Jump to content

Leaderboard

Popular Content

Showing content with the most kudos since 09/20/2021 in Posts

  1. itman

    Borked HIPS

    Let's talk about Eset's Network Inspection Inspector processing since there is zip technical details on it. To begin, Eset's network inspection processing is not new and has existed on every EIS version I used dating to 2014. Past versions were relatively benign and non-troublesome. Once I configured Eset's network connection to accommodate my router, the settings remained stable. All this changed when Eset decided to get "cute" and expand network Inspection to examine router settings for the purpose of detecting suspected hacking activities. Great idea for off-the-self routers and the like that perform standard network initializing activities. A very bad idea for ISP provided routers with customized firmware settings. The only positive thing in recent Eset versions is that now Network Inspection Inspector can be disabled via GUI setting which was not possible in the past. For those who like technical details, let's get into those. Using a networking connection monitor such as TCPView, open it immediately after system startup time. Look for an ekrn.exe connection monitoring UDP port 138. Eset is examining network connections via proxy using this port. This is also where the problems start. My router is using NetBIOS which also uses that port to initialize it's router connectivity to my device. It then goes downhill network-wise from here.
    2 points
  2. First, verify your credit card data has been deleted from both your Eset eStore account and your myEset.com account. When I likewise did my Eset license renewal via EIS GUI option, it set up a myEset.com account w/o my permission and set it to auto renewal! Also stored in that myEset account is the credit card number used for the purchase. Given all the security issues with myEset.com accounts being hacked, I also deleted the myEset.com account. I for one have had it with Eset's overly aggressive license renewal/management crap. It's just "one more nail added to the Eset coffin" in regards to terminating the future use of this product.
    2 points
  3. I'm not angry about you reporting it. Quite the contrary, we are happy if you report us possible malicious samples or urls. I just wanted you to point in the right direction, ie. to report stuff directly to samples[at]eset.com according to the KB if you want the submission to receive better attention. Also I wanted to point out that even if a particular website is not blocked (ie. it may be a completely legitimate one with just somebody posting links to cracks), the point is to detect possible threat in the end no matter how it is achieved, ie. by blocking access to the malicious website or by detecting the malware upon download or execution at latest.
    2 points
  4. itman

    Borked HIPS

    Well, there was one last thing I had to perform to get the router, Win 10, and Eset networking to play together nicely. I have long suspected that Win 10 Smart multiple-homed DNS name resolution was the source of most of my network issues. This was further amplified by Eset networking initialization. But since this feature was using my ISP DNS servers combined with the way the router establishes Win 10 network connectivity, I could never definitively nail it down. You can read about what Win 10 Smart multiple-homed DNS name resolution does here: https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/ . The gist of the what is does is: What I have been observing after my Win 10 networking "from hell" reconfiguration activities described previously is at Win 10 fast startup and/or startup from sleep mode predominately is multiple connections to IPv4 address 1.1.1 to port domain. Err what? Port domain turns out to be port 53 and of course, 1.1.1.1 is Cloudflare's IPv4 DNS address. First, I have never ever seen these domain connections before. Next is I shouldn't be using Cloudflare's IPv4 DNS server on an IPv6 network. Bottom line is here is a graphic example of my Win 10 network connection being borked by Smart multiple-homed DNS name resolution processing. As far as what this did to Eset's network connectivity processing can best described as a double-whammy bork from the deepest depths of networking hell. Anyway, I have disabled Win 10 Smart multiple-homed DNS name resolution and finally, all is well networking-wise.
    2 points
  5. itman

    Eset Update Hang on ver. 14.2.24

    Next time this updating issue occurs, use a network connections monitor to ensure ekrn.exe has a solid connection to port 8883. You can use Eset's Network Connections tool or TCPView. I prefer TCPView since it will show if there are sync issues with the connection to port 8883, ekrn.exe is trying to establish. Eset uses port 8883 with fallback to port 443 for Push Notifications. If there are issues with getting that connection, it will cause this bork Eset updating behavior some are experiencing.
    2 points
  6. Kind of ridiculous putting all the work on the end user.
    2 points
  7. itman

