Jump to content

Leaderboard

Popular Content

Showing content with the most kudos since 07/17/2021 in all areas

  1. Marcos

    Website is clean now

    This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected. Having said that, we'll draw this topic to a close.
    3 points
  2. the world is rocked by the horrifying news of how despotic authoritarian governments and their agencies have used the spyware pegasus made by NSO from israel to intrude the phones & privacy of journalists/opposition leaders/judges/activists etc. from all accounts, it is now becoming clear that the two primary operating systems on phones, android & ios by google & apple have intentional backdoors disguised as security bugs to allow the security agencies to snoop into any smart phone worldwide. my question is, as a responsible antivirus vendor, will eset ever be able to protect the users from such illegal intrusions ? is it ever possible, considering that the OS itself has been laid bare to such intrusions by incorporating "security bugs". phones, especially the smart phones are are no longer secure, but the stunning silence of all AV vendors is even more cause for concern.
    3 points
  3. The free version of ZoneAlarm definitely has been using the Kaspersky engine for a while: https://www.pcmag.com/reviews/check-point-zonealarm-free-antivirus-plus . The paid consumer and enterprise versions use more Kaspersky components: http://svendsen.me/worried-checkpoints-use-kaspersky-products-heres-disable-remove/
    2 points
  4. If the Eset update hang issue was related to this, it would have not resolved itself after a system reboot as I see it.
    2 points
  5. What I find funny is the people behind pegasus keep saying this person and this person etc. weren't being tracked by the software and the next thing they say they don't have access to customer data so can't see who/what their customers are spying on, which contradicts the previous statements
    2 points
  6. As far as I am concerned, Eset should have been flagging creation of .lnk files in Win auto run startup locations eons ago; at least in the consumer product versions. Corps. might be manually creating such references, but I know of no commercial software that does so. See the problem here is Eset for the most part is a "one solution fits all" product. The only recent concession Eset made originally for the consumer versions was its ransomware protection. And recent postings have questioned its effectiveness against 0-day ransomware.
    1 point
  7. Gotta love the Good Deeds Service touch lol.
    1 point
  8. Just to note , Checkpoint uses Kaspersky engine hence why they both detect it.
    1 point
  9. Hello @Marcos and Team, I will want to know how to configure the Micro Program Component Update (MicroPCU) in an environment which is completely closed to the internet with 2 update servers acting as ESET Update Servers On-Prem for load balancing and Bandwidth saving purposes. 1. Do I have to use the {hxxp://IP_Address:2221} method in the Component Update Section 2. Do I have to use the auto-select feature in achieving the required outcome. Note: the environment is completely closed to the internet.
    1 point
  10. Also if anyone is wondering what the code following ws.exe that is posted above is doing, per the stackoverflow article:
    1 point
  11. NewbyUser

    Website is clean now

    Glad you got your site clean, if in fact you did as it is debatable. but, while I am not in way part of Eset, I don't see the PUA classification being removed, you literally advertise being able to hack other people's IG accounts which is actual malware by definition, and illegal in every country I'm aware of it's laws, so you should be happy with just being classified as a PUA. and call it a day. Password stealing trojan seems more appropriate to my view.
    1 point
  12. Scary stuff Revealed: leak uncovers global abuse of cyber-surveillance weapon | Surveillance | The Guardian
    1 point
  13. I will also note that it is common for an app to create a folder in C:\Users\xxxx\AppData\Roaming; e.g. C:\Users\xxxxx\AppData\Roaming\WS\. What is not normal is for an app to drop an executable in this folder. -EDIT- Finally is creation of the above folder plus creation and use of ws.exe within indicative of malware activity? Appears not according to this write up: https://www.freefixer.com/library/file/ws.exe-306704/ . Ws.exe is one of a number of aliases seen for wscript.exe. Clever attack I must admit.
    1 point
  14. One of the oldest malware methods in existance is to run something from C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ directory. When a .lnk file is dropped there, Windows just refers to whatever the shortcut is pointing to and runs it automatically. The process is identically to what happens when you double mouse click on a desktop icon shortcut, but it is run immediately if located in a Windows startup location. I monitor anything created in C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ directory with Eset HIPS rules but creation of same is anything but straight forward. For example, there are hidden .ini OS files in that directory that are updated periodically by Windows. I also use another security product that auto blocks .exe, .lnk, etc. from running from this directory.
    1 point
  15. It's tracked as a bug. Most likely it will be fixed in the next version of Endpoint v8.1.
    1 point
  16. I see them the same as the passwordrevealor guy, designing something to hack, but NSO gets a pass because they do it for "law enforcement and national security"
    1 point
  17. itman

    Website is clean now

    Since this is password cracking software, I found a good article covering subjects such as if its legal to sell and use such software: https://blog.elcomsoft.com/2020/10/everything-you-wanted-to-ask-about-cracking-passwords/ . Of note: Next an excerpt from Password Revelator web site: I do hope that regardless of the Eset classification of access to this web site, it will flag any download from it as a PUA.
    1 point
  18. kurco

