Jump to content


Popular Content

Showing content with the most kudos since 06/19/2018 in all areas

  1. 4 points

    Ransomware SDEN

    Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed. The OP was informed and improvements in protection were suggested.
  2. 3 points

    EFS 7.0.12014.0 - MSSQL ERROR

    Hi, as marcos noted this error is logged when automatic exclusions for Microsoft SQL server are enabled. Automatic exclusions for Microsoft SQL server are using ADO API to read information from "sys.master_files" table to get list of files to exclude from scanning. The ADO API obviously loads a DLL that is not signed. As a workaround, automatic exclusions for Microsoft SQL server can be disabled.
  3. 3 points
    Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.
  4. 2 points

    EFS 7.0.12014.0 - MSSQL ERROR

    Hi All, I am getting windows server 2016 event log error as "SQL Server Native Client 11.0: Unable to load sqlnclir11.rll due to either missing file or version mismatch. The application cannot continue." after update from ESET File Security 6 to 7. Environment as : Windows Server 2016 EFS 7.0.12014.0 MSSQL Server 2014 Any one have a solutions for this? Thanks.
  5. 2 points
    We have pinpointed a memory leak in the memory dumper. A fix is being reviewed and will be released through an automatic module update next week.
  6. 2 points
    Dear Linux community, We’ve been working on the new generation of our solution for Linux servers for quite a while. The hard work of the development and QA team was materialized into the first BETA version, which we would like to share with you. If you are interested in getting a copy and chance to get hands on experience with it, just leave a comment here or send me (@Peter Randziak) and @TomasP a private message. We are looking forward to your participation.
  7. 2 points

    PUP not handled

    Today we've released a fixed version of the Antivirus and antispyware module 1552.3 which addresses cleaning issues on Mac. Could you please check if PUAs are now cleaned properly?
  8. 2 points

    Eset To The Rescue Again!

    Some "free press" courtesy of bleepingcomputer.com: Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/
  9. 2 points
    Hi Paul, Have you tried also with the latest version - 6.7.876.0 ? There have been a couple of changes regarding MacOS compatibility. Thanks
  10. 2 points
    Hi J.J, I try your configuration and it is working well. Thanks for your help. Axel
  11. 2 points

    ESET keeps stealing focus from Firefox

    Thank you for reporting the issue and the video you've provided. We have eventually pinpointed the issue and a fix will be included in the next version of v12 products.
  12. 2 points
    An FYI for anyone else searching - ESET ECA currently can't do this directly, but ESET UK support helpfully provided a sh script which can install the ESET remote agent silently, connecting endpoints directly to the correct ECA instance. This worked for me - Meraki can deploy the script by wrapping it into a DMG package and deploying as a custom app. ESET ECA can then install ESET sofware/licences etc, with everything being 100% remote.
  13. 2 points

    Horizon - Endpoint Antivirus

    You should reply them that the memory dump from a crash has been already analyzed by an AV vendor and Microsoft and both confirmed a bug in a VMWare driver which is unrelated to the mentioned exclusions. We at ESET are willing to help them and provide details about the problem. You as a customer of VMWare could provide them with a memory dump for perusal.
  14. 2 points

    Will Client auto update on new release?

    If I remember correctly, it should happen after the next service release in 1-2 months. By the way, it will be uPCU, not PCU.
  15. 2 points
    It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
  16. 2 points
    Thomas Stats

    Introduce yourself

    Hi there I am security expert and blogger. I am working in the IT area for over 10 years. All the gathered experience throughout the years I share with people at reviewedbypro.com. Its a cyber security website that helps people deal with various online threats by providing detailed and insightful reviews to those who are interested.
  17. 2 points
    It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.
  18. 2 points
    Description: A "Reset to Default" option for different parts of the ERA. Detail: This one has mainly been discovered due to my own fault. There are many things that can be played with within ERA which is great, however I think there are some of us that might play a little too much and then get to a point where we've changed so much of something that it doesn't work or doesn't give you what you want. For areas such as reports and policies, it might be a good idea to have a button that you can click while editing that restores the default values. That way, if you play around too much and feel like you just want it back to how it was before, you have a reset button as a saviour.
  19. 2 points
    Hi, Enable parental control --> block the uncategorized website (for having robust web filtering)then open a website that has now category so Eset block it but you may want to allow this URL fast. It Would be good if Eset provides an option to unblock websites by password from the browser(or from the parental control log), not Eset parental control settings. its easier to manage, Also, Eset hips show the loaded drivers but it doesn't show the digital signature for them.I like to see the signature.
  20. 2 points
    Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI. Justification Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine. Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/
  21. 2 points
    Add - Dark Mode on ESET Nod32 would be great.
  22. 2 points
    That's how it works in ESMC (ERA v7) which is currently in the phase of beta testing and will be released soon.
  23. 1 point
    It must have taken a bit of digging to find a test from a year ago. Test like this are not worth their weight in salt. So what is your purpose and point in posting this? Regards, Tom
  24. 1 point

    ESMC says up-to-date with 7.0.577?