    Borked HIPS

    Err, what? I posted previously that it resolved all my IPv6 connectivity issues and Eset recognizing that an IPv6 exists via establishment of an ekrn.exe connection monitoring UDPv6. All of them. There never has been an issue with the Win 10 firewall properly recognizing my IPv6 connection or interfering with any aspect of it connectivity processing. I have previously posted Eset needs to provide an option to only use its firewall for outbound network traffic of user custom rules. All other network traffic would be handled by the Win firewall. This, I 100% disagree with. If everything I have posted in this thread hasn't effectively communicated there is an issue with Network Inspector, nothing I posted further would do so and would be a waste of my time.
    1 point
  8. Hello @Hans51, good, I will grand you permissions and send you further details over a private message. Peter
    1 point
  9. I do not have an info on next planned BETA release, but it seems the new versions are being released in a fast pace as generation 7 has now version 7.0.15 available and before there was 7.0.14 and 7.0.12 and all of them were released in September... Peter
    1 point
  10. Hello @peteyt, the fix for the stuck notification has been committed so new builds should have it fixed. When it comes to e-mail notification in Slovak language it seems you submitted the ticket directly from the application and you have it activated with your Insider license (those are registered on ESET HQ, which is in Slovakia), thus you received the autoreply in Slovak language... Peter
    1 point
  11. Hello @peteyt I use the BETA version too and noticed the bug as well. The dev team has it tracked to fix it (P_EMSA-10346). I'm checking it. I guess the BETA tickets for EMSA are routed to HQ support, but the reply still should be in your language... Peter
    1 point
  12. NewbyUser

    Borked HIPS

    It sort of says it "helps" with identifying open ports and vulnerabilities, but doesn't seem to indicate it has any protective role. So how is it a critical security mechanism? And on a side note, now I have to/should post about updates hanging again, this product is a mess.
    1 point
  13. itman

    Borked HIPS

    I need to correct my prior postings in regards to Eset Network Inspector and network inspection processing. Eset's network inspection processing is a critical security mechanism used to inspect IPv4 and IPv6 network traffic via proxy mechanism. It is "baked" into Eset and there is no way to disable it. Nor should you ever want to do so. Its malfunction in regards to monitoring of IPv6 network traffic in ver. 14 is the primary reason I embarked on this long resolution quest. Eset Network Inspector is the newer feature Eset introduced to monitor router tampering activities. It however does deploy Eset network inspection processing to do so. Besides Network Inspector borking my router's IPv6 configuration activities at system startup time, it was also failing to initialize the network inspection IPv6 network connection. BTW - disabling Network Inspector doesn't appear to fully disable its processing. Another Eset feature that uses it is the Network Wizard. The difference being when the Wizard is deployed is after system startup time. Since my router would be fully initialized at this time, it causes no adverse activities to occur against it.
    1 point
  14. itman

    Borked HIPS

    Interesting. My ISP router has an excellent stateful firewall plus IDS protection. Hence, external network attacks like these are dropped on the WAN side of the router. Also, more reason to disable Eset Network Inspector if there are suspicions it might be tampering with any internal router mechanisms.
    1 point
  15. Maybe I'm being a little stupid but if malwarebytes can remove the full extension why can't eset?
    1 point
  16. Regarding the forum not saving what you have typed, I was not able to reproduce it. Navigating back and forth or refreshing the page didn't clear what I typed. Anyways, the forum is developed and maintained by a 3rd party provider and we have no permissions or rights to change the code ourselves. If there's an issue we can report it to the provider but we'll need to provide step-by-step instructions how to 100% duplicate it. Last but not least, I would like to ask you not to mix different issues in one topic but rather create a separate topic for an issue. 2021-09-26_10-08-04.mp4
    1 point
  17. I'm going to type this post again. I have the worst luck with this forum! I hit backspace to correct a typo in my post and Firefox went to the previous page I had visited, and I lost my entire post!!!! This has happened so many times on this forum! I have over 5000 post on Wilders and it has never happened on Wilders. The most annoying thing! I think i'm jinxed on this forum. The user should be given the option to opt out of auto-renewal when they purchase a license and it should be easy to see. Also, it is confusing on where to go to opt out of auto-renewal once you have been enrolled. I thought myeset.com would be the place to opt out since that is the site for managing License and Devices. I wasted a lot of time looking for an option to opt out of auto-renewal on myeset.com. I finally found the option to opt out of auto-renewal on store.eset.com. It only gave me the option to opt out for the license I had just purchased. My old license still reported that it was set up for auto-renewal within the Eset Application. I never was able to find any option on either website to disable auto-renewal for my old license. Please read my last response to itman above for more information and one possible solution for this problem. That will save me from having to type everything again.
    1 point
  18. Such shady auto renewal policies are unethical, and possibly illegal in some countries.
    1 point
  19. itman

