Jump to content

Leaderboard

Popular Content

Showing content with the most kudos since 09/15/2021 in Posts

  1. itman

    Eset Update Hang on ver. 14.2.24

    Next time this updating issue occurs, use a network connections monitor to ensure ekrn.exe has a solid connection to port 8883. You can use Eset's Network Connections tool or TCPView. I prefer TCPView since it will show if there are sync issues with the connection to port 8883, ekrn.exe is trying to establish. Eset uses port 8883 with fallback to port 443 for Push Notifications. If there are issues with getting that connection, it will cause this bork Eset updating behavior some are experiencing.
    2 points
  2. Kind of ridiculous putting all the work on the end user.
    2 points
  3. As per the subject, once Detection engine 23963 is downloaded all links to O365 Safelinks are block Had to add *.safelinks.protection.outlook.com to the allowed websites
    2 points
  4. Marcos

    Detections Actions Error

    The issue is caused by an older version of the Translation support module. On Monday we should start with upgrade, however, it will require a restart of the ESET PROTECT Cloud instance.
    2 points
  5. Yes, EsetPerf.etl can be huge; it can grow to gigabytes in minutes, hence we recommend keeping the logging enabled only for a short time. You can compress the file, upload it to a storage location and pm me a download link, we'll see if there's something interesting, such as a high CPU load logged.
    1 point
  6. Thanks! Standing by
    1 point
  7. Hello. I see that ESET Endpoint Security v8.1.2037.2 was released. Are there plans to release v8.2 of Endpoint Security soon? I just don't want to start upgrading my clients to v8.1.2037.2 only to have v8.2 come out a week later as what happened in the post below when v8.0.2039 came out and a week later v8.1.2031 was released. I know v8.0.2039 was a hotfix and v8.1.2031 was a feature update, so I wanted to make sure there wasn't a feature update planned to be released soon. Thanks!
    1 point
  8. 1 point
  9. Hello, recommended approach would be to use the dashboard / reporting functionality for it. You can navigate to the tab "ESET applications", where you can see which are outdated and even list count of all outdated versions. Then you can initiate upgrade by "one click" from there, for a particular version, you seek to upgrade to a newest version.
    1 point
  10. What are you talking about I totally agree, you are correct in your opinion this away from the users. I am finding that ANTIVIRUS ESET does not have TELEMETRY to identify all these problems. The worst thing is that the updates of the product problem fixes take a long time to get out to the END user, that's because we pay dearly for the product, so much so that competitors like KASPERSKY products are very cheap and have several promotions and even more has FREE antivirus. I am finding that ESET is unable to work faster.
    1 point
  11. itman

    Borked HIPS

    By default, Eset network Profile selection is "use Windows settings." As I previously posted, Win 10 firewall default network Profile setting is Public. Therefore if using default settings on both, Eset's Network profile would always be set to Public. -EDIT- Some additional detail here. Win 10 firewall defaults to the Public profile for a reason. It auto disables Network Discovery. The way you're supposed to securely do file sharing on a Win 10 device is to right mouse click on the file to be shared on the network and select the "Give Access" option. This also brings up why Eset has the "Home or Office networking" profile option in the first place since it in effect, overrides Win 10 built-in network security. The most damning aspect of the Home or Office networking Eset profile is it enables NetBIOS access by default.
    1 point
  12. The web serve is misconfigured; OCSP Must-Staple is enabled, however, no OCSP response is received. https://www.ssllabs.com/ssltest/analyze.html?d=energy-forecast.n-side.com OCSP Must Staple Supported, OCSP response not stapled
    1 point
  13. SlashRose

    Borked HIPS

    This error has been around for quite a while, namely since the Windows 10 May Update. I find it really, very strange that the Eset developers/coders do not notice this and this error is taken over by Eset from build to build, as well as other bugs and all this moved me to stop constantly sending logs etc. and not to engage me so much anymore,
    1 point
  14. Tip - if you delete your credit card info in your US eStore account, there is no way for Eset to perform an auto-renewal.
    1 point
  15. itman

    Borked HIPS

    It's a new day. I have discovered a new networking feature, And of course, Eset networking support borked it! The new and important find is if you are using an IPv6 only network which is the case for my ISP, AT&T Unverse, and using third party IPv6 DNS servers, you should be using DNS servers that fully support DNS64. Again, DNS64 is used to convert IPv4 addresses to IPv6 addresses in a 4-6-4 tunnel on the ISP network. The new find is Cloudflare has such dedicated servers. You can read about this here: https://developers.cloudflare.com/1.1.1.1/ipv6-networks . Great! Set my network connection to those IPv6 addresses and modified Eset's connected network setting likewise. Now for the Eset bork of this capability. The first thing I noticed was it appeared Eset was having trouble establishing a connection on port 8888 likewise on port 443 which is what Push Notifications falls back to. Sure enough, after a half hour Eset displayed the dreaded could not establish a connection to its Push Notifications server. So what is the friggin problem? Eset Push Notifications uses the MQTT protocol designed to create machine-to-machine; i.e. tunnel, connections to IoT devices. It appears this protocol is not compatible with DNS64 which makes sense if you think about it. So once again Eset implements something without thoroughly testing its compatibility with established networking features. @MarcosEset needs to be sending Push Notification traffic via IPv6 to resolve this issue. Assume Eset will have to provide a GUI setting option to receive Push Notifications via IPv6 or IPv4 connection. Or better, if Eset sees an IPv6 connection is established, prefer that over IPv4 for Push Notifications communication.
    1 point
  16. peteyt

