Leaderboard

There will be a fix for the issue in both Endpoint and ESET NOD32 for Linux desktop according to the latest news.

As I wrote, there will be a hotfix of ESET NOD32 for Linux desktop that will address the issue.

False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!

The current up-to-date version for desktop edition is the v4 Endpoint edition v7 is running as BETA currently , once it goes stable I believe they will start looking at building the v7 for desktop. The fix that Marcos talked about would be probably a small fix (hotfix) that will solve the issue with browsers and that's it , not a major upgrade.

Hi, You should create a full chain certificate which contains SSL cert, intermediate, root and private key. - Download XCA and install it. - Download OpenSSL and install it. 1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it: -----BEGIN CERTIFICATE----- (Your Primary SSL certificate from C:\temp\your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate part from C:\temp\TheTrustedRoot.crt) -----END CERTIFICATE----- 2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it! 2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside C:\temp\server.pemkey 3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform: cd C:\OpenSSL-Win32 openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx 4.) Your PFX file is now ready to be used.

You have a rootkit there. Either boot from a clean medium (e.g. ESET SysRescue) and run a full disk scan, or do the following: - start Windows in safe mode - move C:\Windows\System32\Ms96FB23EEApp.dll to another folder, e.g. to c:\eset - start Windows in normal mode - run a full disk scan.

In fact, I provided a proof that on Windows 10 ESET detected and blocked execution of the ransomware and protected the user where the other "free" AV failed. If you have a proof that ESET doesn't protect users well, please provide a proof and support it with logs and other necessary stuff.

The higher a circle is on the Y axis, the more machines in your LAN have particular files. The further a circle is on the X axis, the more ESET users have the file (ie. the more popular it is worldwide). The bigger a circle is, the more such files you have. To illustrate it on a concrete example: The red-marked circle means that you have quite many files that exist only on 1 computer in your LAN but are quite popular among ESET users since the LG popularity is 7 (1-10 mil. of users):

Ekrn.exe is the crucial process responsible for protection. It starts with Windows as early as possible.

I have long argued that what is need is a "professional" version of Eset consumer products. For example, the above mentioned EES 7.2 aggressive option could be one feature provided. Another I would like to see is more aggressive reputational scanning options such as the ability to alert/block unknown non-system processes and the like. Etc., etc.. To date, this has fallen "on deaf" Eset ears.

@TheMartin Thanks for the feedback / suggestion. I will contact our documentation team, and ask them to prepare the tutorial (video / documentation) with the topic "how to update my ESET environment on the latest version in the simplest way". I agree, it would be a helpful content, which should be more actively promoted in documentation and KB.

Well surely this is not a direct solution to your problem but don't use uTorrent, use open source, ad free alternative Qbittorrent: https://www.qbittorrent.org/

It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.

Description: Prevent sleep during scan. Detail: Windows can put the computer to sleep before the scan is finished. That is very annoying. There should be an option to prevent that from happening. Oops, it's a coincidence that @zeromido asked someting similar here right above. Before I started typing, I first searched the forum for "scan prevent sleep".

Hi there I am security expert and blogger. I am working in the IT area for over 10 years. All the gathered experience throughout the years I share with people at reviewedbypro.com. Its a cyber security website that helps people deal with various online threats by providing detailed and insightful reviews to those who are interested.

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/ Ref.: https://support.eset.com/en/ransomware-shield-bypass-mitigations

Each distributor provides technical support for local customers and contacts ESET HQ in cases when deeper investigation is needed. After contacting customer care, you should receive a confirmation email with a ticket ID. If you didn't receive any, check the spam or junk folder. You can also try contacting customer care via the web form that is available through the wizard https://www.eset.com/uk/customer-care-wizard/.

First of all, installing an antivirus without taking other measures, such as keeping the OS fully up to date and patched, avoiding opening suspicious email attachments, clicking suspicious links or keeping RDP enabled without restrictions is not enough. Moreover, no security solution can ever protect from 100% of threats. Not sure what happened, if your files were encrypted by ransomware or what you actually paid for. Technical support is provided to our users for free. Also without any further logs, proof and information what actually happened it's unfair to blame ESET.

