Jump to content

Leaderboard

Popular Content

Showing content with the most kudos since 08/26/2021 in all areas

  1. Marcos

    Detections Actions Error

    The issue is caused by an older version of the Translation support module. On Monday we should start with upgrade, however, it will require a restart of the ESET PROTECT Cloud instance.
    4 points
  2. The bug is just visual and should not have any noticeable effect on memory consumption. Will be fixed in v15.
    3 points
  3. First, verify your credit card data has been deleted from both your Eset eStore account and your myEset.com account. When I likewise did my Eset license renewal via EIS GUI option, it set up a myEset.com account w/o my permission and set it to auto renewal! Also stored in that myEset account is the credit card number used for the purchase. Given all the security issues with myEset.com accounts being hacked, I also deleted the myEset.com account. I for one have had it with Eset's overly aggressive license renewal/management crap. It's just "one more nail added to the Eset coffin" in regards to terminating the future use of this product.
    2 points
  4. I'm not angry about you reporting it. Quite the contrary, we are happy if you report us possible malicious samples or urls. I just wanted you to point in the right direction, ie. to report stuff directly to samples[at]eset.com according to the KB if you want the submission to receive better attention. Also I wanted to point out that even if a particular website is not blocked (ie. it may be a completely legitimate one with just somebody posting links to cracks), the point is to detect possible threat in the end no matter how it is achieved, ie. by blocking access to the malicious website or by detecting the malware upon download or execution at latest.
    2 points
  5. itman

    Borked HIPS

    Well, there was one last thing I had to perform to get the router, Win 10, and Eset networking to play together nicely. I have long suspected that Win 10 Smart multiple-homed DNS name resolution was the source of most of my network issues. This was further amplified by Eset networking initialization. But since this feature was using my ISP DNS servers combined with the way the router establishes Win 10 network connectivity, I could never definitively nail it down. You can read about what Win 10 Smart multiple-homed DNS name resolution does here: https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/ . The gist of the what is does is: What I have been observing after my Win 10 networking "from hell" reconfiguration activities described previously is at Win 10 fast startup and/or startup from sleep mode predominately is multiple connections to IPv4 address 1.1.1 to port domain. Err what? Port domain turns out to be port 53 and of course, 1.1.1.1 is Cloudflare's IPv4 DNS address. First, I have never ever seen these domain connections before. Next is I shouldn't be using Cloudflare's IPv4 DNS server on an IPv6 network. Bottom line is here is a graphic example of my Win 10 network connection being borked by Smart multiple-homed DNS name resolution processing. As far as what this did to Eset's network connectivity processing can best described as a double-whammy bork from the deepest depths of networking hell. Anyway, I have disabled Win 10 Smart multiple-homed DNS name resolution and finally, all is well networking-wise.
    2 points
  6. itman

    Eset Update Hang on ver. 14.2.24

    Next time this updating issue occurs, use a network connections monitor to ensure ekrn.exe has a solid connection to port 8883. You can use Eset's Network Connections tool or TCPView. I prefer TCPView since it will show if there are sync issues with the connection to port 8883, ekrn.exe is trying to establish. Eset uses port 8883 with fallback to port 443 for Push Notifications. If there are issues with getting that connection, it will cause this bork Eset updating behavior some are experiencing.
    2 points
  7. Kind of ridiculous putting all the work on the end user.
    2 points
  8. As per the subject, once Detection engine 23963 is downloaded all links to O365 Safelinks are block Had to add *.safelinks.protection.outlook.com to the allowed websites
    2 points
  9. A problem in gui requires compilation of a brand new version, thorough QA testing of all languages (about 40), releasing the installers on the web and slowly releasing upgrade to the new version via uPCU. This kind of issues cannot be fixed via module updates but requires a new version of the product.
    2 points
  10. Appears there are multiple causes involved here. The ones mentioned are: 1. Windows update cache issues. 2. Eset update cache issues. 3. You name it ........... Eset needs to provide built-in diagnostic capability for problems like this and other issues. Think along the line of Windows 10 "Fix-It" wizards. I for one am tired of the constant requests for Eset logs to diagnose product issues.
    2 points
  11. Marcos

    Detections Actions Error

    Please raise a support ticket with your ESET UK. It's probably caused by the update of the Translation support module yesterday, however, I don't have this problem myself so there must be also something else that triggers the issue.
    2 points
  12. Since malware often disguise as a crack, keygen, etc. you should avoid using them regardless of whether it's for antivirus or another application.
    2 points
  13. As I posted in another thread on this issue after I deleted the Win 10 update cache, I have had no further issues with Eset detection updates. I had one delay of 5 mins. at boot time and that's it.
    2 points
  14. Karen2

