Leaderboard

Greetings! Listed as fixed in 7.3 "An on-demand scan launched from the ESMC console could shut down the computer even if this post-scan action was not selected" is exactly what started happening after I've upgraded Endpoint clients to 7.3. Never happened before. The process C:\Program Files\ESET\ESET Security\ekrn.exe (WKST-VRN-BKP01) has initiated the power off of computer WKST-VRN-BKP01 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Other (Planned) Reason Code: 0x80000000 Shutdown Type: power off Comment: Computer scan completed That comes from scheduled scan policy (daily on-demand scan with post-scan action set to "no action"). All upgraded endpoint clients have been shutdown after this scan. Fix it please!

I think this is resolved in just-released ESMC 7.2 where it look like this:

We are currently debugging the issue. Most likely we will be able to address it via an automatic HIPS module update.

Got it, Turns out I had made the change already. My memory just isn't what it used to be. Getting old isn't fun at all, but it beats the alternative. Thanks to both of you for your help.

Hello, Our service provider is currently having issues with deliverability to certain email domains, yours included; they have raised an issue with their upstream email provider. In the meantime, we apologize for the inconvenience. Tomas

Since this forum is not a channel for disputing detections and url blocks. we'll draw this topic to a close. Only the security malware lab is entitled to make decisions about url blocks. In this case, the blocks appear to be ok. Aggressive or misleading ads are subject to detection as well.

I want to add to this that this also happened to me on two computers that I was testing the upgrade on where it immediately performed a scan after the upgrade was completed and promptly shut down the computers. The event log confirmed it was an ESET-initiated shutdown after a scan completion. This is the same as the others have reported, but not a scheduled task, and not on demand, but immediately after the upgrade. Being located 1700 miles away from the office, and during a pandemic where no one else is in the office on a regular basis, it took a full week to get someone in there to turn these computers on. Fortunately, they were computers that were not in use by anyone, so were perfect candidates for this upgrade. Of course, I can't risk updating any other computers to 7.3 until this is confirmed as resolved.

The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script. Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120

Got it from VT. In fact, it's not detected because of the extension but with a correct extension it would be detected: updatewins.js - JS/Kryptik.BPU trojan. The detection was created between Feb 17-20. We'll adjust it so that such files can be normally detected.

I don't think it's possible. Moreover, I can't think of a good reason to not use the latest installer.

Yes, it was a false positive created by the mechanism for automatic generation of detections.

It should be fixed in the upcoming module update.

There is a difference between updates when a reboot is mandatory (e.g. when protection will malfunction after upgrade) which is indicated in red and when a reboot is recommended (indicated by the yellow notice). The thing is when drivers change the old ones stay loaded until the next restart and old drivers and new service and binaries may not play nice together, especially if there is a difference in the major version (5,6 vs 7) or if substantial changes were made under the hood (legacy versions up to v7.2 vs 7.3 with changes in internal communication due to changes in Windows 10). However, the machine won't restart automatically, especially not if the notice is yellow. When the so-called microPCU program updates become available, this won't be an issue anymore since updates will be installed after a computer restart.

Hello @Cp3p0, thank you for your feedback. I have forwarded it to the responsible product managers and UX experts. All of the issues you have highlighted are not user-errors, and we plan to address them in the future releases of EMA 2 (especially option to automatically hide suspended sites, de-provisioning of customers (incl. replication of such changes into ESMC) and adding settings with the option for auto deactivation. We do not however plan to allow retroactive creation of a trial license per customer where full license was already present due to the potential of license misuse. However I do agree that the noisy records of cancelled license should be hidden / removed. That is AFAIK planned as well as some other improvements in the user behavior.

It's already available in the repository:

No. Unless you share files and folders for the others in the home network they won't be able to access them.

Connected Home Monitor works with home networks as the name suggests. On public networks only a one-time scan is performed. As a result, you won't get notifications about new devices in public networks. Also a vulnerability scan is limited only to home networks. Devices show up in circles depending on when they connected. There's no particular left-to-right order as far as I know.