Hello guys, I opened a ticket with the dev team to check the logs provided by @Camilo Diaz In case you have the logs (as described by Marcos), or are willing to record them feel free to provide me with them so I can have them checked... Regards, Peter

Hello, What you have to do is to configure the proxy for both the agent, and the mac security product. In case the macs are showing not correct "last connected time" it would mean that they are not able to connect to the server at all, which is the thing you should troubleshoot. To confirm this, please check the status.html of one of the mac agents. Also, what makes me confused is, that you mix topic of proxy and mirror. When you refer to mirror, do you mean actual offline generated mirror by mirror tool, or you utilize the proxy caching function. In this case, you just need to configure both agent / endpoint to communicate via proxy, and they should get the updates from there automatically. Please note, that in ESMC 7.1 you can configure proxy details for the agent live installer, and also choose a policy that will be applied to the machine. @Marcos can you please move this to "ERA" portion of the forum?

That's a huge number so a dedicate machine with http proxy will likely be necessary. ESET Dynamic Threat Defense runs files potentially carrying malware in a sandboxed EDTD cloud environment. It leverages multi-stage analysis, where it combines advanced detection techniques with behavioral analysis and machine learning. Scan results are shared among all computers in an organization. In combination with Mail Security products, EDTD allows for delaying email delivery until a result of scan is received and only then clean email is passed to mailboxes. EDTD substantially improves protection from malware spreading in Office documents for instance. As of Endpoint 7.2, it's possible to block execution of files downloaded via email clients and browsers until the scan result from EDTD is received. If you are interested in trying out ESET Dynamic Threat Defense, please contact your local ESET distributor or drop me a message. Another product for enterprise users that we offer is our EDR solution ESET Enterprise Inspector which provides you with insight into what's going on in your network. With more than 200 pre-defined rules you get a good overview of possible security incidents that you can subsequently respond to or track them back to the source.

I just install ese internet security 2020.after that i cannot access to some websites

I assume the problem is you have "Restrict URL addresses" enabled. According to the help: To only allow access to URLs listed in the Allowed URL list, select Restrict URL addresses.

It is unclear what you want to do. Refer to this Eset knowledgebase article for options available when the potentially unwanted application alert appears: https://support.eset.com/en/what-is-a-potentially-unwanted-application-or-potentially-unwanted-content

Gaming mode could be easier to activate, some time on the past it was present on the context menu on system tray icon. I would really like to have it back there, at lest a option to do it faster. Also, could implement a way of customizing the context menu with what you actually use. Also, could implement a black/dark theme to the UI. I've been using it for so long, I actually love the Smart Security Premium, but, this little things, sometimes are really boring to set up every single time you want to play a game. -I thought, there could be a "White List" where you put the programs you'd like, and then Eset's SSP auto enter "Gaming Mode" when it detects the process running.

Hi, I'm unable to access stormfront.org from any of my PCs with EIS installed. I'm getting the following message in any browser: This doesn't happen on other PCs NOT running ESET products. Can someone from ESET fix this please? Alternatively can i whitelist this site in ESET settings? Oh and before anyone asks why I need to visit this site, I work/report for Hope Not Hate Cheers

WTF

I upgraded my Windows 10 laptop to v13 of ESET Internet Security yesterday. It now repeatedly displays a warning that the anti-theft component is not optimized as the phantom account is missing. The account is present (the default "work") and has been present for several years. I ran the anti-theft web site option to create the account but it made no difference. I manually deleted the "work" account on the laptop and also deleted it from the anti-theft web site, then ran the option to create it again. Although the web site said the account had been created there was no "work" account on the laptop. The laptop is fully up to date with all Windows 10 updates including the cumulative updates to v1903 and the .NET framework released this week The anti-theft component worked fine with ESET v12 I've disabled the anti-theft for this device until this issue is resolved.

You should not log into the phantom account or it will be reported to you as a suspicious operation in the Anti-Theft portal.