    Stuck Eset Product Update

    A while back I recall seeing an answer to the problem of continually spinning ESET icon showing update in progress when it isn't. The solution that worked for me was: Open ESET>Setup>Advanced Setup (lower right corner)>Update>Under Basic - clear the update cache>click OK>Restart your computer and all should be well. Hopefullly!
    2 points
  15. I'm split. I wouldn't mind if Eset introduced it but there's the debate if AVs should basically focus on being AVs and leave the other stuff to other users.
    2 points
  16. I'm going to type this post again. I have the worst luck with this forum! I hit backspace to correct a typo in my post and Firefox went to the previous page I had visited, and I lost my entire post!!!! This has happened so many times on this forum! I have over 5000 post on Wilders and it has never happened on Wilders. The most annoying thing! I think i'm jinxed on this forum. The user should be given the option to opt out of auto-renewal when they purchase a license and it should be easy to see. Also, it is confusing on where to go to opt out of auto-renewal once you have been enrolled. I thought myeset.com would be the place to opt out since that is the site for managing License and Devices. I wasted a lot of time looking for an option to opt out of auto-renewal on myeset.com. I finally found the option to opt out of auto-renewal on store.eset.com. It only gave me the option to opt out for the license I had just purchased. My old license still reported that it was set up for auto-renewal within the Eset Application. I never was able to find any option on either website to disable auto-renewal for my old license. Please read my last response to itman above for more information and one possible solution for this problem. That will save me from having to type everything again.
    1 point
  17. itman

    Borked HIPS

    Well, it didn't take AT&T long to detect my Cloudflare IPv6 DNS server usage and start interfering with that. So I am now back to using their auto assigned DNS servers and Eset's networking resultant borking of those connections. But I have finally confirmed the Eset culprit. It is the Network Inspection feature. Disabling that not only solved the auto IPv6 configuration by my router problems but most importantly, the totally spastic Eset firewall behavior upon resume from sleep mode. I also question the use of Network Inspection processing when the Public profile is deployed. Its applicable Eset firewall rules only allow Trusted network device communication. When using the Public profile, no local network devices are trusted.
    1 point
  18. If it was a memory leak, wait until ekrn consumes more than 500 MB and then generate a dump of ekrn for perusal. If the memory consumption is below 200 MB there's nothing to be concerned about. Also there's basically anything that you could do to decrease the memory usage than reboot the machine. However, as time goes the memory usage may go up and down as objects are being scanned.
    1 point
  19. 1 point
  20. US support strikes again! Totally useless!!
    1 point
  21. But in the case of updating the end user is only half the equation. The company should be logging updates as well and trying to find a solution. Turning users into trouble shooters is not the answer. All this constant drone to submit logs is driving users away.
    1 point
  22. itman

    Borked HIPS

    By default, Eset network Profile selection is "use Windows settings." As I previously posted, Win 10 firewall default network Profile setting is Public. Therefore if using default settings on both, Eset's Network profile would always be set to Public. -EDIT- Some additional detail here. Win 10 firewall defaults to the Public profile for a reason. It auto disables Network Discovery. The way you're supposed to securely do file sharing on a Win 10 device is to right mouse click on the file to be shared on the network and select the "Give Access" option. This also brings up why Eset has the "Home or Office networking" profile option in the first place since it in effect, overrides Win 10 built-in network security. The most damning aspect of the Home or Office networking Eset profile is it enables NetBIOS access by default.
    1 point
  23. itman