    Borked HIPS

    Correct. It also resolved a more serious issue that manifested on ver. 17. Upon resume from sleep mode, it appears the Eset firewall wasn't initializing itself properly; or not fast enough. Note this didn't happen upon every system startup from sleep mode, but it happened enough to be disconcerting. Network Wizard showed blocked svchost.exe inbound traffic to ports 53, 137, 1900, 3702, 5353, and 5355. The "rub" is the remote IPv4 address shown was my device assigned IPv4 address. In other words, Eset firewall; or more likely Network Inspector, wasn't initializing properly and was interpreting legit outbound traffic from my device as inbound traffic and blocking it!
    1 point
  20. SlashRose

    Borked HIPS

    I, like you itman and others, no longer see Eset as trustworthy and where since Corona the attacks have increased a few times. This is not a fine kind of Eset.
    1 point
  21. itman

    Borked HIPS

    Well, it didn't take AT&T long to detect my Cloudflare IPv6 DNS server usage and start interfering with that. So I am now back to using their auto assigned DNS servers and Eset's networking resultant borking of those connections. But I have finally confirmed the Eset culprit. It is the Network Inspection feature. Disabling that not only solved the auto IPv6 configuration by my router problems but most importantly, the totally spastic Eset firewall behavior upon resume from sleep mode. I also question the use of Network Inspection processing when the Public profile is deployed. Its applicable Eset firewall rules only allow Trusted network device communication. When using the Public profile, no local network devices are trusted.
    1 point
  22. If it was a memory leak, wait until ekrn consumes more than 500 MB and then generate a dump of ekrn for perusal. If the memory consumption is below 200 MB there's nothing to be concerned about. Also there's basically anything that you could do to decrease the memory usage than reboot the machine. However, as time goes the memory usage may go up and down as objects are being scanned.
    1 point
  23. Hello Nwb please restart the system stop eea service check the folder /var/log/eset/eea/ods/ clean up the log files - delete the log files rm /var/log/eset/eea/ods/* check the permission of /var/log/eset/eea/ods/ (stat -c %a /var/log/eset/eea/ods/) should be 700 check permissions of /tmp/ (stat -c %a /tmp/) should be 1777 in case the permissions are different it is needed to fix the permissions to this folders In case issue will persist please collcect the log files and provide us with log files https://help.eset.com/eeau/8/en-US/collect-logs.html
    1 point
  24. When using the auto update feature, the upgrade is first applied at reboot, so it will continue to be fully protected by the old version until you eventually reboot the device which is then upgraded
    1 point
  25. Hello. I see that ESET Endpoint Security v8.1.2037.2 was released. Are there plans to release v8.2 of Endpoint Security soon? I just don't want to start upgrading my clients to v8.1.2037.2 only to have v8.2 come out a week later as what happened in the post below when v8.0.2039 came out and a week later v8.1.2031 was released. I know v8.0.2039 was a hotfix and v8.1.2031 was a feature update, so I wanted to make sure there wasn't a feature update planned to be released soon. Thanks!
    1 point
  26. 90 MB allocated by ekrn is pretty normal. In the past ekrn used to consume more memory with a smaller engine and less protection features:
    1 point
  27. Please carry on as follows: - enable advanced logging under Help and support -> Technical support - run update - disable logging - collect logs with ESET Log Collector and upload the generated archive here.
    1 point
  28. Yes, EsetPerf.etl can be huge; it can grow to gigabytes in minutes, hence we recommend keeping the logging enabled only for a short time. You can compress the file, upload it to a storage location and pm me a download link, we'll see if there's something interesting, such as a high CPU load logged.
    1 point
  29. Thanks! Standing by
    1 point
  30. US support strikes again! Totally useless!!
    1 point
  31. Hello, recommended approach would be to use the dashboard / reporting functionality for it. You can navigate to the tab "ESET applications", where you can see which are outdated and even list count of all outdated versions. Then you can initiate upgrade by "one click" from there, for a particular version, you seek to upgrade to a newest version.
    1 point
  32. What are you talking about I totally agree, you are correct in your opinion this away from the users. I am finding that ANTIVIRUS ESET does not have TELEMETRY to identify all these problems. The worst thing is that the updates of the product problem fixes take a long time to get out to the END user, that's because we pay dearly for the product, so much so that competitors like KASPERSKY products are very cheap and have several promotions and even more has FREE antivirus. I am finding that ESET is unable to work faster.
    1 point
  33. But in the case of updating the end user is only half the equation. The company should be logging updates as well and trying to find a solution. Turning users into trouble shooters is not the answer. All this constant drone to submit logs is driving users away.
    1 point
  34. itman

