Jump to content

Leaderboard

Popular Content

Showing content with the most kudos since 08/31/2017 in all areas

  1. Marcos

    DotNet MSIL / Injector.VGR

    We've nailed it down. A legit tool was backdoored and loads a malicious dll with zero detection at VT which loads the following encrypted payload: I expect the detection to be available momentarily via streamed/pico updates. Also please confirm that you have enabled the LiveGrid Feedback system for maximum protection.
    5 points
  2. Greetings! Listed as fixed in 7.3 "An on-demand scan launched from the ESMC console could shut down the computer even if this post-scan action was not selected" is exactly what started happening after I've upgraded Endpoint clients to 7.3. Never happened before. The process C:\Program Files\ESET\ESET Security\ekrn.exe (WKST-VRN-BKP01) has initiated the power off of computer WKST-VRN-BKP01 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Other (Planned) Reason Code: 0x80000000 Shutdown Type: power off Comment: Computer scan completed That comes from scheduled scan policy (daily on-demand scan with post-scan action set to "no action"). All upgraded endpoint clients have been shutdown after this scan. Fix it please!
    5 points
  3. https://www.eset.com/sk/o-nas/press-centrum/eset-tlacove-spravy/nadacia-eset-podporila-vyvoj-slovenskeho-testu-na-koronavirus-a-financuje-prvych-100-000-kusov/ Machine translation: Scientists from Slovak companies MultiplexDX, Lambda Life and ProScience Tech have joined forces with virologists from the Biomedical Center of the Slovak Academy of Sciences (BMC SAV) to build a reagent kit according to the World Health Organization (WHO) protocol for reliable detection of SARS-CoV-2. In the first phase they plan to produce and make available 100,000 PCR tests. The ESET Foundation supported the development of the test and finances the first 100,000 pieces to be offered as a gift to the Slovak Republic. Key components have been developed and manufactured by MultiplexDX, a company dedicated to developing and manufacturing innovative reagents for various molecular diagnostic methods. The Slovak PCR test is currently being validated in cooperation with a team of scientists from the BMC SAS. Preliminary results show not only the functionality but also the good sensitivity of the new test, comparable to the currently used diagnostics. “This means that our test is reliable and accurate and can help diagnose early-stage patients. We can produce key components for 100,000 PCR tests in two weeks, ”explains Pavol Čekan, founder of MultiplexDX. “In the process of validation and subsequent registration of the resulting report we cooperate with the non-profit organization CCCT SK. It will be estimated to take about three weeks, ”said Adam Andráško of ProScience Tech. "Virus detection consists of sample collection, RNA isolation and PCR diagnostics itself, with our joint efforts focused on the last step," said Ivan Juráš of Lambda Life. “I believe that the efforts of our scientists will be crowned with success, and we will have enough PCR tests from our own resources as important as coronavirus detection. This will help Slovakia not only in continuous testing, but we will also create a reserve in case there is a shortage of tests in the world, ”notes Robert Mistrík from the permanent crisis staff. The ESET Foundation supported the development of the test and provided funding for the first 100,000 units from the COVID-19 Effective Diagnosis and Prevention Fund. These tests will be offered as a gift to Slovak state institutions. “When creating the Fund, it was important for us to ensure effective mass-scale diagnostics, which can only be achieved through science. Even in such a critical situation, the importance of supporting science in Slovakia, which we have been dedicated to for a long time, thus proves important, ”says Richard Marko, CEO of ESET. Production capacities will primarily be available to diagnostic laboratories in Slovakia after the first 100,000 tests have been used. “We are ready to cooperate with state laboratories, flexibly respond to their needs and supply them efficiently. After meeting the needs of Slovak Laboratories, we can direct our capacities to other countries that would need our products, ”explains the authors of the test.
    5 points
  4. Hello, As 2019 comes to a close, and just before computers are turned off so that we can spend time with friends and family, I would like to take a moment to wish each and every one of you best wishes for the holiday season, and the forthcoming New Year as well. This past year has been equally exciting, challenging and sometimes even terrifying in terms of computer security, and we know that you have many choices when it comes to whom you choose to protect your computers. We are grateful that you have chosen to place your trust in ESET, and we will do our utmost to ensure that we continue to earn that trust into 2020 and beyond. On a personal note, 2019 marks my thirtieth year in the field. In 1989, I began my career by driving to John McAfee's house and answering the single phone line in-between taking classes at college. Back then, there were perhaps a couple of dozen computer viruses for PCs running DOS, and about the same for Macs (running the classic Mac OS). In the intervening three decades, we have seen the rise (and fall) of several computing platforms and entire ecosystems. We've gone from the dream of having a computer in every home to having one in every room (and sometimes more than one). Classic computer viruses (i.e., recursively self-replicating code that creates a possibly evolved copy of itself) have become almost extinct as a standalone threat, replaced by an alphabestiary of malicious software, some of which do incorporate viral-like techniques. The one thing I can say, though, is that I never thought the problem of malicious code would get as bad as it has become today. The flip side of this, though, is that I am constantly amazed at how good companies like ESET have gotten at combating those threats. To be a part of ESET and see how the company does things at scale has definitely been a highlight of my career so far, and I hope to continue helping protect your computers for many years to come. Wishing you all the best, Aryeh Goretsky
    5 points
  5. The ESET Knowledgebase YouTube Channel celebrates its 10-year anniversary today! https://www.youtube.com/user/ESETKnowledgebase/community Check out the infographic for our lifetime YouTube statistics for the channel. The ESET Knowledgebase channel includes step-by-step video tutorials demonstrating the key processes and features of our ESET products, from ESET NOD32 Antivirus and ESET Internet Security to business products like ESET Security Management Center. In addition, our channel is yet another way for our customers to reach us with feedback and questions. We make every effort to respond to support-related comments and yes, we do take video suggestions!
    5 points
  6. Marcos