    Borked HIPS

    It's a new day. I have discovered a new networking feature, And of course, Eset networking support borked it! The new and important find is if you are using an IPv6 only network which is the case for my ISP, AT&T Unverse, and using third party IPv6 DNS servers, you should be using DNS servers that fully support DNS64. Again, DNS64 is used to convert IPv4 addresses to IPv6 addresses in a 4-6-4 tunnel on the ISP network. The new find is Cloudflare has such dedicated servers. You can read about this here: https://developers.cloudflare.com/1.1.1.1/ipv6-networks . Great! Set my network connection to those IPv6 addresses and modified Eset's connected network setting likewise. Now for the Eset bork of this capability. The first thing I noticed was it appeared Eset was having trouble establishing a connection on port 8888 likewise on port 443 which is what Push Notifications falls back to. Sure enough, after a half hour Eset displayed the dreaded could not establish a connection to its Push Notifications server. So what is the friggin problem? Eset Push Notifications uses the MQTT protocol designed to create machine-to-machine; i.e. tunnel, connections to IoT devices. It appears this protocol is not compatible with DNS64 which makes sense if you think about it. So once again Eset implements something without thoroughly testing its compatibility with established networking features. @MarcosEset needs to be sending Push Notification traffic via IPv6 to resolve this issue. Assume Eset will have to provide a GUI setting option to receive Push Notifications via IPv6 or IPv4 connection. Or better, if Eset sees an IPv6 connection is established, prefer that over IPv4 for Push Notifications communication.
    1 point
  24. To begin, dismhost.exe running from the user temp folder is OK. I monitor dism.exe execution via Eset HIPS and the only thing that starts it on my Win 10 20H2 installation is cleanmgr.exe running from a Microsoft set up scheduled task. The above said, PowerShell usage is "baked into" Windows and is used internally for many OS functions. As such, it is entirely possible Windows internally is initiating the above activity you posted. As I posted previously, I monitor all Powershell.exe startup via Eset HIPS. I also monitor my Windows Powershell event logs and I have multiple daily event log entries showing PowerShell running to perform required system maintenance activities. Also, I have never once received an alert from my Eset HIPS Powershell start up rule in regards to this activity. So however Windows is running Powershell in the background, the Eset HIPS doesn't detect this activity. Bottom line is I have seen enough to state that the recommended Eset HIPS rule to monitor child process startup from Powershell wasn't thoroughly tested and should not be used.
    1 point
  25. New_Style_xd

    Borked HIPS

    What is making me worried is the image below, with updated information on the tested products. NOTE: ESET has low detection compared to weaker products. what is happening with personal ESET? Real-World Protection Test July-August 2021 - Factsheet (av-comparatives.org)
    1 point
  26. I erred in my original posting in this thread. I didn't implement Eset's recommended anti-ransomware HIPS rules per se. Rather, I made them more secure which suits me personally. One of the revisions for example is I monitor all Windows script executable's startup via a HIPS ask rule. This includes PowerShell.exe startup. As such, there was no need to use the recommended rule of monitoring all child process startup from PowerShell.exe. To use PowerShell legitimately, it must be allowed to start conhost.exe since it is the graphical interface element for PowerShell.
    1 point
  27. You could create a permissive rule based on the rule "Deny child processes for powershell.exe" and add the path to conhost when specifying the path to target applications which would be safer than disabling the rule completely.
    1 point
  28. Based on this .docx sample: https://www.joesandbox.com/analysis/476188/1/html , Eset and most other AVs are detecting the dropper file now.
    1 point
  29. itman

    MyEset account taken over

    Costs me $5 a month, that's why.
    1 point
  30. It's fixed, thank you!
    1 point
  31. I understand that it shouldn't affect system performance, but nobody likes to have a problem like that on their computer screen, that's why it should be fixed quickly, don't wait for the next version of the antivirus.
    1 point
  32. Try something like this: <?xml version="1.0" encoding="utf-8"?> <rule> <definition> <operations> <operation type="WriteFile"> <operator type="or"> <condition component="FileItem" property="Path" condition="starts" value="%APPDATA%\microsoft\windows\themes\cachedfiles\" /> <condition component="FileItem" property="FullPath" condition="is" value="%APPDATA%\microsoft\windows\themes\transcodedwallpaper" /> </operator> </operation> <operation type="RegSetValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> <operation type="RegDeleteValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> </operations> </definition> <description> <name>Wallpaper was altered</name> <explanation> The wallpaper was altered </explanation> <category> Default </category> </description> </rule>
    1 point
  33. Marcos

