Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 08/31/2017 in all areas

  1. 4 points
    Marcos

    Ransomware SDEN

    Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed. The OP was informed and improvements in protection were suggested.
  2. 3 points
    filips

    EFS 7.0.12014.0 - MSSQL ERROR

    Hi, as marcos noted this error is logged when automatic exclusions for Microsoft SQL server are enabled. Automatic exclusions for Microsoft SQL server are using ADO API to read information from "sys.master_files" table to get list of files to exclude from scanning. The ADO API obviously loads a DLL that is not signed. As a workaround, automatic exclusions for Microsoft SQL server can be disabled.
  3. 3 points
    Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
  4. 3 points
    @AStevens.SHG Hello, Concerning the more options in the reports, some of the changes are going to be introduced, but not all of them. However, we are planning a bigger redesign for the future version, which might make it simpler. Other requests are tracked in the feature backlog (authentication screen changes, AD sync changes, and export of data from "computers screen") and I believe that some of them will be done in the future versions (not in the 7.0, but into the future releases). I can´t comment now about details, as we are still scoping, and setting up the road-map plans. But your votes will be added to already tracked backlog items.
  5. 3 points
    Hello, thank you for the feedback. I have positive news for you - we are continuously improving the ways how reports are built & are adding further filtering options in the soon to be released version. So the filter by action is added in the upcoming version & you are also able to filter out some entries from the "installed applications" report, by choosing condition "is not one of" (screenshots attached).
  6. 3 points
    Hello, we will be rolling out this change by the means of a module update in the upcoming weeks.
  7. 3 points
    I would welcome the changes, as I currently enable strict cleaning to get similar results
  8. 3 points
    Speaking as someone who is hands-on IT management rather than a reseller or MSP: That is how I would expect it to behave and should. My endpoints are configured for strict cleaning so I have not dealt with this issue, however if end users were greeted with option dialogs during an av scan without any way for the admin to suppress I would be quite aggravated with the product.
  9. 3 points
    As introduced here (KB News) and here (KB Alerts), I am unpinning those threads and replacing with this one. We now have RSS/email subscriptions for News, Alerts, and Customer Advisories. Information and instructions to subscribe is available here: Subscribe to ESET Knowledgebase Support News, Alerts and Customer Advisories
  10. 3 points
    Aryeh Goretsky

    Rules of the ESET Security Forum

    Welcome to the ESET Security Forum! ESET is pleased to provide you with this resource in order to make it easy for you to ask questions and receive answers about ESET's products and services. Understand that the ESET Security Forum is a private community for existing customers of ESET, prospective customers who are interested in ESET's software, ESET employees and business partners. Because of this focus, it is not like a general public forum, where conversations take place on a variety of non-ESET and non-security related topics. With that in mind, we have the following rules in place: When registering for an account on the forum, please fill out the information accurately and correctly. Do not enter the Username and Password for your licensed ESET software, but instead choose a username (in Latin) unique to this forum. You should also choose a suitably complex password unique to this forum as well. Do not create multiple accounts. If a person is found creating multiple accounts, ESET reserves the right to take whatever actions it deems necessary, including banning, blocking, deleting and/or merging them. The exception to this rule is ESET staff, who may create multiple accounts for testing purposes. No impersonating other forum users, ESET employees or other people. Use appropriate language in the forum. No vulgar, obscene or rude language will be tolerated. No vulgar, obscene or otherwise offensive images or video will be tolerated. ESET staff have the right to move, edit or modify messages that you post. This may be done for clarity, to move a message to more appropriate forum where it will receive more attention, or for other reasons outlined in these rules. All decisions by ESET staff are final, and not open to discussion. This list may be updated at any time. Please periodically visit this page to review any updates. Do not post direct links to any executable files, malicious/suspicious software or web sites in public messages, even if you think the software or site is clean and incorrectly detected by ESET. Break up the URL by inserting spaces into it, or replacing the protocol handler with an obfuscated one, like . Do not attach malicious or suspicious files to messages, even if you think they are clean. Write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post any personally identifiable information (PII) about yourself, such as an email or mailing address or phone number, in a public message. Do not post the username and password or license key for your ESET software in a public message. Do not post links to software cracking tools, license key generators, pirated copies of software or other illicit software in the forum. If you wish to report a site, write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post private correspondence (private messages, email, etc.) publicly within the forum. Do not post "A vs. B" or "Which product is best?" type messages in the forum. Do not post overtly commercial messages in the forum (this includes in your signature). Do not pre-announce releases. Due to differences in scheduling, it may sometimes take several hours after a release has appeared on ESET's web site for the release announcement to appear here in the forum. Do not abuse the forum's rich text controls. Messages and signatures with inappropriate font selection, including size, color and, for signatures, length, may be edited by forum staff to conform to standards of decency. Do not ask other users for logs, especially if they may contain sensitive or other personally identifiable information. Posts made on behalf of a 3rd party company may only be made from accounts registered with an email address from the company's domain (verifiable by ESET staff). Do not use the "Report post" function for other purposes than reporting inappropriate content requiring moderators' attention. Do not report possibly incorrect detections or blocks (false positives) in the forum unless they may affect a lot of users. If you think that your application or website is detected or blocked incorrectly, please report it to ESET as per the instructions at https://support.eset.com/kb141. Be civil, do not post sarcastic, offensive or mocking comments towards any person or entity. Do not post messages that are off-topic, keep the discussion to the point and do not lead it astray. To discuss a different, unrelated issue or question, always create a new topic. If you have any questions or comments, please contact one of ESET's moderators. Last Revised: 5 March 2019.
  11. 2 points
    saroot