    ransomware attack

    ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker. Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.
    5 points
  7. False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!
    5 points
  8. Marcos

    Detections Actions Error

    The issue is caused by an older version of the Translation support module. On Monday we should start with upgrade, however, it will require a restart of the ESET PROTECT Cloud instance.
    4 points
  9. Marcos

    Website is clean now

    This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected. Having said that, we'll draw this topic to a close.
    4 points
  10. the world is rocked by the horrifying news of how despotic authoritarian governments and their agencies have used the spyware pegasus made by NSO from israel to intrude the phones & privacy of journalists/opposition leaders/judges/activists etc. from all accounts, it is now becoming clear that the two primary operating systems on phones, android & ios by google & apple have intentional backdoors disguised as security bugs to allow the security agencies to snoop into any smart phone worldwide. my question is, as a responsible antivirus vendor, will eset ever be able to protect the users from such illegal intrusions ? is it ever possible, considering that the OS itself has been laid bare to such intrusions by incorporating "security bugs". phones, especially the smart phones are are no longer secure, but the stunning silence of all AV vendors is even more cause for concern.
    4 points
  11. Hello, this option is already available in ESET Cloud Administrator console. Currently, as agents are updated via "Components upgrade task", which does not differentiate between agents, and other components of the ESMC infrastructure (server / webconsole) this option was disabled. However, in Cloud the server is fully hosted / maintained by ESET, so "one click agent updates" are possible. Please note, that for the future releases we work on "automatic agent upgrades", meaning agents would automatically upgrade themselves to the version compatible / matching with the server.
    4 points
  12. It's been a slow forum posting weekend and it appears this thread has run its course. We have all had the opportunity to "rant and rave" about Eset Home version protection features we all wished we had and in reality, probably never will have. So it is time to expose this Python POC for what it is - fake ransonware. Err ..... what, you say? The POC encrypted files. Well so does a lot of legit encryption and other apps including user created ones. So lets get into this. A few years back, the NextGen security software vendors were trying "to get traction" against the established AV vendors with their supposed superior behavior detection methods. Corresponding to this was the appearance a proliferation of ransomware "simulators" where one was encouraged to test their existing AV solution with. The most infamous of these was RanSim produced by KnowBe4: https://www.knowbe4.com/ransomware-simulator . I wrote a thread about the methodology used by this product and similar ones here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ . Eset subsequently commented upon Ransim tactics in their own publish article on Eset ransomware protection: https://cdn1.esetstatic.com/ESET/INT/Docs/Others/eset-vs-crypto-ransomware.PDF So let's get into some details on the POC. First, note this from the POC's author posting about it at malwaretips.com: Next is why no vendor on Virus Total detected the POC initially and I believe presently. That one is pretty straightforward. The ransomware portion of the POC never ran. The POC pauses program execution waiting for user input to continue. VT's automated sandbox analysis timed out waiting for input it does not respond to. In summary, I am not 100% ruling out that techniques used in the POC could bypass existing Eset ransomware detection methods. However, a POC must be developed deploying real world ransomware deployment and execution methods with the most important being the program runs uninterrupted and encryption activities performed against all existing files in C:\Users\xxxx\Documents\*, etc. directories.
    4 points
  13. There are many reasons for that, not just one. One of the things we do is that the resource-intensive code emulation is done once and the result is cached for future use so advanced heuristics doesn't have to emulate files each time they are accesses and scanned. Then there are other safe caching mechanisms to ensure that files are re-scanned only when needed (e.g. after module updates), trusted / whitelisted files are scanned less frequently, etc. which also positively affects performance.
    4 points
  14. Marcos