    EIS is blocking OneDrive access

    The FP has already been fixed. Please try again.
    1 point
  34. Yes, I tested it and get same results here. If DOH is enabled I get no alert, when disabled alert returns (using Cloudflare or Quad9).
    1 point
  35. You can raise a ticket with your local ESET distributor and provide them with logs generated as per https://support.eset.com/en/kb3404. At least they could provide you with an older version of ESET CyberSecurity Pro from the time when MacOS 10.14.6 was the latest.
    1 point
  36. A while back I recall an answer to the problem of continually spinning ESET icon showing update in progress when it isn't. The solution that worked for me was: Open ESET>Setup>Advanced Setup (lower right corner)>Update>Under Basic - clear the update cache>click OK>Restart your computer and all should be well. Hopefullly!
    1 point
  37. As Marcos said above, it's more of a hibernation/deep sleep with default Windows settings. Control Panel>Change to Large/Small Icons>Power Options>Choose What Power Buttons Do From here change the Power Button to Shut Down if not already, then as Marcos said Turn off Fast Startup.
    1 point
  38. It seems some are seeing Eset scanning for updates in the taskbar icon but eset itself in the update area isn't looking for updates. I've had issues myself with updates taking a while but I've never seen the icon claiming to be looking and eset itself not, but I've seen screenshots showing that it can do this
    1 point
  39. NewbyUser

    Good Old Days

    Anyone else remember these days?
    1 point
  40. Description: MyEset with more tools. Detail: You could do as KASPERSKY does in her product, put more options for the user, giving the option of Scanning and other settings remotely.
    1 point
  41. You're right. It confirmed that update is run with very low priority, ie. if more CPU intensive processes with normal priority were running, they would use more of the CPU while the update less which could result in update taking longer than usual.
    1 point
  42. Marcos

    Trust This SIM Card Issue

    Is it possible to create a new contact and save in on the SIM card? The SIM card memory cannot be full.
    1 point
  43. Please try the following: - in safe mode delete C:\ProgramData\ESET\ESET Security\local.db - restart Windows in normal mode - clear browser cache - temporarily change logging verbosity to Diagnostic under Tools -> Log files in the adv. setup - download CloudCar - collect fresh ELC logs but also select Local cache db:
    1 point
  44. Both ESET PROTECT and ESET PROTECT Cloud are 99% same in terms of functionalities and features. Also the features you've asked about are present in both. There is also an interactive demo of ESET PROTECT Cloud at https://www.eset.com/int/business/demo/.
    1 point
  45. This issue is still going on with release 14.2.24.0 I too find it very distracting having that icon animation running constantly. It is of little importance as nothing detrimental is happening, it is just very annoying. - Tim -
    1 point
  46. Okay, thanks for the effort. The setting is not a matter of life or death but as a nice to have it would be great... Thx & Bye Tom
    1 point
  47. As of now, this is not possible. Those "color coded statuses" are hardcoded in the webconsole. I will consult with our product management, if this is something that can be adjusted in the future product releases.
    1 point
  48. My problem is that when I run the radeon software program, when I want to enter the games tab where you load your profiles for the game, the following address is blocked: hxxp://amd.systemrequirementslab.com/ and the eset window appears announcing that the website was blocked I was curious, I entered the page from my browser and when I entered that page, I ignored the warning from this and when I entered I found a page that said the following: "Welcome to nginx! If you see this page, the nginx web server is correctly installed and working. Additional configuration is required. For online documentation and support, please refer to nginx.org. Commercial support is available at nginx.com. Thank you for using nginx." I really don't know what that message means, it says I'm installing a web server? I really don't understand, I never gave permission for anything to be installed, but researching, I saw that nginx could be a virus and that it could infect my computer, I'm really worried that now I literally don't know if my computer has a virus or not, I should be worried, what should I do? It's also clear that I will never give permission to the program to enter those pages, which are said to be malicious. I'd be very grateful if you could take away the doubts I have.
    1 point
  49. Good morning/afternoon/evening! I've heard some of the ESET staff here talk about setting up a dynamic group based on who is logged into a computer. It would be nice to setup a dynamic group of computers where No user is logged into the machine. This would be very helpful as that is one of the major deciding factors that go into whether we can start to preform a software update on a client machine. We obviously don't want to restart a user's machine while they're using it. Is there a way to setup a dynamic group that contains computers with no users logged into it? How often does eset check this information (the same time it reports to ERA, or?)? Thanks Jdashn
    1 point
  50. It should be possible to create such group but I was not able to verify it. There are multiple options, but you may try to configure dynamic group template as in screenshot: EDIT: dynamic group does not work in ERA 6.4 Once this dynamic group is replicated to AGENT, it is evaluated automatically and should detect change in list of logged users almost immediately as it is listening for system notifications. AGENT will be joining and leaving dynamic groups autonomously without active connection to SERVER -> if you attach specific task to this group, it will be executed even if computer is offline. I guess it is no surprise that you won't see offline computer joining/leaving dynamic group in Webconsole as this information requires working connection to SERVER.
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...