    EFS 7.0.12014.0 - MSSQL ERROR

    Hi All, I am getting windows server 2016 event log error as "SQL Server Native Client 11.0: Unable to load sqlnclir11.rll due to either missing file or version mismatch. The application cannot continue." after update from ESET File Security 6 to 7. Environment as : Windows Server 2016 EFS 7.0.12014.0 MSSQL Server 2014 Any one have a solutions for this? Thanks.
  12. 2 points
    We have pinpointed a memory leak in the memory dumper. A fix is being reviewed and will be released through an automatic module update next week.
  13. 2 points
    Dear Linux community, We’ve been working on the new generation of our solution for Linux servers for quite a while. The hard work of the development and QA team was materialized into the first BETA version, which we would like to share with you. If you are interested in getting a copy and chance to get hands on experience with it, just leave a comment here or send me (@Peter Randziak) and @TomasP a private message. We are looking forward to your participation.
  14. 2 points
    Marcos

    PUP not handled

    Today we've released a fixed version of the Antivirus and antispyware module 1552.3 which addresses cleaning issues on Mac. Could you please check if PUAs are now cleaned properly?
  15. 2 points
    itman

    Eset To The Rescue Again!

    Some "free press" courtesy of bleepingcomputer.com: Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/
  16. 2 points
    Hi Paul, Have you tried also with the latest version - 6.7.876.0 ? There have been a couple of changes regarding MacOS compatibility. Thanks
  17. 2 points
    Hi J.J, I try your configuration and it is working well. Thanks for your help. Axel
  18. 2 points
    Marcos

    ESET keeps stealing focus from Firefox

    Thank you for reporting the issue and the video you've provided. We have eventually pinpointed the issue and a fix will be included in the next version of v12 products.
  19. 2 points
    An FYI for anyone else searching - ESET ECA currently can't do this directly, but ESET UK support helpfully provided a sh script which can install the ESET remote agent silently, connecting endpoints directly to the correct ECA instance. This worked for me - Meraki can deploy the script by wrapping it into a DMG package and deploying as a custom app. ESET ECA can then install ESET sofware/licences etc, with everything being 100% remote.
  20. 2 points
    Marcos

    Horizon - Endpoint Antivirus

    You should reply them that the memory dump from a crash has been already analyzed by an AV vendor and Microsoft and both confirmed a bug in a VMWare driver which is unrelated to the mentioned exclusions. We at ESET are willing to help them and provide details about the problem. You as a customer of VMWare could provide them with a memory dump for perusal.
  21. 2 points
    Marcos

    Will Client auto update on new release?

    If I remember correctly, it should happen after the next service release in 1-2 months. By the way, it will be uPCU, not PCU.
  22. 2 points
    It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
  23. 2 points
    Thomas Stats