    Eset Log SPAM

    Hi andre.s, is it possible to install "en_US.UTF-8" locale on this machine? it should help you get rid of these errors. Kurco
    1 point
  19. https://www.ssldragon.com/blog/what-is-ocsp-stapling-and-how-to-use-it/
    1 point
  20. itman

    Eset blocking vpn

    I went through all the troubleshooting listed here: https://support.hotspotshield.com/hc/en-us/articles/115005293466-Why-can-t-I-connect-to-Hotspot-Shield-VPN-on-Windows- . It does install a TAP network adapter and Eset should be picking up that network adapter . You might want to perform Step 9). in the above linked article and see if Eset alerts on a new network connection afterwards and the alert is for the HotspotShield adapter. If the above doesn't resolve the VPN issue, you might want to open an Eset support ticket with whatever source you purchased Eset from. Of note is Eset is not sold or officially supported in Iran. It may very well be that HotspotShield VPN is incompatiable with Eset.
    1 point
  21. Hi, we're receiving this warning notification intermittently too. 52 endpoints at one site updated to 8.1.2031.0. I've had at least 5 users reach out to me regarding it, probably more that haven't. These endpoints have unrestricted access to the internet. We didn't receive this warning at all prior to the update. Thanks,
    1 point
  22. MichalJ

    Adding Enterprise Inspector

    Hello @j-gray, I will try to help. Our EDR works in a way, that it requires a separate server with a separate console, however the "EDR console" is inteded only for incident investigation. Management / deployment / activation still happens in ESET PROTECT. So given the fact that you have already deployed ESET PROTECT environment, those are the steps needed: Install ESET Enterprise Inspector on a dedicated machine. You will have to connect it to your ESET PROTECT, as it uses single sign on between those two, and ESET PROTECT is the one that is also managing user access rights. On this machine, also install ESET PROTECT Agent (you will need it, for future updates). EEI server needs to be installed manually, you can´t do it from EP Server (not the first time). Once your EEI Server is installed and running, you can proceed with installation of a component called "EEI Agent". Even though it is named "agent" it is a very small binary, that just sends the detection metadata gathered by our Endpoints (Endpoint is the "AGENT" per se) to the EEI Server, where the detection logic resides. You will have to specify the EEI server connection details into the policy for EEI agent, that you can assign to group all (they will connect). Also, you will have to activate EEI Agent (If you have the latest version of ESET PROTECT, there is a context menu option called "deploy EEI Agent", that will do the trick for you). Once you have your environment setup, EEI detections will appear also in ESET PROTECT. From there, you can easily navigate to details of each detection. You can also access the EEI UI directly, if you are interested in just the EDR functionality. Hope that this helps. Michal
    1 point
  23. I can confirm this problem with version 8.1 (we never had this problem before). We had to set exclusions for livegrid on main firewall acording to the FAQ, but almost every day "test" computers reports limited cloud connectivity, even after restart. But flushdns command works almost immediately. We stopped deployment to our computers until we know whats happening (we have 400 computers).
    1 point
  24. itman

    False positive

    Yes indeed it does:
    1 point
  25. NewbyUser

    False positive

    passwordrevelator.net - SiteCheck (sucuri.net) Shows infected here as well.
    1 point
  26. That is the hash value for same file in my Win 10 x(64) 20H1 build.
    1 point
  27. Marcos

    U/P for ESET NOD32 Linux

    Yes but only existing holders of a NOD32 AV for Linux desktop will be eligible to get it. That said, it won't be possible to use an EAV/EIS/ESSP for Windows license for activation.
    1 point
  28. You can upload your version to virustotal for more checking by AV engines to be more sure It seems that this WaasMedic is related to Windows Update.
    1 point
  29. Updated last night to KB5004237. So far the system appears stable. At least the MTBF is > 12 hours. So, whatever the changes are they appear to have largely resolved the rapid bug check issues. If the problems re-occurs I'll re-post, but for now, thankfully, I'll retire into the background.
    1 point
  30. Have no clue what could have caused WaasMedic_Agent.exe to appear on your desktop. However, there have been recent postings in regards to Eset firewall not working properly in Interactive mode. I assume you were in Interactive mode when the Eset firewall alert appeared? I would just delete the desktop entry and post back if this activity occurs for another process you create an Eset firewall rule while in Interactive mode.
    1 point
  31. Protopia

    Event 5038

    AFAIK, the eset files are not corrupted - I believe that the issue here is that ESET has updated them but not updated the security hashes.
    1 point
  32. You can restore the files from quarantine. It was 7z.sfx which was detected incorrectly as as a PUA as a result of refactoring the DealPly PUA detection. The detection was actually temporarily disabled in 23636 buta it seems that pico updates have re-enabled it until 23637 was released.
    1 point
  33. So you knew about this problem (yes, this IS a problem) for several years. And after that you telling your clients - no, this is not a problem. And maybe in the future we fix this problem, that is not a problem. But no fix for several years! FYI: the solution is simple - in firewall rule you can let user choose path to exe if it is a classical programm, or select from list of installed modern apps. There is API to tell which folder belongs to which installed app. That way user can create rule for whole app.
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...