Jump to content


Popular Content

Showing content with the most kudos since 11/18/2018 in all areas

  1. 4 points

    Eset 13 Version

    Thanks for the heads-up peteyt, the user was banned.
  2. 3 points

    Eset 13 Version

    @MarcosCan someone please ban this user. Reported another of his posts the other week. Noticed something strange as one of his post seemed to be exactly the same post I made. User is basically copying someones post and reposting and then editing at a later date to add a spam link. Possibly hopes users will not notice because the link is not originaly included but have been keeping an eye out
  3. 3 points

    Clients not showing in ESMC

    I would recommend to start by checking whether ESMC Agent installed on client machine is actually connecting to ESMC. For this purpose please follow troubleshooting part of documentation - especially status.html log present on client machine might be helpful in this case. In case ESMC Agent will be connecting to ESMC, most probable issue is that is is using different name in ESMC or is located in different group, which prevented ESMC to remove "dead" duplicate that is rendered as unmanaged. In case AGENT is not connecting to ESMC, it is crucial to resolve connectivity issues as described in referenced documentation.
  4. 3 points

    AV-TEST and ESET

    I use the daily "seat of my pants" results. I know what works for me. No A/V program is 100%...that's why they get updated and evolve. In my opinion, these A-V test results (no matter who publishes them) only provide the trolls with food (in addition to being (for me) worthless data). We all know (or at least should know) that you never feed a troll. Regards, Tom
  5. 2 points

    ESMC Upgrade

    For those of you in the same situation, I first had to install SP3 for SQL Server 2008 R2 Express because you can't directly upgrade to SQL Server 2017 Express unless you are running SP3. I was running SP2. Once this was done, I upgraded to SQL Server 2017 Express by using the custom install option. I then opened ESMC and went to Help->About. The DB version is now showing Microsoft SQL Server 2017 (RTM) Express Edition (64-bit) 14.0.1000.169. I then went to Help->Upgrade Product and a new client task was created. After a few minutes, I was kicked out of ESMC and I could not log back in. A few minutes later, the login page wouldn't even come up, but after some more time, it finally came up and I was able to log back in. ESMC is now showing it is v7.1717.0 and the Web Console is at v7.1.393.0. The last thing I did was install SQL Server Management Studio (SSMS) on my server so I could manage the DB a little easier. https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-ver15 https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15
  6. 2 points

    Review Of Eset

    I'd say it's very light weight and good detection.
  7. 2 points
    Well surely this is not a direct solution to your problem but don't use uTorrent, use open source, ad free alternative Qbittorrent: https://www.qbittorrent.org/
  8. 2 points

    Multiple licenses for MDC.

    MDM Core is activated (although it does not consume license seat, activation is done only for the purpose of getting the valid update credentials for receiving module updates). Each mobile device needs to be activated separately, using the "product activation task" targeted towards the particular mobile device entry.
  9. 2 points

    EIS - I got the update

    Nothing strange about it. The Eset off-line installer web site is always updated somewhat after the release hits the Eset update servers. Also the situation is identical to the current status, the ver. update is offered prior to an official announcement in the forum. More so currently in that it appears all the Eset support personnel at some conference this week.
  10. 2 points

    Firewall suggestions

    No because virtually all third party firewalls are part of integrated AV security suites these days. The only full-featured stand-alone firewall actively supported is Comodo's. The rest are old Win 7 versions with kludges applied to get them to function on later OS versions.
  11. 2 points

    Virus not detected

    As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected. This is how the detection would have looked like at that time: Log Scanned disks, folders and files: C:\test2\documento.exe C:\test2\documento.exe - Suspicious Object Number of scanned objects: 1 Number of detections: 1 And here is how ESET reacted with 2-month old modules: The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script... Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550; And the malicious process was terminated: AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.
  12. 2 points
    Swamp Yankee

    Notifications have disappeared?