It's normal to be detected as a PUsA. Trojan detection is rather a FP.

Yes, it does.

Automatic updates are ensured via the regular automatic update task in scheduler. You can control how often the task will run. By default it's 60 min. but it's also possible to shorten it to 10 min. if I remember correctly. The "more frequent updates" settings refers to streamed updates that are downloaded every few minutes.

Since there are local specifics and some countries don't even support auto renewal, I'd recommend contacting ESET LLC for more information.

Hi @Cameron. Yes, you can easily setup a new ESMC server, deploy couple of endpoints. If you activate those endpoints, they will add to the total of your license, meaning if you for example have 100 licenses, and 95 are used on the "current ESMC", then you have 5 seats to use on the new ESMC instance.

Since this forum is not a channel for disputing detections and url blocks, please follow the instructions at How do I report a false positive or whitelist my software with ESET? Having said that, we'll draw this topic to a close.

Already replied here: https://forum.eset.com/topic/24551-domains-false-positive/ Again, this forum is not a channel for disputing detections and url blocks.

Tobil has an article about excessive CPU use caused by AV scanners here: https://help.tobii.com/hc/en-us/articles/115004039965-High-CPU-usage . Since the article is 3 years old, it is not a new issue. It appears the present Eset real-time performance exclusion might be be the best current mitigation until Eset can research the issue and find a fix. You might want to open a technical support request to Eset so the issue is documented. I also noticed in the VirusTotal analysis that this is a .Net app and a lot of downloading occurs from it. Suspect the scanning of these downloads is why CPU acitvity spikes.

Does eset sell 2-3 month licenses. Thought the minimum was usually 1 year

Try out both and compare them yourself ... its depend upon the System your are using .. which one will be compatible for you

License sharing is possible via my.eset.com but only for Windows consumer products.

Do you have libappindicator1 installed?

So far, so good. Will post again if it starts acting up again.

Usually these software aren't recommended by Microsoft , as they tend to touch the registry and sometimes they could break off things Automatic Maintenance in Windows does probably just the same , as still you have the Disk Cleanup which changed to another name by Microsoft recently. Then CCleaner when moved to Avast if I am not mistaken , they were hacked , yea it happens to all , but still I just dropped the application at all.

After leaving eset for the last 3 plus years its' its glad to be back.I used another top brand name security software,and after installing the lastest version,and after about a week of the trial version,I was excited to purchased eset,upon install I noticed a difference the way my machine acted.Very Smooth and Stable,I didn't know security software could make that big of a difference.What a difference ESET made on my machine.I can't speak for everyone,but I know eset security did for me,So For So Good, Thank You

There is a permanent connection held open to a host outside the corporate network from every client for triggering actions on that client. This is something not being tolerated and I really can understand that point of view. This is even more senseless if your clients are on the same network segment as ESMC server. This should be configurable similar to cloud based feature. It seems that customer will choose a different product for this reason. Cheers.

Indeed only DER format is supported for both import and export of CA certificates. We will have to check whether it is clearly communicated.

If it's a pre-installed application, it cannot be removed, only disabled.

I'm very sorry. NOD 32 is not responsible for that BSoDs. I made a clean install and the problems stays. Thanks for your help. This thread can be closed.

The script is malicious and has been detected by ESET since Feb. As of the last update it's also detected without an extension

If you use MS Outlook, does disabling integration make a difference? If so, re-enable it and try disabling this option in the antispam setup: If that's not the case, please create a dump of ekrn by clicking Create in the avanced setup -> diagnostics (make sure to select full dump first and click ok).

The certificate for the web site has been revoked: https://www.ssllabs.com/ssltest/analyze.html?d=clik.tradingacademy.com Contact the web site administrator of this status. Or contact the concern by whatever means and inform them of this status. Note: regardless of Eset use or not, any browser will also reject the connection to this web site due to it's revoked certificate status.