    ESET Memories

    Cherishing memories
    4 points
  15. There will be a fix for the issue in both Endpoint and ESET NOD32 for Linux desktop according to the latest news.
    4 points
  16. T3chGuy007

    ESMC Upgrade

    For those of you in the same situation, I first had to install SP3 for SQL Server 2008 R2 Express because you can't directly upgrade to SQL Server 2017 Express unless you are running SP3. I was running SP2. Once this was done, I upgraded to SQL Server 2017 Express by using the custom install option. I then opened ESMC and went to Help->About. The DB version is now showing Microsoft SQL Server 2017 (RTM) Express Edition (64-bit) 14.0.1000.169. I then went to Help->Upgrade Product and a new client task was created. After a few minutes, I was kicked out of ESMC and I could not log back in. A few minutes later, the login page wouldn't even come up, but after some more time, it finally came up and I was able to log back in. ESMC is now showing it is v7.1717.0 and the Web Console is at v7.1.393.0. The last thing I did was install SQL Server Management Studio (SSMS) on my server so I could manage the DB a little easier. https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-ver15 https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15
    4 points
  17. peteyt

    Ransomware

    I'm new to this topic but just wanted to ask something and unsure if its been asked. Firstly - I have no issue with Eset - I know nothing can ever be 100 percent. However in regards to ransomware would there not be a way to detect something is encrypting files which in turn could force an alert from Eset. I'm not talking about new unknown viruses, zero day etc but the act of encrypting itself. Basically could Eset not set it by default to alert users if it detects file encrypting and possibly even be set to pause the encryption until a user tells Eset to either allow or remove. Surely with that approach it wouldn't matter if it was a new virus unseen that eset didn't know as it would still see the encrypting part. Or are these viruses able to hide that they are encrypting things until it is too late? I don't have a lot of knowledge on these things so sorry if it is a lot more complex than that.
    4 points
  18. itman

    Ransomware

    One final comment in regards to Live Grid's performance in this incident. Refer back in this thread to the posted Live Grid screen shot showing ransom.exe running. Note the red color. What does that mean? Per Eset online v12 help: Hum ........ It certainly appears Eset's front-end heuristic scanning did its job. So why can't Eset offer an option to be alerted to "risky" processes pre-execution? It most certainly appears to be the correct and logical action to take. For me, I can only conclude the following: 1. Eset has such little faith in Live Grid's reputational analysis that it doesn't trust it for user alert purposes. In this case, get rid of the feature and just perform any submission activities in the background. 2. Eset's avoidance of a false positive detection has reached the level that it is jeopardizing overall system security.
    4 points
  19. Marcos

    ransomware attack

    This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.
    4 points
  20. Marcos