    I had the same problem as you, and I think it got borked during an in program version upgrade. So I'm gonna guess you did an in program version upgrade. I never noticed it until I was reading a post about someones problem with 'Desktop Notifications', and when I looked at my setup trying to find 'Desktop Notifications' it wasn't there, just 'Email notifications' just like yours. Fix-Do a clean install and all was good again.
  13. 2 points
    Yes, you are right. ESET is always around the 98% mark. A test before this one they scored 98.4% which was lower than every other (Except Total Defense). So, everyone else doing better. I'm pretty sure too that it's not related to PUA. Eset is pretty good at detecting those. The report of the February-May 2019 test was more detailed. It showed Eset failed to detect 12 threats out of 752 but didn't mention what type of threats those were: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/ Also, check the report of the February-May test. They categorized by prevalence of the false positive from Very low, low, medium and high and most of the WD false positives were on the group of very low and low. So, rarely an average user would face false positive issue. Maybe most of those detected false positive samples were blocked by SmartScreen. SmartScreen is mostly reputation based so it's a possibility.
  14. 2 points

    update from 12.2.23 to 12.2.29

    The problem with periodic scan seems to be caused by timing; v12.2.29 was waiting for a response from WSC and since it takes time for the Security Center service to start (looks like a bug in Win), the system didn't know about ESET and WD was started. When we eventually received a response from WSC and registered, WD reset its settings, including periodic scanning. We've made a change so that we won't wait for WSC to respond and will register immediately. We'll also implement an alternate way how to remove obsolete providers from WSC since the functionality is not supported by Windows as of RS6. A newer version with all the above mentioned changes should be available soon.
  15. 2 points
    It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
  16. 2 points
    Description: Prevent sleep during scan. Detail: Windows can put the computer to sleep before the scan is finished. That is very annoying. There should be an option to prevent that from happening. Oops, it's a coincidence that @zeromido asked someting similar here right above. Before I started typing, I first searched the forum for "scan prevent sleep".
  17. 2 points
    False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Whitelisting ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded. This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems. If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET? Requirement for False positive submissions When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file. I will explain what information is needed and why it is important. 1) Name of the legitimate application the file belongs to. When submitting false positives you must be able to identify what is the name of application that is being falsely detected. No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive. Example of correctly provided information: “This file belongs to VLC media player 3.0.6.” When you provide the specific version number, it helps. Example how not to submit false positives: “I don’t know what it is and why I have it on my computer but I think it is a false positive.” If you don’t know what the file is, don’t report it as false positive. 2) Name of the application’s author, developer, vendor or website where you downloaded the software Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it. This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not. It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors. 3) Application's purpose Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available. Examples how of application’s purpose: This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc. Don’t hesitate to provide any additional information you deem important. You may add the specific detection name you saw when detection occurred. In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection). You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools: Please select “False positive file” option and attach the file you want to submit. Please provide all necessary information (as described above) researchers need to process your false positive submission. Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!
  18. 2 points
    Another nice feature for the firewall component that would help a lot with maintaining the firewall rules: Description: Firewall rules cleanup of unnecessary / invalid entries Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.
  19. 1 point
    @Marcos thanks for the clarification that it will be solved with the next update V13, but as asked by @BeanSlappers, any indication when this might happen? Will there also be communication that this issue is fixed? So users know when to setup again a new Phantom Account? I do want to avoid that I am too early and have to do it again Thanks.
  20. 1 point
    Please provide list of installer parameters you are using to deploy AGENT (only parameter names, no need for passwords or other sensitive details). From log it seems you are performing so called server-assisted installation, but probably with wrong hostname:port configuration, resulting in communication failure. Also once ESMC is installed, you might use also live installer created in console to deploy AGENT, it has no parameters so it would be much simpler.
  21. 1 point

    HIPS problem

    Join the club. I and many others have been asking for file wildcard capability for years.
  22. 1 point

    Introduce yourself

    Welcome to the forum. Glad to see a fellow horror fan to. I love slasher and giallo films
  23. 1 point
    https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptoapi-system-architecture Additionally, applications use the Win crypto API to protect their own sensitive data. Using Process Explorer, display some app .dlls. One that you will find used extensively is crypt32.dll.
  24. 1 point
    We have identified a problem when upgrading a Windows 10 system with ESET Endpoint Encryption installed to the 1903 feature update. Installing the update can cause the system to crash (blue screen) when booting. We are currently investigating the cause and recommend not upgrading an encrypted system to 1903 until further notice. Systems that have been affected will need to be decrypted using our recovery tool (if full disk encryption was enabled) and then repaired using the Windows recovery console. See this knowledgebase article for more details: https://support.eset.com/kb7309/
  25. 1 point
  26. 1 point

