Jump to content

Leaderboard


Popular Content

Showing content with the most kudos since 06/12/2019 in all areas

  1. 2 points
    We have pinpointed a memory leak in the memory dumper. A fix is being reviewed and will be released through an automatic module update next week.
  2. 1 point
    A-V C is "very creative" when it comes to finding samples for its Realtime test series. It's not uncommon for it to slip in a few samples that are geographically restricted to one country and/or region within with an "in-the-wild" dispersion of < 10. The odds of encountering one these samples in close to zero.
  3. 1 point
    I assume the reference is to this year's most recent A-V C Realtime test where Eset scored 98.4%; approximately the same as it has previously scored recently in this test series. If one has concerns about Eset, refer to this more comprehensive test series where over 10,000 malware samples are used: https://www.av-comparatives.org/tests/malware-protection-test-march-2019/ . Eset scored 99.86% for malware protection. Again, this is only one AV Lab's test; and test series for that lab. Refer to all the AV lab tests that Eset participates in and you will observe that Eset is a top scorer overall.
  4. 1 point
    It must have taken a bit of digging to find a test from a year ago. Test like this are not worth their weight in salt. So what is your purpose and point in posting this? Regards, Tom
  5. 1 point
    kbrooks

    ESMC says up-to-date with 7.0.577?

    Thank you Marcos. I looked at that page several times and just overlooked that part. Guess I need to read the docs and not just skim them.
  6. 1 point
    Marcos

    ESMC says up-to-date with 7.0.577?

    Please read https://support.eset.com/kb3690/. The ESMC release 7.0.72.2 contains the version 7.0.577.0 of the ESMC Server for Windows and version 7.0.471.0 for Linux.
  7. 1 point
    MacOS Catalyna is to be released in the fall. We officially support only final versions of operating systems, not betas since a lot can be changed under the hood before the new MacOS is released which could break ESET's functionality. At the time of the official release of the new MacOS, we should have a compatible version of ESET CyberSecurity and ESET CyberSecurity Pro at your disposal.
  8. 1 point
    Hello everyone, soo this is pretty recent. For the last couple of days I have been exhausted by the amount of ip's I see that either attempt to port scan me [2-3 ip's have attempted to port scan me in the past, most recent one was a few days ago but have been blocked by eset's firewall] and some ip's that have something to do with Svchost. I don't even know what to do anymore and I have ran out of ideas. My original idea was to ignore everything and let the time talk by itself, but it has come to the point where I constantly keep on checking the connections that were attempted via my internet. I have done everything, from scanning my network to even scanning my pc several times to see if I have any sort of malware inside my pc. Nothing was found. I've searched most of the ip's that pop up as svchost or whatever on abuseipdb and most of them were flagged as malicious. I'm gonna post some screenshots here of such ip's: I don't even know what to do anymore. Thanks in advance for your help.
  9. 1 point
    itman

    Windows 7 vs Windows 10??

    I believe this article sums up the differences nicely: https://wtop.com/tech/2018/06/is-windows-10-safer-than-windows-7/
  10. 1 point
    cybot

    Importing setting to new HDD?

    don't know if your system is used by others, but if it is not, then I would not worry about this issue. the security hole from the article can only be exploited locally, as in sitting at the machine. Unless you are going to be performing DDOS attacks or hacking into your own system, then your safe. If it's your own system, your should already have Admin level access to the OS available to you. the only way for to be vulnerable is if you allow access to your machine to a untrusted remote user using Remote Desktop, Teamviewer or other similar software.
  11. 1 point
    Hello, It's possible CloudFlare incorrectly caches some parts of configuration editor and returns out-of-date data causing this. Please create HAR log @PavelP mentioned it might help us determine whether issue is with CloudFlare or webconsole itself. Ideal would be to have tomcat access log paired with this log to determine which requests made it to server and which did not. Thanks.
  12. 1 point
    Marcos

    Windows 7 vs Windows 10??

