Jump to content


Popular Content

Showing content with the most kudos since 08/31/2017 in all areas

  1. 4 points

    Eset 13 Version

    Thanks for the heads-up peteyt, the user was banned.
  2. 3 points

    Eset 13 Version

    @MarcosCan someone please ban this user. Reported another of his posts the other week. Noticed something strange as one of his post seemed to be exactly the same post I made. User is basically copying someones post and reposting and then editing at a later date to add a spam link. Possibly hopes users will not notice because the link is not originaly included but have been keeping an eye out
  3. 3 points

    Clients not showing in ESMC

    I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case. In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged. In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.
  4. 3 points

    AV-TEST and ESET

    I use the daily "seat of my pants" results. I know what works for me. No A/V program is 100%...that's why they get updated and evolve. In my opinion, these A-V test results (no matter who publishes them) only provide the trolls with food (in addition to being (for me) worthless data). We all know (or at least should know) that you never feed a troll. Regards, Tom
  5. 3 points
    Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
  6. 3 points
    As introduced here (KB News) and here (KB Alerts), I am unpinning those threads and replacing with this one. We now have RSS/email subscriptions for News, Alerts, and Customer Advisories. Information and instructions to subscribe is available here: Subscribe to ESET Knowledgebase Support News, Alerts and Customer Advisories
  7. 2 points

    ESMC Upgrade

    For those of you in the same situation, I first had to install SP3 for SQL Server 2008 R2 Express because you can't directly upgrade to SQL Server 2017 Express unless you are running SP3. I was running SP2. Once this was done, I upgraded to SQL Server 2017 Express by using the custom install option. I then opened ESMC and went to Help->About. The DB version is now showing Microsoft SQL Server 2017 (RTM) Express Edition (64-bit) 14.0.1000.169. I then went to Help->Upgrade Product and a new client task was created. After a few minutes, I was kicked out of ESMC and I could not log back in. A few minutes later, the login page wouldn't even come up, but after some more time, it finally came up and I was able to log back in. ESMC is now showing it is v7.1717.0 and the Web Console is at v7.1.393.0. The last thing I did was install SQL Server Management Studio (SSMS) on my server so I could manage the DB a little easier. https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-ver15 https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15
  8. 2 points

    Review Of Eset

    I'd say it's very light weight and good detection.
  9. 2 points
    Well surely this is not a direct solution to your problem but don't use uTorrent, use open source, ad free alternative Qbittorrent: https://www.qbittorrent.org/
  10. 2 points

    Multiple licenses for MDC.

    MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.
  11. 2 points

    EIS - I got the update

    Nothing strange about it. The Eset off-line installer web site is always updated somewhat after the release hits the Eset update servers. Also the situation is identical to the current status, the ver. update is offered prior to an official announcement in the forum. More so currently in that it appears all the Eset support personnel at some conference this week.
  12. 2 points

    Virus not detected

    As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected. This is how the detection would have looked like at that time: Log Scanned disks, folders and files: C:\test2\documento.exe C:\test2\documento.exe - Suspicious Object Number of scanned objects: 1 Number of detections: 1 And here is how ESET reacted with 2-month old modules: The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script... Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550; And the malicious process was terminated: AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.
  13. 2 points
    Swamp Yankee

    Notifications have disappeared?

    I had the same problem as you, and I think it got borked during an in program version upgrade. So I'm gonna guess you did an in program version upgrade. I never noticed it until I was reading a post about someones problem with 'Desktop Notifications', and when I looked at my setup trying to find 'Desktop Notifications' it wasn't there, just 'Email notifications' just like yours. Fix-Do a clean install and all was good again.
  14. 2 points
    Yes, you are right. ESET is always around the 98% mark. A test before this one they scored 98.4% which was lower than every other (Except Total Defense). So, everyone else doing better. I'm pretty sure too that it's not related to PUA. Eset is pretty good at detecting those. The report of the February-May 2019 test was more detailed. It showed Eset failed to detect 12 threats out of 752 but didn't mention what type of threats those were: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/ Also, check the report of the February-May test. They categorized by prevalence of the false positive from Very low, low, medium and high and most of the WD false positives were on the group of very low and low. So, rarely an average user would face false positive issue. Maybe most of those detected false positive samples were blocked by SmartScreen. SmartScreen is mostly reputation based so it's a possibility.
  15. 2 points

    update from 12.2.23 to 12.2.29

    The problem with periodic scan seems to be caused by timing; v12.2.29 was waiting for a response from WSC and since it takes time for the Security Center service to start (looks like a bug in Win), the system didn't know about ESET and WD was started. When we eventually received a response from WSC and registered, WD reset its settings, including periodic scanning. We've made a change so that we won't wait for WSC to respond and will register immediately. We'll also implement an alternate way how to remove obsolete providers from WSC since the functionality is not supported by Windows as of RS6. A newer version with all the above mentioned changes should be available soon.
  16. 2 points