    Ransomware SDEN

    Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed. The OP was informed and improvements in protection were suggested.
    4 points
  21. Received your get well greetings today and believe me they were most appreciated. For you who do not know it, I recently spent 5 weeks in the hospital. Diagnosis was heart failure. I know I am improving but It's going fairly slow. In order to celebrate my improvement I installed Smart Security on a Windows 10 computer. Seems fine.Thanks again fellows.
    4 points
  22. Welcome to the ESET Security Forum! ESET is pleased to provide you with this resource in order to make it easy for you to ask questions and receive answers about ESET's products and services. Understand that the ESET Security Forum is a private community for existing customers of ESET, prospective customers who are interested in ESET's software, ESET employees and business partners. Because of this focus, it is not like a general public forum, where conversations take place on a variety of non-ESET and non-security related topics. With that in mind, we have the following rules in place: When registering for an account on the forum, please fill out the information accurately and correctly. Do not enter the Username and Password for your licensed ESET software, but instead choose a username (in Latin) unique to this forum. You should also choose a suitably complex password unique to this forum as well. Do not create multiple accounts. If a person is found creating multiple accounts, ESET reserves the right to take whatever actions it deems necessary, including banning, blocking, deleting and/or merging them. The exception to this rule is ESET staff, who may create multiple accounts for testing purposes. No impersonating other forum users, ESET employees or other people. Use appropriate language in the forum. No vulgar, obscene or rude language will be tolerated. No vulgar, obscene or otherwise offensive images or video will be tolerated. ESET staff have the right to move, edit or modify messages that you post. This may be done for clarity, to move a message to more appropriate forum where it will receive more attention, or for other reasons outlined in these rules. All decisions by ESET staff are final, and not open to discussion. This list may be updated at any time. Please periodically visit this page to review any updates. Do not post direct links to any executable files, malicious/suspicious software or web sites in public messages, even if you think the software or site is clean and incorrectly detected by ESET. Break up the URL by inserting spaces into it, or replacing the protocol handler with an obfuscated one, like . Do not attach malicious or suspicious files to messages, even if you think they are clean. Write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post any personally identifiable information (PII) about yourself, such as an email or mailing address or phone number, in a public message. Do not post the username and password or license key for your ESET software in a public message. Do not post links to software cracking tools, license key generators, pirated copies of software or other illicit software in the forum. If you wish to report a site, write a public message, and then use the "report this message" option to send a private message to ESET staff with a link. Do not post private correspondence (private messages, email, etc.) publicly within the forum. Do not post "A vs. B" or "Which product is best?" type messages in the forum. Do not post overtly commercial messages in the forum (this includes in your signature). Do not pre-announce releases. Due to differences in scheduling, it may sometimes take several hours after a release has appeared on ESET's web site for the release announcement to appear here in the forum. Do not abuse the forum's rich text controls. Messages and signatures with inappropriate font selection, including size, color and, for signatures, length, may be edited by forum staff to conform to standards of decency. Do not ask other users for logs, especially if they may contain sensitive or other personally identifiable information. Posts made on behalf of a 3rd party company may only be made from accounts registered with an email address from the company's domain (verifiable by ESET staff). Do not use the "Report post" function for other purposes than reporting inappropriate content requiring moderators' attention. Do not report possibly incorrect detections or blocks (false positives) in the forum unless they may affect a lot of users. If you think that your application or website is detected or blocked incorrectly, please report it to ESET as per the instructions at https://support.eset.com/kb141. Please keep in mind that this forum is not a channel for disputing detections or url blocks. Be civil, do not post sarcastic, offensive or mocking comments towards any person or entity. Do not post messages that are off-topic, keep the discussion to the point and do not lead it astray. To discuss a different, unrelated issue or question, always create a new topic. If you have any questions or comments, please contact one of ESET's moderators. Last Revised: 5 March 2019.
    4 points
  23. Hi, the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately. Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update. Regards, Matej
    3 points
  24. Hello @Kostadin_k, EFDE for mac utilizes FileVault because there is no other way to FDE macOS. Apple prevents its system to use FDE from 3rd party vendors. EFDE for win is a different story. Microsoft allows for vendor´s proprietary encryption and we have this covered. So we are pretty much covered on both macOS and Windows. But yes, adding Bitlocker management to ESET Protect (Cloud) is an option, but even if we go this direction in the future, it will not work as seamlessly as you described. Taking over management of an already encrypted machine is more than complicated because of recovery password that belongs to a particular encrypted system. Migration of these recovery passwords from Active Directory (where Bitlocker stores them) to our console followed by a seamless "takeover" of the machines by the console is very complicated (if even possible). At this moment, adding management of Bitlocker to our EFDE/EP(C) solution is not on our roadmap. Ervin Rendek PM for Encryption solutions
    3 points
  25. When we update our ESET Agents we find that we need to have all our machines reboot. With the reboot option in the management console the machines just reboot with no warning. Any open work is lost and the user is confused, thus generating a call to the help desk. Would it be possible to have a reboot notification when pushing a reboot on a machine. ESET is finishing an update and will reboot in 30min. Reboot later or reboot now. I reached out to support and was told to post this request here.
    3 points
  26. Problem fixed. Windows server updates had reactivated a couple of services which had nabbed port 80. Simply disabling them negated the issue. I'm now planning on moving the EEE server onto a different port to resolve the issue permanently during the downtime over the weekend.
    3 points
  27. Avast blog article here: https://blog.avast.com/cybercapture-protection-against-zero-second-attacks . Detail on configuration options here: https://support.avast.com/en-us/article/54/ Of note is this feature exists even in Avast free version. Time Eset "get with the program" and offer same like capability for their home use products.
    3 points
  28. The fact is Eset has all the internal mechanisms in place to accomplish this. All they have to do is block the process until LiveGrid black list determination processing has completed. As to the false positive element, I say "to hell with that." Most home users would not be significantly impacted by such process blocking. This could be also further refined by adding Trusted Publisher, signing, etc. criteria to Eset Reputation scanner. Failure on reputation coupled with suspected malicious activity should be enough to block until LiveGrid initial scanning is completed.
    3 points
  29. It had been discussed again and again. but I still want to say: with endpoint 8.0, Please give up stupid MySQL and use MariaDB. check current system requirement it is really funny: MySQL ODBC driver versions 5.3.11 and later, 8.0.0 – 8.0.15 and 8.0.18 and later are not supported.
    3 points
  30. Yes, v14 is going to be released later this year. It will be announced here as well as via other marketing channels.
    3 points
  31. It's been more than 5 years I've use ESET software on my computer and ESET is the best for me. here are some reasons I still use this Boy: Inexpensive Easy-to-use interface Good malware protection Secure browser for online payments Fast scans Lots of useful extra features Small system-performance impact File encryption, hardened browser extension, webcam protection What else do you need for your security? for me having a VPN access is the one but it's not a big problem. I very much appreciate your support ESET.
    3 points
  32. It appears that a number of Eset users employ license "crackers." It also appears that a number of Eset forum participants feel that the most widely used , the KMS software family of crackers, are safe. As noted in this recent analysis of KMS based software by AVLabs in Poland, they are definitely not safe to use. KMSAuto and KMSpico are the most commonly installed hacktool on computers in Poland https://translate.google.com/translate?hl=en&sl=pl&u=https://avlab.pl/&prev=search&pto=aue Note: This article was posted in the Polish language. Hence the use of Google's Translator.
    3 points
  33. I think this is resolved in just-released ESMC 7.2 where it look like this:
    3 points
  34. The PUA detection is correct. It's optional. For more information what PUA are, please read https://support.eset.com/en/kb2629-what-is-a-potentially-unwanted-application-or-potentially-unwanted-content. If you think that benefits of using a particular PUA outweigh possible risks, you can exclude the PUA from detection.
    3 points
  35. Nightowl