    Introduce yourself

    Hi there I am security expert and blogger. I am working in the IT area for over 10 years. All the gathered experience throughout the years I share with people at reviewedbypro.com. Its a cyber security website that helps people deal with various online threats by providing detailed and insightful reviews to those who are interested.
  24. 2 points
    It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.
  25. 2 points
    Description: A "Reset to Default" option for different parts of the ERA. Detail: This one has mainly been discovered due to my own fault. There are many things that can be played with within ERA which is great, however I think there are some of us that might play a little too much and then get to a point where we've changed so much of something that it doesn't work or doesn't give you what you want. For areas such as reports and policies, it might be a good idea to have a button that you can click while editing that restores the default values. That way, if you play around too much and feel like you just want it back to how it was before, you have a reset button as a saviour.
  26. 2 points
    Dear forum members, We are considering a change in the product's behavior but before doing that, we would like to consult you, our field experts with regards to the problem and suggested change. We kindly ask you to: Read this message carefully Talk with other people of your support staff, whether they are aware of issues related to current behavior Provide any comments (supportive / negative) towards the proposed change As of now, one of the issues that our customers are facing is the behavior of products in managed environment, related to handling of detections and cleaning of Potentially Unwanted and Potentially Unsafe Applications (hereafter referenced as PUA) The following are prerequisites of the behavior: Default cleaning settings on the Endpoints (normal cleaning) Detection of PUA is enabled. With these settings we were reported the following problems by several customers and resellers / MSPs that we have interacted with directly during a customer research. Main problems are: End users on local machines are forced to respond to an „interactive window“ that is asking for action in case of a PUA detection, which can by triggered by protection modules or the on-demand scanner. They offer the „ignore & continue“ action even in managed environments where the end user should not make decision. Users can try to install a PUA which usually ends with multiple interactive windows appearing. If a PUA is already in the system and you schedule an on-demand scan, it will be reported to the user again and a dialog with action selection is shown to the user. If this happens on a server, it will be never resolved; the dialog eventually expires, and then will be reported again and again to the server upon re-scanning. The only solution currently is to set an exclusion or to set cleaning mode to strict which will automatically remove the PUA detection without asking. What are we planning to do: We are planning to change the product behavior in a way that our endpoints will automatically block / clean PUA detections in managed environments according to the option selected by an administrator, meaning that the end users will never see interactive windows. Alerts (only one) will be reported to the ERA, and it will be up to the security administrator to either set an exclusion or acknowledge such detection. After exclusion, reinstall of the affected PUA will be needed on the target system; restore from quarantine is not enough since „cleaning“ also removes references which are not restoreable (this is valid also now, when Exclusion is „cleaned“). We would like to hear from you and ask for feedback whether you consider this change as risky from the perspective of customer expectations. We do perceive the problem as serious and would like to change the behavior even for existing users by means of a module update. An alternative approach is to change it only in new versions of our products, meaning Endpoint V7 and eventually backport it to a new 6.6 hotfix if that happens in the foreseeable future. How the interactive window looks: How it looks in the logs: How it looks in the ESET Remote Administrator: Please note that we are also bringing a lot of changes into the ESMC: Cleaned „threats“ are automatically going to be marked as resolved (once the behavior is implemented, you will automatically get the PUA cleaned at the „first detection“) and will be automatically „resolved“ in ESMC (no duplicated entries when one clicks „no action“) You will be able to set exclusions directly from the threats section, basically by „one click“; there will be also an option to set „exclusion by HASH“ in EES. Thank you for your feedback & support.
  27. 2 points
    Hi, Enable parental control --> block the uncategorized website (for having robust web filtering)then open a website that has now category so Eset block it but you may want to allow this URL fast. It Would be good if Eset provides an option to unblock websites by password from the browser(or from the parental control log), not Eset parental control settings. its easier to manage, Also, Eset hips show the loaded drivers but it doesn't show the digital signature for them.I like to see the signature.
  28. 2 points
    Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI. Justification Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine. Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/
  29. 2 points
    Add - Dark Mode on ESET Nod32 would be great.
  30. 2 points
    That's how it works in ESMC (ERA v7) which is currently in the phase of beta testing and will be released soon.
  31. 2 points
    Chris Todd