    SFP IT Director

    Marcos and company, since NOD32 2.5, I have been both a user and a re-seller. Thank you for a superior product. May you all be blessed. Matt
  27. 1 point

    B&PP not working Firefox 70

    Works fine for me with BPP module 1166 and FF 70.0.1 on Win 10:
  28. 1 point
    Typically the Not scanned category includes internal messages and messages coming from authenticated SMTP sessions which are not scanned by default. We consider it pretty normal.
  29. 1 point
    @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510
  30. 1 point
    I was having the same issue on a Pixel 2 after the Android 10 update. Permissions were set to Always. Disconnect/reconnect to home WiFi fixed the error. Thanx.
  31. 1 point

    Review Of Eset

    My own opinion is your posting is inappropriate for this forum. You should be soliciting Eset user comments on your web site. Also security web sites such as wilderssecurity.com and malwaretips.com have sections for inquiries like this.
  32. 1 point

    ekrn.exe launches firefox

    Hello, this could be caused by importing our certificate for scanning the SSL communication. Even if it is not your default browser, we do that for all supported browsers installed on the machine. We do call the firefox.exe process during the certificate import, that's why it could be seen for a split second.
  33. 1 point

    Need Info for Decision - Seek What's Right

    Purchase a new license from the Eset web site or an authorized Eset retailer. Places like Amazon, eBay, etc.. are not authorized Eset retailers. If you have made customized changes within the Eset GUI, export those. Uninstall your existing Eset version. Reboot if not specifically requested to do so after uninstall. Install the Eset version you just purchased and activate it with the provided license key. If Eset previous settings were exported, import those into the newly installed Eset verion. Neither MBAM or SuperAntiSpyware are needed. If MBAM is installed, its real-time protection should be disabled since it can conflict with Eset's like real-time protection.
  34. 1 point

    Eset 13 Version

    Consumer VPN use is widespread now. Eset 12 has many bugs related to VPN use, and the devs are negligent in fixing these bugs. In fact they're never fixed for years, and the impression is, Eset package is simply not tested by devs to be continuously used in consumer VPN environment. Eset also has no controls or interface features related to VPN use. Examples are regular excessive lengthy Eset CPU and HDD load when switching VPN on and off. Also Eset Firewall failure to restore settings in Interactive Mode after firewall is switched off while VPN is enabled, and then switched on while VPN is disabled, or vice versa. When reading Eset Help docs, the impression is Eset team purposely ignores the overwhelming trend on the consumer market during last years of using VPN, and devotes no technical or knowledge base articles to this very issue. Further, when contacting Eset support, they bring every fake reason to refuse investigating issues related to Eset failures to work properly in VPN environment. In Help docs, Eset writers make it look that VPN is only used and of interest to enterprise market, and consumers should not ask any questions, or report any bugs related to Eset consumer products systematically failing for years to work properly with VPN. Instead of saying "Thank you" for reporting never fixed bugs, Eset reps claim they can't find one's license, or its expired, or how it was obtained etc, trying to find a reason to refuse the bugs investigation. Meanwhile, reporting bugs is users free gift to Eset, and the bugs must be fixed to benefit all paying and testing product customers, regardless who reported them and under what conditions. Most large companies have Bug trackers where anyone can enter bugs, it does NOT require any license proof at all, because bug reports are free donations to the very rich Eset company, allowing it to get ever richer. On this forum, Eset reps also systematically ignore all user posts and threads related to VPN issues with Eset. This seems to be thick culture within Eset company of aggressively ignoring and denying existence of burgeoning consumer VPN market, thus making Eset less and less attractive to consumers despite cosmetic changes in slightly updated new product versions. I know my post will be deleted, ignored again, or attacked by Eset paid guns, who also attacked them in the past, while Eset has no intention to change this ill long obsolete culture of ignoring consumer VPN market.
  35. 1 point