    ESET Memories

    Just some photos I found on the internet that can bring some good moments and make your white hair shine brighter. Hmmm , I used to love that GUI ! , so simple and basic but powerful.
    3 points
  36. Update (Feb 10, 16:30 CET): 1, A fix tool that will replace ekrn.exe with a fixed version will be ready within today (Feb 10). The tool will need to be run on machines with affected ESET Security products that are malfunctioning. No restart should be needed to get the product work. The tool should work for affected Endpoint v5 as well as v6.5 products also on Windows XP and Windows Server 2003. 2, If you have an affected version of the product and it still works alright, do not restart the computer yet. Tomorrow (Feb 11) we'll be releasing Antivirus and antispyware module which will patch ekrn to fix the issue. 3, We should have 6.5 installers with a fixed ekrn.exe ready by tomorrow and will replace them in the repository too. 4, After remedying the issue, please consider upgrading to the latest Endpoint v7.2 wherever possible. While Endpoint v5 and 6.5 products will work until they reach EOL, we strongly encourage you to use the latest version which not only addresses bugs and issues from older versions but also brings substantially better protection against current threats.
    3 points
  37. Hi, I just published a brief guide to ESMC implementation in Proxmox : ESET Security Management Center 7 deployment in Proxmox VE I hope it is useful. Regards
    3 points
  38. As I wrote, there will be a hotfix of ESET NOD32 for Linux desktop that will address the issue.
    3 points
  39. Not too long ago we were here, in another thread, discussing about the previous test from this very same guy who gave ESET appalling scores with a major war of words ongoing on this place for weeks. That was when i joined the ESET family and this forum. Because while everyone was fighting based on the opinions of this guy, what i did was to download ESET, then set it up with maximum settings, including the HIPS rules which i added manually from an ESET guide and, that is my understanding, later on were added by ESET as standard in their product. The result was me leaving another product after over 15 years of non stop usage (they removed the spam protection to an extent) and buying a 3 years subscription for ESET with a special offer in my country of residence. I never had issues with the previous product. I had never issues with the current one, with only minor complaints related to small details. It might be to soon to be too positive. I don't know. However the bottom line is: Try things by yourself. Reviews are entertaining, they can be a rough guide to what you are looking for. But there is no substitute for your experience. ESET is working fine for me. I only consider their notifications an utter pain in the neck. I had to mute them. And some of their threats are not explained in the proper way. I am happy that i can change whatever i want and that i can set rules by myself if needed. It surely is not a suite for the lazy. But it is a good product, if one takes some time to learn how to use it and is not scared of asking questions. The support in the forum is overall good as well. The previous product had an appalling support. And did try many other products together with ESET. I threw all of them away. Some slowed down my PC, others had too much bloatware in them, some were oversimplified and didn't allow me to have a good control (no notifications at all in those...as opposed to ESET, with worse nightmares as you don't know what's going on underneath). Try things yourself! We'll be here in a few months with this guy giving ESET a lower score and more arguments arising, most probably.
    3 points
  40. Description: Color code failing tasks Detail: The server used to color code the tasks that are failing. I'm running the latest ESMC, and now, that doesn't happen, and I have a hard time figuring out which tasks are failing. Is there a way to color code it again, or where can I see it? All I get is a generic email saying: "At least one client task has invalid configuration and therefore will fail."
    3 points
  41. MartinK