My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html Technically ESMC + Webconsole (tomcat) are listening on following ports: 2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices 2223: port is used for (my recommendation is to not open this port from outside of server) for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario. 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it. Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP).

Thank you, however, logs are not needed any more since. The issue was already analyzed and the only solution turned out to be to add utorrent.exe or bittorent.exe to performance exclusions or use an alternate client.

Where did you purchase the license? It was issued in India and was canceled, it was highly overused. We strongly recommend purchasing a license only from authorized sellers.

Thanks Michal, I guess what would be nice at this point is a simple tutorial how to keep the agent and security product up to date on a group of systems. So I have a server group I deal with manually, but for workstations I just tick the "do not reboot if required" box and let the user reboot when they see the message. I'd just like to automate for all of them. I have found the "outdated applications" panel so I've been using that for the week, which I guess is the simplest method at this point. Looking forward to micro PCU and auto agent updates in the future.

That's correct. I thought you would like to prevent existing clients who already reported to the ESMC server from connecting to it for certain time.

Thank you @Peter Randziak, This is helpful, I'm not sure how I missed that when I was searching the site... Now I just need to figure out how to deploy the plist using our MDM provider. Update: Turns out just need to copy and paste the plist code to a custom settings profile.

Seems to be working ok atm for me. Several reboots and device relocation and still marked as optimized with no warning messages

I think it's been fixed. A small product update got installed a few days ago without having to reboot. On three of my computers, I had to delete the disabled Windows anti-theft account, reboot, go into the anti-theft web interface and create the Windows anti-theft account again (using the same account name as prior). It's been two days and no problem with anti-theft since.

I see.Thanks.

Probably you mean AppEsteem, however, as I said each vendor applies their own criteria. The fact that vendor A adds or removes a particular PUA detection doesn't mean that ESET must necessarily follow their decision.

Yes. I got rid of utorrent and installed qbittorrent and the problem went away

I was having the same issue on a Pixel 2 after the Android 10 update. Permissions were set to Always. Disconnect/reconnect to home WiFi fixed the error. Thanx.

When esets_proxy is heavily utilizing the CPU, select esets_proxy on the CPU tab in Activity Monitor. From the menu choose Sample process and Save as. Please provide the file along with ESET Log Collector logs to customer care. You can also upload the files here.

Would be very cool if Eset offered just the firewall alone, most other features are useless for me. I know you can disable components. To many settings to go through, although I like all the settings. Please, just the firewall. 🙂

Description: ESET Sandbox + ESET Auto SandBox Details ; I Want add ESET sandBox + ESET auto SandBox like avast sandbox + auto sandbox The avast! Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. Programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files. This feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab.

Description: A Manage application section like Kaspersky or an Application network rules section like Kaspersky or maybe both. Details: Currently there is no way to know which programs I ran on my PC that was trusted by Eset or not. By having an Application manager it would make really easy give a detailed representation. Eset already kind of has this but that's for running processes only but not for all the products and also this window just shows information but I can't interact with it like it's possible in Kaspersky. And for Firewall, it's possible to add rules for specific programs of course but it would be better if there was list of all applications to show what is set to allowed by Eset and what not. This should be interactive too so if a user want to deny let's say "Cleaner" internet connection then the he/she would select Ccleaner from the list and deny it internet access instead of the current situation where user need to manually browser the program to block it in Firewall. The current implementation should always be there of course but my proposed interface would make everything much easier. Also a program can have multiple files that access to the internet. From this list it would be much easier to find that out. So, overall user experience would improve a lot. To have a closer look you may try installing Kaspersky to understand how this two mode works on their product. I don't want Eset to have the exact same to same that Kaspersky has but the basic idea should be the same. I love Eset because it's great product and super lite. But I want Eset to have these features. I'm sure it's not just me but everybody would appreciate it and it will make the product even better. Examples:

A nice addition to the Forum...hopefully folks will take the time to read it.