    Introduce yourself

    Greetings from Australia. My name is Chris, retired Electronics Engineer. I have been using ESET products for many years and am well satisfied with the protection they give me. I am a bit of a "tinkerer" and have 4 installations Windows 7-32, Windows 8-32 , Windows 10-32 and 64 on the one machine. being able to boot into an old version of Windows for recovery procedures has "saved my bacon" a few time when things went awry or got too scrambled in W10 which I use most of the time. An interesting fact about me ?? Nothing exciting ! I am a traveller, haveing visited over 70 countries on fact finding vacations. I am an AVID chatter using SKYPE and other forums with acquaintances in mainly sanish speaking countries.
  32. 2 points
    This will change as of ESMC (ERA v7) in the way that handled threats will be resolved automatically.
  33. 2 points
    Description: Individual firewall rule hit count. Detail: Similar to hardware firewalls, it would be nice to see a hit count, packets matched, kind of information per individual firewall rule in Endpoint protection, also for that information (similar to above requests) to be visible in ERA, and total of the hits across all clients with the same rule. So we can generate reports, this makes it easier to find rules no longer being used and can be removed safely.
  34. 2 points
    I have checked this with the developers, and we are going to change the behavior in V7. If you select "only computers", all of the computers under "DN" will be synced, not only direct parent ones. So it should behave according to your expectations. With regards to the "users", what is the usecase for you? For what do you use the? Do you manually create linking between users & devices, or use the user variables in policies for Endpoint or MDM?
  35. 2 points
    @fchelp You can open the individual task entry in Admin / Client tasks, by the little "+" expand button, and then toggle a context menu for individual entry. You can remove individual triggers, or eventually even edit targets. Screenshot attached. In the next version (7.0) we will be adding possibility to save a filter set, for a various conditions (un-managed computers, computers without security product installed, computers with a specific security product version ...). You will then get the filtered view on top of all computers by few clicks. However, you won´t be able to automate like you do for Dynamic Groups. However, for the future, we are working on more in-depth server side automation, where defined conditions will result in "tagging" a computer, and automation framework will check "assigned tags" and trigger actions based on them. This won´t be done to 7.0, as the feature is a bit complex, but it´s being worked on. Filter sets are below, on the screenshot.
  36. 2 points
    Nice thread, I have tens of comments to ERA server / functions. ERA is not user friendly in most cases.... I will post something. Description: Dynamic groups rules / tasks Detail: I would like to be able to show all rules/tasks linked to dynamic groups. Or to be able to find where rules are linked. I would love to disable group/rules instead of only delete or edit them to dysfunction it. It is nearly imposible to read ties. Description: task history deletion / filter and so on Detail: I would like to be able to delete (mass delete) task history. I have tens of ASAP task and they are only messing in my log. I would like to be able to see which computers were affected by the single task when pointing to a TARGETS column. Why I have to edit history of the task to see which computer was affected? I would like to click on 1 computer(s) to open the list or show the list. Description: trigers Detail: ASAP. Sometimes ASAP fails and I have no idea why.... Computer was online. I think rule should wait for online status or give me better feedback Description: Failed / Trace message Detail: When I point on the FAILED status I would like to receive more information what happens without opening the HISTORY of the COMPUTER. BTW FAILED ICON should allow me to open history.... Trace message is sometimes to long and I am unable to read whole message. Description: Repository Detail: Choosing ESET version from a repository is not user-friendly. I have to be very careful to chose the right version. Description: Reports Detail: Why I cannot export report Computer name Identifier type Identifier value Adapter IPv4 address Computer nameDevice manufacturerDevice modelOS nameOS versionAdapter IPv4 addressRemoteHost and so on ? When I chose some identifier other identifiers are disabled. Why? I would like to be able to find report using some SEARCH function. Description: ELA Detail: Why I am unable to fully maintain a license that customers gave me under my administration? I am unable to remove computers which are not activated under ERA. I have to open ELA portal using my customer's credentials. Why I can not edit ELA credentials on my ERA server? Description: Upgrade Detail: When I am upgrading EEA using ERA I have to activate them afterward. Why? Product was already activated. Description: Variables in tasks / templates Detail: I would like to have variables in task / dynamic groups. For example I have 4 activation tasks (4licenses). I would like to activate product which is not activated when joining dynamic group based on FOLDER group. When computer from AAA company join the NOT ACTIVATED group, the AAA-ACTIVATE task will be used. When computer from BBB company join the NOT ACTIVATED group, the BBB-ACTIVATE task will be used. Description: Applied policies tree Detail: I would love to see the tree of policies which are applied on a computer and would like to be able to identify which policy rule won the policy over-ride battle. I am not satisfied with list of policies. Description: Threats infection and cleaning Detail: I am not unable to simply perform an action on threats whir where not automatically solved by EEA. For example, I would like to choose threats and click on "DELETE" or "CLEAN" or other things. I am able to mark them only as RESOLVED Description: Sorting / filtering Detail: I can filter columns by STATUs or LAST CONNECTED, but I am unable to do multi filter. For example I would like to sort all computer by WORST FUNCTIONALITY and LAST CONNECTED, because working with offline computer does not make sense. And so on.....
  37. 2 points
    Description: More information in system cleaner Detail: I have mentioned this previously. System cleaner is the new tool in version 11 that alerts you to system settings that have been changed from default the idea being that they could have been changed by malware. The issue is they give no information on the actual setting just the type of setting. I tested this feature by clicking to change settings hoping I would be shown the changes and able to make a decision. What would make more sense is having a way to see the actual changes and a way to ignore certain changes that the user wants to keep. Many people change things themselves e.g Windows tweakers and this feature could cause issues if they change things without realising. This could always be a more advanced option disabled by default. If this cannot happen at least have a lot for this feature so that advanced users can see the changes made. If eset is changing a Windows option it shouldn't be too hard to log the change somewhere. Also an undo feature might be handy as when I tried it out hoping i would be given options eset just changed them and with no lot I have no idea what got changed
  38. 1 point
    Marcos