    Version 1.0.0


    Diagnostic.Agent.7.1_91.0_x64.zip This file should be downloaded and used only if instructed so by customer care staff.
  17. 2 points
    Another nice feature for the firewall component that would help a lot with maintaining the firewall rules: Description: Firewall rules cleanup of unnecessary / invalid entries Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.
  18. 2 points
    This will change as of ESMC (ERA v7) in the way that handled threats will be resolved automatically.
  19. 2 points
    I have checked this with the developers, and we are going to change the behavior in V7. If you select "only computers", all of the computers under "DN" will be synced, not only direct parent ones. So it should behave according to your expectations. With regards to the "users", what is the usecase for you? For what do you use the? Do you manually create linking between users & devices, or use the user variables in policies for Endpoint or MDM?
  20. 1 point

    HIPS problem

    Join the club. I and many others have been asking for file wildcard capability for years.
  21. 1 point
    The way I see it is that something is broken in the user login. Before the first login the users table has Administrator with native=1, auto_logout_time_in_minutes=10, password_expiration_interval_in_days=1500. After resetting the password these parameters become 0. Also note that the error message seems to be related to a "Native User" (system? service account?) Glad I'm not the only one with this problem.
  22. 1 point
  23. 1 point
    The issue is under investigation.
  24. 1 point

    I don't got the new update 13.0.22 yet

    Yes, installers are multi-language.
  25. 1 point
    @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510
  26. 1 point

    Notifications, Warning and the Truth

    Servus Marcos, Yes indeed, a server restart was enough. The warning at least about HIPS is gone... Thx & Bye Tom
  27. 1 point
    ESET shouldn't. Let's try it out, you can activate a fully functional 30-day license after installation. However, I'd recommend installing ESET Internet Security which also contains the network attack protection module that protects your machine on network level from malware that exploits vulnerabilities in network protocols to proliferate further over network. If necessary, create a new topic since this one is intended only for posting suggestions for future versions.
  28. 1 point

    ekrn.exe launches firefox

    Hello, this could be caused by importing our certificate for scanning the SSL communication. Even if it is not your default browser, we do that for all supported browsers installed on the machine. We do call the firefox.exe process during the certificate import, that's why it could be seen for a split second.
  29. 1 point

    Need Info for Decision - Seek What's Right

    Purchase a new license from the Eset web site or an authorized Eset retailer. Places like Amazon, eBay, etc.. are not authorized Eset retailers. If you have made customized changes within the Eset GUI, export those. Uninstall your existing Eset version. Reboot if not specifically requested to do so after uninstall. Install the Eset version you just purchased and activate it with the provided license key. If Eset previous settings were exported, import those into the newly installed Eset verion. Neither MBAM or SuperAntiSpyware are needed. If MBAM is installed, its real-time protection should be disabled since it can conflict with Eset's like real-time protection.
  30. 1 point

    EIS firewall question

    That particular rule is checked in my installation. Seeing as it's a built in rule, I'd expect it to be checked by default. Edit: I just reset all rules to default and that rule is definitely checked.
  31. 1 point

    Firewall suggestions

    Not sure if that was an error ha but thought id add that i never made that comment in regards to windows firewall. As i mentioned and have mentioned previously as shown by the image bellow by default you cannot see the app name because "allow communication for" is shown even though there is an action area. Also as seen bellow previous versions had icons to help see rules As you said this seems to have happened when they changed to the metro design. Wonder if there was a way to show the app names with icons with the metro style design
  32. 1 point

    Notifications have disappeared?

    Note that email notifications is a sub-section of Notifications:
  33. 1 point

    ESET and piracy

    In fact, we do not aim that combating piracy in general. That's not what an antivirus or security software is supposed to do in the first place. If administrators want to prevent illegal stuff from being used in their networks, they can use application control for instance to control what application users can run.
  34. 1 point

    Since updating to

    EIS connects to our servers in order to fetch the category for a particular domain.
  35. 1 point
    Marcos bug...