    Thank you Marcos. I looked at that page several times and just overlooked that part. Guess I need to read the docs and not just skim them.
  25. 1 point
    Hello everyone, soo this is pretty recent. For the last couple of days I have been exhausted by the amount of ip's I see that either attempt to port scan me [2-3 ip's have attempted to port scan me in the past, most recent one was a few days ago but have been blocked by eset's firewall] and some ip's that have something to do with Svchost. I don't even know what to do anymore and I have ran out of ideas. My original idea was to ignore everything and let the time talk by itself, but it has come to the point where I constantly keep on checking the connections that were attempted via my internet. I have done everything, from scanning my network to even scanning my pc several times to see if I have any sort of malware inside my pc. Nothing was found. I've searched most of the ip's that pop up as svchost or whatever on abuseipdb and most of them were flagged as malicious. I'm gonna post some screenshots here of such ip's: I don't even know what to do anymore. Thanks in advance for your help.
  26. 1 point

    VPN & Eset Firewall Setup

    Many Windows VPN clients don't have own Firewall or Kill Switch. A VPN Client usually creates a virtual network adapter or MiniPort, which is used by the client instead of physical Ethernet or WiFi adapter, thus creating a separate "Network Connection" in Eset Firewall. Please advice how to best configure Eset Firewall in a way, that all traffic from the PC would pass only through VPN, and any other traffic outside VPN is blocked by Eset Firewall? Also, when VPN connection is temporarily interrupted, Eset Firewall should block all PC traffic on all adapters until the VPN connection is restored. Can you also explain whether Eset does Real Time Protection on traffic passing through the VPN virtual adapter? If yes, is it done after the traffic has passed the adapter and was decrypted by VPN Client?
  27. 1 point

    Realtime module not functional

    I was right, real-time protection doesn't activate because of the image state IMAGE_STATE_UNDEPLOYABLE. There's something wrong with Windows, it should be in IMAGE_STATE_COMPLETE state.
  28. 1 point
    Over the last few days, I've been having a peculiar problem with my internet. every 2 or so hours, the internet will load so slow, that it basically stops responding for about 2 minutes. I ran a virus scan and found nothing, however after watching my resource monitor, i noticed that it seems to happen only when ekrn.exe starts sending data. The data amount is very low, only something around 20 kbps, but for whatever reason whenever it sends data, my internet basically stops. Any reason why this is happening? Why is ekrn.exe sending data anyways?
  29. 1 point

    What is wrong with maxsecureantivirus?

    Are you running multiple A/Vs real time? Regards, Tom
  30. 1 point
    There is also import command: "C:\Program Files\ESET\ESET Security\eshell.exe" server as filtering import APPROVED-SENDERS ${file} Show all supported commands for particullar list: "C:\Program Files\ESET\ESET Security\eshell.exe" server as filtering APPROVED-SENDERS ?
  31. 1 point
    I would recommend to check file: %PROGRAMDATA%\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\startupconfiguration.ini which contains connection string as used by ESMC. Please make sure you create backup before doing modifications. Resulting connection string is passed to SQLServer ODBC driver and thus all parameters supported by driver should be working. Also be careful with using reserved characters as are @,{,},... as it might require special escaping to work properly. Also be aware that changes in this file might break upgrade of ESMC in the future, and even if upgrade is successful, it might replace this file with new one, without custom changes you made.
  32. 1 point