    Updating Names

    You can synchronize computer names by running the following server task:
  39. 1 point
    MartinK

    console cloud

    Any chance it resolved itself automatically after a time? We are currently experiencing issues with license synchronization, which is targeted by release that is rolling out this week.
  40. 1 point
    itman

    Unsual Open Network Services notification

    To be 100% accurate in regards to telnet is the following. The telnet client is not installed on Win 10 by default: https://www.rootusers.com/how-to-enable-the-telnet-client-in-windows-10/ . As noted in the article if the telnet client is installed, any port can be used by it; not just port 23. When router's reference telnet, they are just referring to its default use of port 23. Disabling the telnet option on the router is just blocking all inbound/outbound WAN side port 23 TCP/UDP traffic to/from the router. When the router is set to bridge mode, you are instructing the router to pass all inbound and outbound traffic through the WAN side of the router. All firewall, IDS, and protocol filtering methods on the router are disabled. Additionally, both NAT and stateful transmission detection are also disabled on the router. As such, you are now relying 100% on Eset's firewall for port 23 protection. Whereas Eset's firewall will block an unsolicited inbound port 23 traffic by default, such is not the case for any outbound port 23 traffic. By default, Eset allows all outbound traffic.
  41. 1 point
    MartinK

    Query over TLS1.0

    Unfortunately this is not configurable via UI. It i actually part of Apache Tomcat configuration distributed with ESMC. Please check following KB3724 but just search for TLSv1 and you will understand what to search for in server.xml configuration file. There is no need to follow this KB as it is unrelated. Regarding question why it TLS1 enabled by default - it is due to backward compatibility as ERA6 clients were using TLS layer provided by system itself, and we do still support older systems (Windows XP as an example, but also older Linux and macOS) which do not support TLS 1.2.
  42. 1 point
    Whether the "Show bult-in rules" box is ticked or not does not affect rules in any way; the setting affects only the display of default rules. Default rules that are enabled are applied regardless of the state of the box. If a particular communication is blocked, then there's no permissive rule that would allow it. You can use the Firewall troubleshooting wizard on a client to get a list of recently blocked communications where you can allow the desired ones with one click. Alternatively you can use learning mode to create permissive rules automatically. Afterwards review the rules, remove the unwanted ones and apply the desired ones via a policy to other computers as well.
  43. 1 point
    deloppoled

    ESET keeps stealing focus from Firefox

    UPDATE: Here's an update about the issue that I just noticed. Perhaps it may help to zero in on the problem. If ESET-IS is left open on the system taskbar, no matter where it resides in the Z-order, this problem does not occur. Only when ESET-IS is 'closed' or minimized to the system tray (i.e. ESET-IS is running in the background, parked in the system tray) does the hijacking focus problem occur.
  44. 1 point
    Ran Hooper

    EFS 7.0.12014.0 - MSSQL ERROR

    What's the workaround on this? It's causing client software crashes in one of our environments. Uninstalling ESET off of the server got rid of the above mentioned error and the frequent disconnects. Can we whitelist this process somehow?
  45. 1 point
    Hi Please send to me :]
  46. 1 point
    MichalJ

    Future changes to ESET Endpoint programs

    @Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable of tracking screenshots / photos of the users, might violate a lot of corporate laws / regulations. If Anti-theft is introduced into the business versions, it will have to behave differently. If I can ask you a question, what kind of a problem you would like to solve with it? Would it be intended for device recovery, or more a data removal / prevention of misuse ?
  47. 1 point
    We will take this into consideration, but still, due to the relatively low install base of Linux (outside of the VM appliance) it will still remain with a low priority, compared to other things we want to achieve.
  48. 1 point
    @fchelp Default trigger expiration is set for "one month" , not one day. I have attempted to create a new trigger now, and it sets expiration day for 19th February 2018.
  49. 1 point
    Nvidia in their "infinite security wisdom" created two .bat scripts they dumped in C:\Windows directory. Their startup service can run these .bat scripts if errors are encountered in their software as recovery procedures. So basically, you have to allow svchost.exe to run cmd.exe. Not the most secure thing to do if malware creates a malicious service. Hence my recommendation that file wildcard support is needed. There is also the issue of why the HIPS hasn't been updated to reflect Win 10's current ability to uniquely identify an individual svchost.exe service by process id.
×
×
  • Create New...