    Borked HIPS

    By default, Eset network Profile selection is "use Windows settings." As I previously posted, Win 10 firewall default network Profile setting is Public. Therefore if using default settings on both, Eset's Network profile would always be set to Public. -EDIT- Some additional detail here. Win 10 firewall defaults to the Public profile for a reason. It auto disables Network Discovery. The way you're supposed to securely do file sharing on a Win 10 device is to right mouse click on the file to be shared on the network and select the "Give Access" option. This also brings up why Eset has the "Home or Office networking" profile option in the first place since it in effect, overrides Win 10 built-in network security. The most damning aspect of the Home or Office networking Eset profile is it enables NetBIOS access by default.
    1 point
  35. The web serve is misconfigured; OCSP Must-Staple is enabled, however, no OCSP response is received. https://www.ssllabs.com/ssltest/analyze.html?d=energy-forecast.n-side.com OCSP Must Staple Supported, OCSP response not stapled
    1 point
  36. itman

    How do i turn off auto renewal?!

    Tip - if you delete your credit card info in your US eStore account, there is no way for Eset to perform an auto-renewal.
    1 point
  37. Marcos

    Detections Actions Error

    The issue is caused by an older version of the Translation support module. On Monday we should start with upgrade, however, it will require a restart of the ESET PROTECT Cloud instance.
    1 point
  38. Try something like this: <?xml version="1.0" encoding="utf-8"?> <rule> <definition> <operations> <operation type="WriteFile"> <operator type="or"> <condition component="FileItem" property="Path" condition="starts" value="%APPDATA%\microsoft\windows\themes\cachedfiles\" /> <condition component="FileItem" property="FullPath" condition="is" value="%APPDATA%\microsoft\windows\themes\transcodedwallpaper" /> </operator> </operation> <operation type="RegSetValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> <operation type="RegDeleteValue"> <condition component="RegistryItem" property="Key" condition="starts" value="HKCU\software\microsoft\windows\currentversion\explorer\wallpapers\backgroundhistorypath" /> </operation> </operations> </definition> <description> <name>Wallpaper was altered</name> <explanation> The wallpaper was altered </explanation> <category> Default </category> </description> </rule>
    1 point
  39. I'm split. I wouldn't mind if Eset introduced it but there's the debate if AVs should basically focus on being AVs and leave the other stuff to other users.
    1 point
  40. Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.
    1 point
  41. Okay, thanks for the effort. The setting is not a matter of life or death but as a nice to have it would be great... Thx & Bye Tom
    1 point
  42. As of now, this is not possible. Those "color coded statuses" are hardcoded in the webconsole. I will consult with our product management, if this is something that can be adjusted in the future product releases.
    1 point
  43. Update: It works for local files:
    1 point
  44. Hello, I try to check the ICAP function but I can't find any documentation about the configuration of ICAP in EFSL. I install squid proxy server, configure the connection to ICAP: icap_enable on icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344 adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344 adaptation_access service_resp allow all But I get an error when I try to open any website: Squid is connected to ICAP:
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...