    Borked HIPS

    This sounds like the same issue I had, which I added to the posts on here I had noticed the updates generally had been quicker as of lately, and didn't notice much system issue. However while this update occurred, the PC was very sluggish, with Google Chrome for example taking a while just to open, and browsing seemed very slow, like Eset was causing it to be slow. However I did download a test download from https://www.thinkbroadband.com/download, using the 512MB one which was a lot bigger than Eset's update. I was able to download that in about a 1-2 minutes while as Eset took well over half an hour and even crashed at the end and had to restart. The thing is I can't remember any update issues before the updates where designed to use less resources. I don't know if this feature is any good because if anything it seems to be causing more resource issues/slowdowns, like everything is waiting for Eset to finish
    1 point
  17. To begin, dismhost.exe running from the user temp folder is OK. I monitor dism.exe execution via Eset HIPS and the only thing that starts it on my Win 10 20H2 installation is cleanmgr.exe running from a Microsoft set up scheduled task. The above said, PowerShell usage is "baked into" Windows and is used internally for many OS functions. As such, it is entirely possible Windows internally is initiating the above activity you posted. As I posted previously, I monitor all Powershell.exe startup via Eset HIPS. I also monitor my Windows Powershell event logs and I have multiple daily event log entries showing PowerShell running to perform required system maintenance activities. Also, I have never once received an alert from my Eset HIPS Powershell start up rule in regards to this activity. So however Windows is running Powershell in the background, the Eset HIPS doesn't detect this activity. Bottom line is I have seen enough to state that the recommended Eset HIPS rule to monitor child process startup from Powershell wasn't thoroughly tested and should not be used.
    1 point
  18. Marcos

    Infection

    A typical infection vector is RDP nowadays. If attackers managed to log into your system with administrator permissions, they could disable or remove ESET and run malware, typically ransomware. In case of an incident you should avoid formatting the hard disk in case you want to investigate the issue and possibly restore encrypted files. Without proper investigation, changing AVs will not make your system safer if you do not secure the attack vector.
    1 point
  19. New_Style_xd

    Borked HIPS

    What is making me worried is the image below, with updated information on the tested products. NOTE: ESET has low detection compared to weaker products. what is happening with personal ESET? Real-World Protection Test July-August 2021 - Factsheet (av-comparatives.org)
    1 point
  20. itman

    Borked HIPS

    What I am observing is there is a bigger issue. Appears Eset is not properly initializing coming out of Win 10 fast startup mode. I am having issues with Eset Network Protection; namely Network Inspection not working properly.
    1 point
  21. The agent log states that the remote server is localhost so it attempts to connect to the ESET PROTECT server on the same machine. Try re-installing the agent and specify a correct IP address of the server.
    1 point
  22. Hello, Just to follow up since I've been out of the office, CVE-2021-40444 is currently detected as DOC/TrojanDownloader.Agent.DIC and DOC/TrojanDownloader.Agent.DHY. For more information, please see ESET Knowledgebase Article # 8122, Does ESET protect me from the Microsoft Windows remote code execution vulnerability CVE-2021-40444? Regards, Aryeh Goretsky
    1 point
  23. That is disappointing. This problem has been known for so such a long time, and a fix has been promised (and not working) also for a long time. I'm not interested in deploying an 'only briefly tested' version to hundreds of customers computers. Will the dll fix be able to be deployed by ESET Protect? Will this affect future 'uPCU' updates? Whatever happened to automatic program updates by the way? This feature has been in policy for a long time and also has never worked. Wasn't this supposed to be fixed in version 8.0?
    1 point
  24. Try something like this: <?xml version="1.0" encoding="utf-8"?> <rule> <definition> <operations> <operation type="WriteFile"> <operator type="or"> <condition component="FileItem" property="Path" condition="starts" value="%APPDATA%\microsoft\windows\themes\cachedfiles\" /> <condition component="FileItem" property="FullPath" condition="is" value="%APPDATA%\microsoft\windows\themes\transcodedwallpaper" /> </operator> </operation> <operation type="RegSetValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> <operation type="RegDeleteValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> </operations> </definition> <description> <name>Wallpaper was altered</name> <explanation> The wallpaper was altered </explanation> <category> Default </category> </description> </rule>
    1 point
  25. Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.
    1 point
  26. My problem is that when I run the radeon software program, when I want to enter the games tab where you load your profiles for the game, the following address is blocked: hxxp://amd.systemrequirementslab.com/ and the eset window appears announcing that the website was blocked I was curious, I entered the page from my browser and when I entered that page, I ignored the warning from this and when I entered I found a page that said the following: "Welcome to nginx! If you see this page, the nginx web server is correctly installed and working. Additional configuration is required. For online documentation and support, please refer to nginx.org. Commercial support is available at nginx.com. Thank you for using nginx." I really don't know what that message means, it says I'm installing a web server? I really don't understand, I never gave permission for anything to be installed, but researching, I saw that nginx could be a virus and that it could infect my computer, I'm really worried that now I literally don't know if my computer has a virus or not, I should be worried, what should I do? It's also clear that I will never give permission to the program to enter those pages, which are said to be malicious. I'd be very grateful if you could take away the doubts I have.
    1 point
  27. Time;URL;Status;Application;User;IP address;SHA1 12/11/2019 12:47:29 AM;hxxp://www.systemrequirementslab.com/services/systeminfo/28CA06ED-AC00-7A31-F22A-63396FD2A4F3/1232 Is this a legitimate site and if not why is AMD trying to access it?
    1 point
  28. Update: It works for local files:
    1 point
  29. Hello, I try to check the ICAP function but I can't find any documentation about the configuration of ICAP in EFSL. I install squid proxy server, configure the connection to ICAP: icap_enable on icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344 adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344 adaptation_access service_resp allow all But I get an error when I try to open any website: Squid is connected to ICAP:
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...