    ESET and piracy

    I believe that this article sums up nicely why pirated software should not be used: https://www.maketecheasier.com/dangers-of-using-pirated-software/ . Also some security software does scan for pirated software. MalwareBytes is one of them. Also a number of the web sites that assist in free malware removal will refuse to provide help if they detect cracked software on a device.
  36. 1 point
    Aryeh Goretsky

    ESET and piracy

    Hello, While ESET does not condone software piracy (or any other kind of piracy, for that matter)*, neither is ESET the software police. That said, it is important to keep in mind that peer-to-peer file sharing programs can be bundled with potentially unwanted applications, adware or even outright malware. They can also introduce privacy issues, such as the leaking of sensitive or confidential information due to improper configuration, as well as security vulnerabilities which can be subject to exploitation by threat actors. And, of course, there is also malware which may make use of peer-to-peer networks for various reasons, from spreading as a worm, for use as command-and-control infrastructure, exfiltration of stolen data, and so forth. Web sites involved in the facilitation of software piracy often have limited opportunities for revenue generation, as legitimate advertising networks, payment processors, e-commerce providers and other businesses may be unable or unwilling to do business with them for legal or other reasons. As such, these web sites may turn to other means of funding continued operation, including the display of advertisements from less-than-reputable ad networks/brokers, which may introduce malicious advertisements (malvertising) using exploit kits to compromise a computer through the web browser, to other schemes, such as mining cryptocurrency in the web browser to generate revenue for the site operator. Another thing to consider is that many customers do not want programs which facilitate the theft of intellectual property on their computers and networks. The reasons for this can range from the mundane (wanting to avoid legal liability) to concerns about more draconian actions: In Russia, software piracy can be treated as a criminal matter by the Russian federal tax police, and having pirated software on computers can lead to the arrest and imprisonment of employees, harsh financial penalties the dissolution of a company and/or the forced transfer of a company's assets. This happened to several non-profits who were accused of pirating Microsoft software in Russia. To their credit, Microsoft quickly responded by providing the Russian non-profits with legal licenses for its software, and now makes its software free for use by non-profits in Russia in order to prevent this from happening again. While that is an extreme kind of scenario, it does show how regimes can use software piracy as a pretext to shut down organizations of which they do not approve. From time to time, ESET has talked about some of the malware using and abusing peer-to-peer networks, probably the most famous of which is the Conficker worm. Some additional examples of malware which make use of peer-to-peer networks, can be found on ESET's VirusRadar site: MSIL/Antinny Python.Filecoder.P (ransomware targeting .torrent files) Win32/AutoRun.IRCBot.FE Win32/Skopvel Win32/TrojanDownloader.Agent.PUC Win64/GoBot2 Further information about risks, as well as mitigations, can be found on ESET's WeLiveSecurity blog: Limewire, free software and the for-fee membership BitTorrent family susceptible to DRDoS attacks Mac malware spread disguised as cracked versions of Angry Birds, Pixelmator and other top apps How black hats misuse the torrent ecosystem for fun and profit As previously stated, ESET is not the software police. ESET does, however, have a stated goal of protecting its customers from threats, and those threats can come from many sources, including peer-to-peer file-sharing networks, applications and their associated web sites. Regards, Aryeh Goretsky *ESET holds no position on Talk Like a Pirate Day.
  37. 1 point

    Mouse Clicker EXE undetected

    Here's an analysis of what appears to be a later version: https://any.run/report/c77cf8ebd52d044362c7f5d1a8e3fc444488371985a8c0f2902420b93bc44001/2bdc9ed2-5ebe-42a9-beb4-f35fa778bd37#registry In this case, the determination was suspicious.
  38. 1 point
    Pete12 bug...

    Yes, its a well known bug by now ..........it appeared with this buggy update to 12.2.29 . Rolled back to previous version 12.2.23 , with NO BUGS at all !! I dont understand why (!) ESET still did not react .............WHEN WILL THESE TROUBLES GET FIXED !!! I contacted support already , they want to look in my PC , but whats the use without a new update , its not our OS , this is an ESET-problem ...................!!
  39. 1 point
    Dragon Dave bug...