Another nice feature for the firewall component that would help a lot with maintaining the firewall rules: Description: Firewall rules cleanup of unnecessary / invalid entries Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.

Description: Enable right-click and double-click in ERA Detail: ERA is one of the most easy-to-use management services I have used. However i believe that to make it more ergonomical there should be a functionality that lets users double-click on something. For example, when wanting to generate a report you first have to click on the report, then go down to the "GENERATE NOW" button and click that. I feel like adding the ability to open reports and other things with a simple double-click action would improve accessibility. The right-click I admit is quite an odd suggestion seeing as if you click on a field once it brings up a menu etc, however, again for things like editing reports, you first have to click the report, then click on the little cog icon over to the far right, and then click on edit. Would it not be easier just to be able to right click the report and choose edit? A very pedantic suggestion I know...

Welcome to the ESET Security Forum! ESET is pleased to provide you with this resource in order to make it easy for you to ask questions and receive answers about ESET's products and services. Understand that the ESET Security Forum is a private community for existing customers of ESET, prospective customers who are interested in ESET's software, ESET employees and business partners. Because of this focus, it is not like a general public forum, where conversations take place on a variety of non-ESET and non-security related topics. With that in mind, we have the following rules in place: When registering for an account on the forum, please fill out the information accurately and correctly. Do not enter the Username and Password for your licensed ESET software, but instead choose a username (in Latin) unique to this forum. You should also choose a suitably complex password unique to this forum as well. Do not create multiple accounts. If a person is found creating multiple accounts, ESET reserves the right to take whatever actions it deems necessary, including banning, blocking, deleting and/or merging them. The exception to this rule is ESET staff, who may create multiple accounts for testing purposes. No impersonating other forum users, ESET employees or other people. Use appropriate language in the forum. No vulgar, obscene or rude language will be tolerated. No vulgar, obscene or otherwise offensive images or video will be tolerated. ESET staff have the right to move, edit or modify messages that you post. This may be done for clarity, to move a message to more appropriate forum where it will receive more attention, or for other reasons outlined in these rules. All decisions by ESET staff are final, and not open to discussion. This list may be updated at any time. Please periodically visit this page to review any updates. Do not post direct links to any executable files, malicious/suspicious software or web sites in public messages, even if you think the software or site is clean and incorrectly detected by ESET. Break up the URL by inserting spaces into it, or replacing the protocol handler with an obfuscated one, like . Do not attach malicious or suspicious files to messages, even if you think they are clean. Write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post any personally identifiable information (PII) about yourself, such as an email or mailing address or phone number, in a public message. Do not post the username and password or license key for your ESET software in a public message. Do not post links to software cracking tools, license key generators, pirated copies of software or other illicit software in the forum. If you wish to report a site, write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post private correspondence (private messages, email, etc.) publicly within the forum. Do not post "A vs. B" or "Which product is best?" type messages in the forum. Do not post overtly commercial messages in the forum (this includes in your signature). Do not pre-announce releases. Due to differences in scheduling, it may sometimes take several hours after a release has appeared on ESET's web site for the release announcement to appear here in the forum. Do not abuse the forum's rich text controls. Messages and signatures with inappropriate font selection, including size, color and, for signatures, length, may be edited by forum staff to conform to standards of decency. Do not ask other users for logs, especially if they may contain sensitive or other personally identifiable information. Posts made on behalf of a 3rd party company may only be made from accounts registered with an email address from the company's domain (verifiable by ESET staff). Do not use the "Report post" function for other purposes than reporting inappropriate content requiring moderators' attention. Do not report possibly incorrect detections or blocks (false positives) in the forum unless they may affect a lot of users. If you think that your application or website is detected or blocked incorrectly, please report it to ESET as per the instructions at https://support.eset.com/kb141. Be civil, do not post sarcastic, offensive or mocking comments towards any person or entity. Do not post messages that are off-topic, keep the discussion to the point and do not lead it astray. To discuss a different, unrelated issue or question, always create a new topic. If you have any questions or comments, please contact one of ESET's moderators. Last Revised: 5 March 2019.