    We are aware of it; it was actually an issue that we tried to work around in v12.2.29 but it caused other issues resulting from WSC not responding in a timely manner. Most likely it will be reported to and discussed with Microsoft's developers since the process of registration to WSC is handled by Windows itself and it's beyond any 3rd party sw vendor. There should be a newer version available soon that will have the workaround reverted which may affect timing and the notification may go away.
  36. 1 point

    update from 12.2.23 to 12.2.29

    The Windows Security Center service cannot load instances of AntiVirusProduct from the data store id = 19 The Windows Security Center service cannot load instances of FirewallProduct from the data store. id = 18 This is a result of using a new certificate as of v12.2.29 and the fact that Windows stopped supporting deletion of records through WMI as of RS6. RS5 and older didn't use the registry keys for providers. The messages above have absolutely no effect on usability or stability of ESET or the OS itself. The only "annoyance" is that they are generated in the system event log. Re. changes in v12.2.29, nothing but the certificate used to sign ESET's files have changed in the process of registration to WSC.
  37. 1 point
    Microsoft added Tamper Protection in Win 10 1903. Oddly, it has to be manually enabled. I keep looking for a published bypass if it, but so far so good for Microsoft. It also appears to "have held its own" against the latest and greatest version of Trickbot which tried its darnedest to disable it: https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/ Such can not be said for MalwareBytes or Sophos.
  38. 1 point

    Introduce yourself

    Are you looking for protection for Windows or Linux? For Windows we have ESET Internet Security and ESET Smart Security Premium (which is basically EIS with disk encryption and password manager added). Both will protect you at various layers in the system as described at https://www.eset.com/int/about/technology/. You can download EIS from https://www.eset.com/int/home/internet-security/download/. For Linux we have ESET NOD32 Antivirus for Linux desktop. It can be downloaded from https://www.eset.com/int/home/antivirus-linux/.
  39. 1 point
    Hello @MichalJ just make an AD synchronization and get the computers from there.
  40. 1 point
    Hi Please send to me :]
  41. 1 point
    Hello @kingoftheworld, that was quick :-), thank you for your interest, I will send you further instructions via a private message. Currently we have the new generation of protection for the file servers, more server roles should come later followed by the endpoint product. When it comes to ERA/ESMC we advise the participants to have a separate instance of it as i requires a BETA version of Configuration support module, which hasn't been fully tested yet with all the other products so we do not recommend to use it in a production environment. Regards, P.R.
  42. 1 point
    Hello @pps, I would say the catch is in the fact that you are using customized message to be shown to the user ("Blocked webpage message"), which replaces the original wording including the categorization hint. On the other side, resetting the setting should instantly start showing the original wording, which seems not to work for you, so can you please double-check for me, if the blocking rule is category-based and not (overruled by) URL-based type? Maybe a screenshot from the "Edit rule" dialog? Thanks.
  43. 1 point
    Hi team! Description: Save reports to a shared folder / network directory. Detail: Currently, it's just possible to save reports in ERA 6 to the default Windows/ Linux path. This is a bit difficulty to get results faster. Thank you.
  44. 1 point
    Agreed. I even thought about the programming logistics of that when I posted it, but as the forum is about suggestions, I thought what the heck, let's put it in, as it is a nice idea (IMO) Andy
  45. 1 point
    Personally, I think this would allow us to sell a lot more ESET. Going a bit further, I wonder if it is possible to get the expiration date of the installed product? Then a month or two before the competing product is due for renewal, we as MSP's can go in and quote for the renewal. Andy
  46. 1 point
    Description: Set default trigger to expire in a day Details: Currently when creating a new trigger the default is to expire the same time the trigger is created, so basically the trigger will never run unless manually changed, please change this to either force us to put in an expiration time, or change the default expiration to at-least a day later. Thanks
  47. 1 point
    I explained this once to you. Eset has internal default rules and those rules take precedence to any user created rules. Also if an alert response is not received within a short period of time, Eset will auto allow the action. This comes into play for example with any ask rule that might be triggered during the boot process. Those will be allowed by the time the PC initializes, the desktop appears, and finally the Eset GUI is started.
  48. 1 point

    Forum Feedback

    Would be great to have the option of two-factor authentication for the ESET Forum.
  49. 1 point
    I'm just guessing, it's probably because the public beta has not been released.
  50. 1 point

    Future changes to ESET Endpoint programs

    Exactly. Though I view wake-up call more like wake-on-lan, requiring network broadcast, which is not a good practice across multiple subnets. I'm looking for a simple 'send policy' that doesn't require network broadcast. Even if it's a basic command I can run from the client (remotely).
  • Create New...