Please run the ESET uninstall tool in safe mode and after starting Windows in normal mode install EFSW 7.1 from scratch.

ESET should protect you against all known ransomware variants and also against the majority of new, not yet created variants. However, I'd like to emphasize the importance of keeping RDP secured, having all critical OS updates installed and practicing safe computing, otherwise even the best AV could get disabled by attackers.

Hello, I installed Eset file security 7.1 for my Samba server with CentOS 7. The server still freezes after a few hours of running EFS. When it happens, I tried connect via SSH, but I got a timeout. Only what can I do is hard reboot of the machine. When I look at the log, I find similar lines before crash. May 14 09:43:02 server169 kernel: eset_rtp(ertp_wait_for_reply): wait for scanner reply timeout, path: /var/lib/samba/lock/msg.lock/5339, size: 21, event: CLOSE, command: smbd, pid: 5339 May 14 09:43:03 server169 kernel: eset_rtp(ertp_wait_for_reply): wait for scanner reply timeout, path: /var/opt/eset/RemoteAdministrator/Agent/data.db, size: 331776, event: CLOSE, command: ERAAgent, pid: 1059 May 14 09:43:03 server169 kernel: eset_rtp(ertp_wait_for_reply): wait for scanner reply timeout, path: /var/lib/samba/gencache.tdb, size: 667648, event: CLOSE, command: smbd, pid: 5118 May 14 09:43:04 server169 kernel: eset_rtp(ertp_wait_for_reply): wait for scanner reply timeout, path: /var/lib/samba/lock/locking.tdb, size: 581632, event: CLOSE, command: smbd, pid: 5340 Did anyone have the same problem? Thanks for any advice. Petr

I haven't been able to reproduce the issue on the latest version of ESET Endpoint for mac OS (6.9.60), So upgrading seems to be the easiest fix. Edit: I'm not sure if there is a newer version of ESET Cyber Security though.

Could you try temporarily disabling self-defense in Endpoint, reboot the machine and try again? As of Endpoint 7.3, we've made big changes under the hood in preparation for a Windows 10 update which may cause issues with communication between ekrn and the agent during upgrade and a new ESMC agent will be needed (7.2 has not been released yet).

For me that's excellent for most of them .. so it depends only on your taste and opinion and experience with the software itself , I tend to like ESET more because it's been several years with it and I just don't want to move on to another product , even though I would like to try Kaspersky for a bit , but I still stay with ESET due to several years of using it and it's light.

Any ETA for the fix to be released?

I am seeking help on how to migrate ESMC 7.1 to my second server. I finished upgrading my first server and working without problem but when I tried to upgrade the second server using the same process, it failed. When I am trying to access the ESMC on the second server, I can't log in anymore. Does anyone here can help me migrate it step by step?

Release Date: May 28, 2020 ESET Endpoint Antivirus and ESET Endpoint Security version 7.3.2032.0 have been released and are available to download. Changelog: Version 7.3.2032.0 Added: Compatibility with future Windows 10 major update, due in H1 2021 Fixed: Detected files were blocked also when only reporting was enabled Fixed: An on-demand scan launched from the ESMC console could shut down the computer even if this post-scan action was not selected Upgrade to Latest Version Upgrade my ESET Endpoint products for Windows to the latest version IMPORTANT NOTE: After upgrading from an older version of Endpoint to v7.3, a computer restart will be required for antivirus protection to work. Make sure to upgrade machines during a maintenance window when you can afford to reboot them. To reboot the machine automatically when sending a software install task from the ESMC console to clients, select the appropriate option: Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

Does creating a permissive bi-directional firewall rule for the following app help? /Applications/Microsoft Teams.app/Contents/Frameworks/Microsoft Teams Helper.app

Description: Eset sysrescue linux based. Detail: I feel that Eset should offer a linux based sysrescue as well as the windows one. some malware does not allow windows discs to boot properly and this would solve the issue. Linux based rescue discs can offer wireless updating as well as Ethernet which would be good for laptops.