    If ESET Internet Security says its firewall is active, but WSC reports both ESET and Windows firewalls are switched off: Is ESET fully functional, with no security breach/issues? Is my computer fully protected correctly by ESET at this time? Thanks
  40. 1 point

    Since updating to

    EIS connects to our servers in order to fetch the category for a particular domain.
  41. 1 point

    License will soon be overused

    Thank you for the feedback. I will check on our side, whether there is anything to be done to change it. I agree, that impossibility to turn it off when anything is wrong is an inconvenience. I will try to give you update here next week.
  42. 1 point
    Maybe Lack of a REAL behavior blocker.
  43. 1 point
    Marcos bug...

    We are aware of it; it was actually an issue that we tried to work around in v12.2.29 but it caused other issues resulting from WSC not responding in a timely manner. Most likely it will be reported to and discussed with Microsoft's developers since the process of registration to WSC is handled by Windows itself and it's beyond any 3rd party sw vendor. There should be a newer version available soon that will have the workaround reverted which may affect timing and the notification may go away.
  44. 1 point

    update from 12.2.23 to 12.2.29

    It appears to me that Eset is doing some type of "kluge" processing where it fools Win 10 into thinking no other AV/firewall is installed at boot time. That is what is causing the event log entries. My guess is Eset is not loading its ELAM driver. This will cause later Win 10 versions to startup Windows Defender and run it in parallel with the third party AV solution. Or the OS in the mean time seeing that no third party AV is installed, starts up the Win firewall front-end plus Windows Defender. Eset then later registers itself with Windows Security Center and all is well in that regard. Once the Eset registration with Security Center completes, then the OS switches over to recognizing Eset as the firewall plus AV real-time provider and terminates the Windows Defender engine process. The problem with the above is while Windows Defender is active, it is performing activities like trying to update its definitions and God only knows what else. There is also the issue of malware that runs at start-up "sneaking through" due to the fact two real-time AV solutions are running. What happens if WD detects the malware first but is not fully functional? Eset really needs to do its initialization with Security Center properly as was done with ver. 12.2.23 and prior versions.
  45. 1 point
    Would be very cool if Eset offered just the firewall alone, most other features are useless for me. I know you can disable components. To many settings to go through, although I like all the settings. Please, just the firewall. 🙂
  46. 1 point
    Unfortunately I am al so not sure how it was meant. We are officially declaring maximal number of managed clients to 10000 when using MySQL database, but it is not related to number of actually connecting clients, but rather limit is amount of data. ESMC installed over MySQL might have performance issues with processing larger amount of data and rendering larger datasets. As an result rendering of specific reports (threats for example) might be much slower, but in "clean" network even much larger environments can be managed with MySQL-based ESMC installation. Persistent connections as introduced in ESMC should actually significantly reduce load of ESMC server, especially in "dormant" state when no changes are made in management console. If properly configured on recommended HW, ESMC should handle hundreds of clients per second.
  47. 1 point
    Hello @MichalJ just make an AD synchronization and get the computers from there.
  48. 1 point

    Version 1.0.0


    Diagnostic.Agent.7.1_91.0_x64.zip This file should be downloaded and used only if instructed so by customer care staff.
  49. 1 point
    Hello @kingoftheworld, that was quick :-), thank you for your interest, I will send you further instructions via a private message. Currently we have the new generation of protection for the file servers, more server roles should come later followed by the endpoint product. When it comes to ERA/ESMC we advise the participants to have a separate instance of it as i requires a BETA version of Configuration support module, which hasn't been fully tested yet with all the other products so we do not recommend to use it in a production environment. Regards, P.R.
  50. 1 point
    Description: Enable right-click and double-click in ERA Detail: ERA is one of the most easy-to-use management services I have used. However i believe that to make it more ergonomical there should be a functionality that lets users double-click on something. For example, when wanting to generate a report you first have to click on the report, then go down to the "GENERATE NOW" button and click that. I feel like adding the ability to open reports and other things with a simple double-click action would improve accessibility. The right-click I admit is quite an odd suggestion seeing as if you click on a field once it brings up a menu etc, however, again for things like editing reports, you first have to click the report, then click on the little cog icon over to the far right, and then click on edit. Would it not be easier just to be able to right click the report and choose edit? A very pedantic suggestion I know...
  • Create New...