    Query over TLS1.0

    Hope that helps. Crucial parameters are: sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" where you can limit not only TLS protocol but also list of supported cipher suites, even when we have already enabled only those most secure and considered as secure by various analysis tools.
  33. 1 point
    Yes, you understand it correctly.
  34. 1 point
    Whether the "Show bult-in rules" box is ticked or not does not affect rules in any way; the setting affects only the display of default rules. Default rules that are enabled are applied regardless of the state of the box. If a particular communication is blocked, then there's no permissive rule that would allow it. You can use the Firewall troubleshooting wizard on a client to get a list of recently blocked communications where you can allow the desired ones with one click. Alternatively you can use learning mode to create permissive rules automatically. Afterwards review the rules, remove the unwanted ones and apply the desired ones via a policy to other computers as well.
  35. 1 point

    disable pc restart recommended window

    Immediate restart after a program update is strongly recommended. Otherwise older drivers will remain loaded when a new version of the program is already running which might cause issues if the system is left without a reboot for a longer time.
  36. 1 point

    Version 1.0.0


    Diagnostic.Agent.7.1_91.0_x64.zip This file should be downloaded and used only if instructed so by customer care staff.
  37. 1 point

    Forum Feedback

    A nice addition to the Forum...hopefully folks will take the time to read it.
  38. 1 point
    Description: Prevent sleep during scan. Detail: Windows can put the computer to sleep before the scan is finished. That is very annoying. There should be an option to prevent that from happening. Oops, it's a coincidence that @zeromido asked someting similar here right above. Before I started typing, I first searched the forum for "scan prevent sleep".
  39. 1 point
    Description: reconsider MariaDB support Detail: RHEL8 is coming. ESMC should try to support MariaDB, and not lock itself to some old mysql 5.6 version. it is hard to install old mysql.
  40. 1 point
    Description: Showing (or downloading) debug logs when tasks fail. Detail: Somewhat similar to my previous feature request, having the debug log generated during the task (akin to trace.log) and when it fails, there is a link to download the log file for that particular process. Rationale: It's to allow the Remote Administrator to figure out what is going on within the process without needing to go into the client's workstation.
  41. 1 point
    Galaxy that is what backups and the built in Previous Version feature is for. There is another antivirus product that claims they can do this, but their own engineers on their own website admit it doesn't work lol.
  42. 1 point

    Future changes to ESET Endpoint programs

    @Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable of tracking screenshots / photos of the users, might violate a lot of corporate laws / regulations. If Anti-theft is introduced into the business versions, it will have to behave differently. If I can ask you a question, what kind of a problem you would like to solve with it? Would it be intended for device recovery, or more a data removal / prevention of misuse ?
  43. 1 point

    Introduce yourself

    I'm a semi-retired engineer with a background in telecommunications software development and project management. I've always had an interest in computer security and its related software, and have been through a large number of available solutions in the market. I've found that ESET is the most efficient in its resource usage as well as offering the best level of control while also operating with a minimum of intrusions compared to its competitors. Looking forward to gaining knowledge about ESET's products on this forum, and am excited about the 2019 version of ESET Internet Security which from what I read here is expected to be released shortly. ☺️
  44. 1 point
    Description: Running this app sandboxed Detail: Use sandbox technology to run applications that we decide, using contextual menu and list of "always run sandboxed" (just like Comodo Internet Security).
  45. 1 point
    Hello @pps, I would say the catch is in the fact that you are using customized message to be shown to the user ("Blocked webpage message"), which replaces the original wording including the categorization hint. On the other side, resetting the setting should instantly start showing the original wording, which seems not to work for you, so can you please double-check for me, if the blocking rule is category-based and not (overruled by) URL-based type? Maybe a screenshot from the "Edit rule" dialog? Thanks.
  46. 1 point
    We will take this into consideration, but still, due to the relatively low install base of Linux (outside of the VM appliance) it will still remain with a low priority, compared to other things we want to achieve.
  47. 1 point
    Your information source is wrong. I administer an environment of both Windows and Linux servers, all running MariaDB since version 10.0! MariaDB is a drop-in replacement, and runs on Windows and Linux.
  48. 1 point
    @sindbad Such functionality, for the "one click" update, is implemented in the upcoming version 7:
  49. 1 point
    Hello, Not every requested feature can be added at once. ESET's project managers have to carefully look at the technical and market requirements for each request. Sometimes, the amount of work required to implement a requested feature may mean that it needs to be put off for a few version releases until enough engineering time can be budgeted to implement, test and maintain the feature. And sometimes, a feature might be requested that is just out of scope, offers little real-world benefit to customers or may even be against ESET's business practices. In any case, what I would suggest is to provide as detailed a description as possible of the feature you are requesting, in order for ESET's project managers to make better sense of it, and a little patience, as not everything can be done at once. Regards, Aryeh Goretsky
  • Create New...