    Also don't forget about AMSI and protected services which were not available prior to Windows 8.1. With the help of AMSI script malware can be more efficiently detected. New script malware may be undetected on systems that don't support AMSI.
  13. 1 point
    Hello, We checked multiple browsers to identify which one produces this error (seems like you posted chrome error), However for future reference (and potentional improvement) can you please answer following? browser(s) (in case of IE ideally export security settings for security zone console is in) - you already said you tried multiple, however platform/browser still matters for reproduction. webconsole behind reverse proxy/application firewall ESET (or other) product with TLS filtering enabled installed on computer connecting to console Any "uncommon" setup you can think of This issue can arise in case _some_ https requests on same site (in this case as Pavel said seems like js script) is blocked from download. Which in case of TLS (to my knowledge) requires MITM interception (product/WAF/RP/actual attack) or extremely restrictive browser rules. Thanks, M.
  14. 1 point
    We have identified a problem when upgrading a Windows 10 system with ESET Endpoint Encryption installed to the 1903 feature update. Installing the update can cause the system to crash (blue screen) when booting. We are currently investigating the cause and recommend not upgrading an encrypted system to 1903 until further notice. Systems that have been affected will need to be decrypted using our recovery tool (if full disk encryption was enabled) and then repaired using the Windows recovery console. See this knowledgebase article for more details: https://support.eset.com/kb7309/
  15. 1 point
    You must have an older v6.6 installed (6.6.0.0 – 6.6.2063 are affected) so upgrade to v7 will surely fix it and the notice will go away then.
  16. 1 point
    filips

    Cycled antispam

    Hi yardstudio, Releasing of spam from mail quarantine should work even if you don't report the false positive. The message is resent using replay directory and antispam is not evaluated again. If the email was marked as spam again, it means that it was routed through SMTP agent and tested for spam again - this is not the usual case. Do you have more Exchange servers in your environment? If yes can you describe routing of mail? Information about delivery of the message can be seen in "Received" headers (in the detail dialog) of the message that returned to quarantine. Please post the "Received" headers. BTW, which version of EMSX do you use?
  17. 1 point
    Please provide a Procmon log from a failed update attempt as per https://support.eset.com/kb6308. In particular, start logging with Procmon, run update and after it has failed, stop logging. Then save the log, compress it and provide it to me for perusal.
  18. 1 point
    itman

    Importing setting to new HDD?

    1. Open "Services" and for "NVIDIA Telemetry Container" stop service and set startup type "Disabled" 2. Run AutoRuns and in "Task Scheduler" section disable: + NVIDIA telemetry monitor + NVIDIA crash and telemetry reporter (2 instances) 3. You may also want to remove Telemetry logs: C:\ProgramData\NVIDIA\NvTelemetryContainer.log C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat C:\ProgramData\NVIDIA Corporation\NvTelemetry\nvtelemetry.log C:\Users\user\AppData\Local\NVIDIA Corporation\NvTmMon\NvTmMon.log C:\Users\user\AppData\Local\NVIDIA Corporation\NvTmRep\NvTmRep.log Who needs an additional spy in your own PC?.. Awesome my friend, I forgot about those other bits We need to send a clear message to Nvidia that we will NOT tolerate their spying on us via telemetry, and we will every workaround we can think of in order to defeat it. It's bad enough that windows 10 is virtually one massive spyware collecting agency Rather than do all of the above, you can simply install nVidia drivers as normal. Once installed open an elevated command prompt and run the following: rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetryContainer This will remove all telemetry, logs, services and tasks. I use it all the time now and it's a very clean way of removing nVidia telemetry. https://forums.geforce.com/default/topic/1056140/geforce-drivers/defeating-nvidias-telemetry/post/5830317/#5830317 Personally, I just disable the Nvidia Telemetry service and leave it at that. I haven't seen any outbound Nvidia traffic after that. I also can't vouche the the above rundll32 method since I never used it. As far as blocking GeForce Experience outbound activity, the best way to stop it is never install it or uninstall it. Also according to this article, nothing Nvidia Telemetry or Geforce Experience does is supposedly nefarious: https://www.howtogeek.com/280101/relax-nvidias-telemetry-didnt-just-start-spying-on-you/
  19. 1 point
    Marcos