    Clients not showing in ESMC

    I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case. In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged. In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.
    3 points
  42. wraith

    Ransomware

    In general ESET is usually one of the first to come with signatures. So 3 days seems pretty old to me. Many other vendors already have a signature for it. Btw did the researchers/analysts find anything about this sample?
    3 points
  43. wraith

    Ransomware

    Absolutely not. I'm taking about this ransomware scenario which we're discussing. This is an exe file. ESET doesn't have a signature and so it's not detected by the real time scanner. When I executed the file it spawned a process that began encrypting files. My point is that when the process started encrypting the files why didn't the anti ransomware module kick in and alert me that if I want to continue the operation or block it. This is the simple question for which I'm trying to get a reliable response nothing more.
    3 points
  44. TomFace

    AV-TEST and ESET

    I use the daily "seat of my pants" results. I know what works for me. No A/V program is 100%...that's why they get updated and evolve. In my opinion, these A-V test results (no matter who publishes them) only provide the trolls with food (in addition to being (for me) worthless data). We all know (or at least should know) that you never feed a troll. Regards, Tom
    3 points
  45. Marcos

    ransomware attack

    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that: - the detection for the ransomware was added at least 2 months before the incident - password protection of ESET's settings was not enabled - detection of potentially unsafe applications was disabled We also found out that: 1, A brute-force RDP attack was performed: - Administrator had 22 377 failed login attempts - ADMINISTRATOR had 5 438 failed login attempts - ADMINISTRADOR had 1 102 failed login attempts - ADMIN had 710 failed login attempts 2, There was a suspicious RDP connection from a foreign country 3, A local user GhostUser has been created recently 4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application) 5, Event logs have been recently cleared. This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
    3 points
  46. We've reverted the Cryptographic support module to the previous version while the issue is being investigated and a solution prepared. You should now have version 1028.2 of the module which didn't cause the issue.
    3 points
  47. You have a very complicated program here, lots of features, menus, pull-down menus. As a user seeing the program for the first time (not really), I want to find what I want with minimum effort. For the best layout for the user (not the programmer), I stumble around a lot in trying to find what I am looking for. If I were the lead programmer, I would get a pack of 3X5 cards and lay out a system of logic, with features set up the way I would expect to see it as a User. I had to fish around quite a bit to find, for example, how to schedule a scan. For another example of what's wrong, take a look at Tools and see the three unlikely items under it -- and "More tools," hidden away so I did not see it the first four times looking for what I wanted. When I finally noticed "More tools," I saw the eleven items under. All items should be under "Tools," and I should see such subcategories as Scheduling and logs, Network issues, Cleaning (system; malware); Send to Eset; Reports, and more. A lot of research has gone into how to lay out a program for the user, see https://www.uie.com/ .
    3 points
  48. Release Date: October 23, 2018 ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.0.27.0 have been released and are available to download. Changelog: Added: Referral program Improved: Activation wizard improvements Improved: Security Reports and Unlock Tool Fixed: Minor functional and localization bugs For more information about what's new and improved in this version, see What's new in ESET version 12 home products. Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support
    3 points
  49. As introduced here (KB News) and here (KB Alerts), I am unpinning those threads and replacing with this one. We now have RSS/email subscriptions for News, Alerts, and Customer Advisories. Information and instructions to subscribe is available here: Subscribe to ESET Knowledgebase Support News, Alerts and Customer Advisories
    3 points
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...