Leaderboard

Hi Thomas, My solution is the following: 1.: - I created a dynamic group for collect the computers with error message "Restart required" : 2.: - Then I defined a CRON triggered task for send a pop-up window message into the affected computers: "Hello Collegue, please restart your computer as soon as possible because an ESET software update...bla..bla" or something like this You can configure the CRON for example launch the message hourly, every 10 minutes or as you want It works pretty fine

Hi, We're currently reviewing our server protection, we have around 150 on a mix of ESET File Security 7.0 and 7.1 (Windows only) which according to the EOL page is in support (Limited for 7.0, Full for 7.1). With ESET Endpoint AV V8 being released for clients is there any rough estimated date/quarter/year on when the next major version for File Security will be released? I've noticed 7.3 released for ESET File Security last month (EOL page not updated to show that?) but we're reviewing whether we should upgrade all our 7.0/7.1 servers to 7.3 or wait for V8. It be months of wor

You must enable reporting of all installed applications via an agent policy first:

In case there is a firewall, you have to enable port 443 (standard HTTPs) or possibly other simillar port, the same you are using locally. Short summary of ports in default: 2222 is ports used for AGENT->ESET PROTET communication and should be generally opened from network where AGENTs are installed 2223 is port used by Apache Tomcat to communicate with it's backend and also it is used by installers to communicate with it. In case you are not using so called "Server assisted" mode of installers, there is no need to open this oper to outside networks 443/8443 is defaul

At far as VT detections go, note the following which has been mentioned multiple times in this forum. Most AV products installed there do not have all their protection mechanisms enabled. Overall, VT is primarily employing static detection methods in the products used; i.e. signature detection. Therefore just because a given product doesn't detect a malware sample at VT, does not imply the product won't detect when installed on a device.

Not true, detected since Feb 2020 : windo_137178474.exe » INNO » {app}\quis\Dolorem.exe - a variant of Win32/Kryptik.HAYM trojan windo_137178474.exe » INNO » script_decompiled.pas - Win32/CrthRazy.R trojan The other file is digitally signed, no detection at VT: https://www.virustotal.com/gui/file/421fd3c8957b4cd16c7edbd49c046ef384dca0dfc81c94e1e397cb28afe2293b/detection

The certificate was indeed revoked: https://www.ssllabs.com/ssltest/analyze.html?d=www.itravelhero.com Revocation status Revoked INSECURE Mechanism Provider Status Revocation Date Last Observed in CRL Last Checked (Error) OCSP The CA Revoked (cessationOfOperation) 2020-11-27 10:06:34 UTC n/a 2021-01-22 13:33:51 UTC CRL The CA Revoked (cessationOfOperation) 2020-11

Normally a crack would have been classified as PUA (potentially unwanted application) , but since most of the detections are going for a Trojan Dropper name , I would rather avoid that file and remove it.

The main thing to know about this attack was Windows Defender was bypassed since the malware created exclusions in WD to allow its malicious .dll to run undetected. Kapersky also didn't stop files being encrypted by the ransomware portion of the attack. Per a malwaretips.com poster: Waiting until someone does a detailed analysis on this puppy.

The malicious dll is already detected. VT uses an on-demand scanner which relies on engine updates. Moreover, there may be a delay of one hour after the engine update before VT reports current scan results. iobit.dll - a variant of WinGo/Filecoder.DeroHE.A trojan Also I can assure you that we take security seriously and have always taken measures to harden the forum against attacks.

Are you referring to the Eset splash screen which just shows an image of Eset logo? If so, refer to below screen shot to disable its display at system start up time.

I've checked your license and didn't find any issues. It's been used on 1 computer. The license was issued by ESET Canada so it's strange that they could not find. I'm gonna reset your license key now and send you a new one.

@LesRMedthis worked instantly for me aswell. Thanks so much for the reply!

This worked for me: Login to ESET MSP Administrator Press F12 Go to Applications > Local Storage > https://msp.eset.com Delete the key PendingRequests Reload the ESET MSP Administrator portal (Ctrl+F5)

My Mac was running very sluggish this morning and I could see ESET taking up to 530% CPU. Rebooting seems to have solved it but there definitely appears to be some sort of issue under the hood.

Email client protection is not actually protecting email clients using secure ports then? Completely baffling given secure ports are listed by default; even deceptive one might argue. And who uses insecure ports? Not those interested about email client protection I imagine So my takeaway is, users don't actually have the protection that the settings intimate they do, and this has been exposed due to changes in Big Sur which cause said protection that isn't there to crash? In which case, is it that this has never worked, but this was only made evident due to the changes in

Ergo, there is no email protection in Big Sur for secure ports? Is this a feature removal?

These are the default settings: Are you saying the default settings are wrong?

Just to let you know, problem was indeed triggered by localized Windows operating system, i.e. operating systems where certain status messages provided by system itself contained non-ASCII characters. Unfortunately problematic helper tool UpdaterService.exe is part of already installed version 7.2.1266.0 and therefore proper solution was not possible and upgrade from this specific version to any new version will report this kind of failure even when upgrade will be successfully. Also it has been confirmed that upgrade from version 8.0 is not affected, so there should be no such problem wi

I would also like an answer to this question before we start the upgrade to 7.3 Thanks,

Hi dear ESET Admins. In some endpoint we are facing this problem : ( Upgrading 7.0.579.0 to 8.0.1238.0 ) MSI (s) (40:9C) [11:01:33:439]: Product: ESET Management Agent -- Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Error 1921. Service 'ESET Management Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Full Log is Attached. What can we do remotely for this problem ( except safemode and uninstaller tool ) ?

And if you attempt to install File Security via "software install task", what is the reported error (as I assume, that such attempt would fail). What I would do in this case, is try to login to the affected machine in safe mode, and execute eset uninstaller, to remove any remains of EFSW installation, and also the EEI, and once the system is "clean", reinstall those components from scratch. It might indicate a corrupted EFSW install. Also, is this machine reporting any events to EEI server, or reporting any functionality problems in EP console?

No company provides a true antivirus for iOS due to the design of the OS.

Due to the design of iOS antivirus programs for Iphone do not exist.

For information, I have the Limited Direct Cloud Connectivity warning message each time I launch Steam. Everything is up to date. I don't really care for myself but it might help you to figure out which port may be problematic.

Thanks. Having spoken to tech support i reset the password and have performed the migration successfully.

I tried Legacy BIOS and UEFI, both instances hang during the boot process. The Legacy BIOS did bring up a text menu momentarily before it hung with a black screen with a flashing cursor. I have had luck getting Ubuntu and other Linux distros running on my PC - but there has sometimes been an issue with some of my more modern Nvidia RTX GPUs where the open-source nouveau drivers don't recognize the Nvidia GPU. This feels similar. I have been able to get past this by being able to modify the grub boot options with a nomodeset option to keep the distro from scanning for the graphics con

Currently Endpoint v7 doesn't support Secure boot but it should in the future (there is no ETA yet).

As of now you must run a software install task to upgrade the security product to the latest version and an ESMC component upgrade task to upgrade agent. As of Endpoint v8 for Windows and ESET PROTECT, we have enabled so-call uPCU program upgrades, meaning that upgrades to v8+ will be automatic if an administrator configures the product so.

Thank you Michal. Worked perfectly.

I was talking about the malicious payload which is dropped. The dropper will be detected as well: Win32/Injector.Autoit.FKM.