    EFS 7.0.12014.0 - MSSQL ERROR

    It's not a problem. The only reason why it occurs with v7 is that older version didn't support protected service, a security feature of Windows. In v7 it's possible to disable protected service at the cost of worsening protection, however, it wouldn't be worse than with v6.5 which didn't support it yet. With v7 you get also ransomware shield which can proactively protect the server from encryption by ransomware.
  20. 1 point
    filips

    EFS 7.0.12014.0 - MSSQL ERROR

    Hi, as marcos noted this error is logged when automatic exclusions for Microsoft SQL server are enabled. Automatic exclusions for Microsoft SQL server are using ADO API to read information from "sys.master_files" table to get list of files to exclude from scanning. The ADO API obviously loads a DLL that is not signed. As a workaround, automatic exclusions for Microsoft SQL server can be disabled.
  21. 1 point
    Beech Horn

    EFS 7.0.12014.0 - MSSQL ERROR

    That line looks like the example from: https://docs.microsoft.com/en-us/previous-versions/windows/hardware/code-signing/dn756632(v=vs.85)#user-mode-and-kernel-mode-code-troubleshooting With the signing levels being: 0x0: Unchecked 0x1: Unsigned 0x2: Enterprise 0x3: Custom 1 0x4: Authenticode 0x5: Custom 2 0x6: Store 0x7: Custom 3 / Antimalware 0x8: Microsoft 0x9: Custom 4 0xa: Custom 5 0xb: Dynamic Code Generation 0xc: Windows 0xd: Windows Protected Process Light 0xe: Windows TCB 0xf: Custom 6 It looks like you are requesting all DLLs to be higher than (or more likely equal to) 0x7 (Antimalware) and this DLL is actually 0x1 (Unsigned). THE FOLLOWING IS THEORY AND SHOULD NOT BE CONSIDERED ACCURATE To me, it looks like NOD32 is loading the DLLs into its own service when running as a Protected Service rather than scanning them without loading it into memory in a manner unlike a library (e.g. without running the code or injecting the DLL into the service). On top of this sqlnclir11.rll should be reported as 0x8 instead of 0x1 by Microsoft, which is in itself a problem. If we look at 0x4 (Authenticode) this would also trigger that error but could be legitimate signed code which gets blocked due to the way NOD32 is scanning when running as a Protected Service.
  22. 1 point
    Marcos

    EFS 7.0.12014.0 - MSSQL ERROR

    There is no way to solve it if Microsoft doesn't update the rll file with one with a valid signature except disabling Protected service in the HIPS setup which would enable unsigned dll files to be loaded in ekrn.exe. Of course, that would be a security hole and unnecessary risk so we don't recommend disabling protected service.
  23. 1 point
    @andy_s We will track this as an improvement request, towards the future versions. Issue is, that the "upgrade" itself is handled by Endpoint (in case you execute scan and select option "shutdown after scan"), and Endpoint does not initiate agent wakeup to report scan completion. It simply triggers shutdown, before the result is replicated. Maybe, if you are willing to, can you explain why are you shutting down the machines? Is it to save power over weekends, or? As there might be different way how to achieve that. One that will report "success" would be a run command, with a respective windows shutdown / with delay, as task would report "Success" not in the moment of task execution, but on the moment when it contacted WMI provider with the command the reboot. If system acknowledged, it will report success. Also, out of curiosity, what is your replication interval?
  24. 1 point
    Description: Enable right-click and double-click in ERA Detail: ERA is one of the most easy-to-use management services I have used. However i believe that to make it more ergonomical there should be a functionality that lets users double-click on something. For example, when wanting to generate a report you first have to click on the report, then go down to the "GENERATE NOW" button and click that. I feel like adding the ability to open reports and other things with a simple double-click action would improve accessibility. The right-click I admit is quite an odd suggestion seeing as if you click on a field once it brings up a menu etc, however, again for things like editing reports, you first have to click the report, then click on the little cog icon over to the far right, and then click on edit. Would it not be easier just to be able to right click the report and choose edit? A very pedantic suggestion I know...
×
×
  • Create New...