v7) which is currently in the phase of beta testing and will be released soon.
  46. 2 points
    Chris Todd

    Introduce yourself

    Greetings from Australia. My name is Chris, retired Electronics Engineer. I have been using ESET products for many years and am well satisfied with the protection they give me. I am a bit of a "tinkerer" and have 4 installations Windows 7-32, Windows 8-32 , Windows 10-32 and 64 on the one machine. being able to boot into an old version of Windows for recovery procedures has "saved my bacon" a few time when things went awry or got too scrambled in W10 which I use most of the time. An interesting fact about me ?? Nothing exciting ! I am a traveller, haveing visited over 70 countries on fact finding vacations. I am an AVID chatter using SKYPE and other forums with acquaintances in mainly sanish speaking countries.
  47. 2 points
    Description: Individual firewall rule hit count. Detail: Similar to hardware firewalls, it would be nice to see a hit count, packets matched, kind of information per individual firewall rule in Endpoint protection, also for that information (similar to above requests) to be visible in ERA, and total of the hits across all clients with the same rule. So we can generate reports, this makes it easier to find rules no longer being used and can be removed safely.
  48. 2 points
    I have checked this with the developers, and we are going to change the behavior in V7. If you select "only computers", all of the computers under "DN" will be synced, not only direct parent ones. So it should behave according to your expectations. With regards to the "users", what is the usecase for you? For what do you use the? Do you manually create linking between users & devices, or use the user variables in policies for Endpoint or MDM?
  49. 2 points
    Description: More information in system cleaner Detail: I have mentioned this previously. System cleaner is the new tool in version 11 that alerts you to system settings that have been changed from default the idea being that they could have been changed by malware. The issue is they give no information on the actual setting just the type of setting. I tested this feature by clicking to change settings hoping I would be shown the changes and able to make a decision. What would make more sense is having a way to see the actual changes and a way to ignore certain changes that the user wants to keep. Many people change things themselves e.g Windows tweakers and this feature could cause issues if they change things without realising. This could always be a more advanced option disabled by default. If this cannot happen at least have a lot for this feature so that advanced users can see the changes made. If eset is changing a Windows option it shouldn't be too hard to log the change somewhere. Also an undo feature might be handy as when I tried it out hoping i would be given options eset just changed them and with no lot I have no idea what got changed
  50. 2 points
    Description: Eset sysrescue linux based. Detail: I feel that Eset should offer a linux based sysrescue as well as the windows one. some malware does not allow windows discs to boot properly and this would solve the issue. Linux based rescue discs can offer wireless updating as well as Ethernet which would be good for laptops.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...