Leaderboard

We've nailed it down. A legit tool was backdoored and loads a malicious dll with zero detection at VT which loads the following encrypted payload: I expect the detection to be available momentarily via streamed/pico updates. Also please confirm that you have enabled the LiveGrid Feedback system for maximum protection.

The issue is caused by an older version of the Translation support module. On Monday we should start with upgrade, however, it will require a restart of the ESET PROTECT Cloud instance.

This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected. Having said that, we'll draw this topic to a close.

the world is rocked by the horrifying news of how despotic authoritarian governments and their agencies have used the spyware pegasus made by NSO from israel to intrude the phones & privacy of journalists/opposition leaders/judges/activists etc. from all accounts, it is now becoming clear that the two primary operating systems on phones, android & ios by google & apple have intentional backdoors disguised as security bugs to allow the security agencies to snoop into any smart phone worldwide. my question is, as a responsible antivirus vendor, will eset ever be able to protect the users from such illegal intrusions ? is it ever possible, considering that the OS itself has been laid bare to such intrusions by incorporating "security bugs". phones, especially the smart phones are are no longer secure, but the stunning silence of all AV vendors is even more cause for concern.

The bug is just visual and should not have any noticeable effect on memory consumption. Will be fixed in v15.

Tell me, Eset - are you insane? A few days ago you released version 8.0.2039 . We started a rollout for a few thousand endpoints and now you releasing 8.1.2031??

Hi, the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately. Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update. Regards, Matej

Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server. Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself). My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.

We are in the process of finalizing a new version of Endpoint with all system extensions compatible with Big Sur 11.2. It should be released towards the end of March.

Hello. Please add 2FA feature on my.eset.com. Thanks.

Hello @Kostadin_k, EFDE for mac utilizes FileVault because there is no other way to FDE macOS. Apple prevents its system to use FDE from 3rd party vendors. EFDE for win is a different story. Microsoft allows for vendor´s proprietary encryption and we have this covered. So we are pretty much covered on both macOS and Windows. But yes, adding Bitlocker management to ESET Protect (Cloud) is an option, but even if we go this direction in the future, it will not work as seamlessly as you described. Taking over management of an already encrypted machine is more than complicated because of recovery password that belongs to a particular encrypted system. Migration of these recovery passwords from Active Directory (where Bitlocker stores them) to our console followed by a seamless "takeover" of the machines by the console is very complicated (if even possible). At this moment, adding management of Bitlocker to our EFDE/EP(C) solution is not on our roadmap. Ervin Rendek PM for Encryption solutions

When we update our ESET Agents we find that we need to have all our machines reboot. With the reboot option in the management console the machines just reboot with no warning. Any open work is lost and the user is confused, thus generating a call to the help desk. Would it be possible to have a reboot notification when pushing a reboot on a machine. ESET is finishing an update and will reboot in 30min. Reboot later or reboot now. I reached out to support and was told to post this request here.

Today (February 25) we plan to release a Detection engine update with expected size around 12,2 - 12,4 MB. We expect that the update will be available on the update servers for the clients to download at around 14:00 CET (+/- 30 minutes). This change will optimize the way how we store the data and will reduce the Detection engine size, it's memory footprint and also will make further updates smaller. The Micro updates scheduled on February 26 will have the weekly update package around 13 MB in size and the monthly update package up to 15 MB. Peter on behalf of the teams involved

Problem fixed. Windows server updates had reactivated a couple of services which had nabbed port 80. Simply disabling them negated the issue. I'm now planning on moving the EEE server onto a different port to resolve the issue permanently during the downtime over the weekend.

Hi Thomas, My solution is the following: 1.: - I created a dynamic group for collect the computers with error message "Restart required" : 2.: - Then I defined a CRON triggered task for send a pop-up window message into the affected computers: "Hello Collegue, please restart your computer as soon as possible because an ESET software update...bla..bla" or something like this You can configure the CRON for example launch the message hourly, every 10 minutes or as you want It works pretty fine

Avast blog article here: https://blog.avast.com/cybercapture-protection-against-zero-second-attacks . Detail on configuration options here: https://support.avast.com/en-us/article/54/ Of note is this feature exists even in Avast free version. Time Eset "get with the program" and offer same like capability for their home use products.

The fact is Eset has all the internal mechanisms in place to accomplish this. All they have to do is block the process until LiveGrid black list determination processing has completed. As to the false positive element, I say "to hell with that." Most home users would not be significantly impacted by such process blocking. This could be also further refined by adding Trusted Publisher, signing, etc. criteria to Eset Reputation scanner. Failure on reputation coupled with suspected malicious activity should be enough to block until LiveGrid initial scanning is completed.

We are aware of the problem with Windows applications and the changing path with each update. There is a plan to come with up a solution to this in long term. Also I can assure you that we value any constructive feedback or suggestion and it's discussed with product managers and developers.

This was in Cloud Administrator topic but should be here too Description: A new task/setting to reboot computers with a popup message warning,Detail: Add the possibility to notify user that computer will be restarted when reboot computer task is triggered and let them for example 5 minutes to save/close programs/data.

It had been discussed again and again. but I still want to say: with endpoint 8.0, Please give up stupid MySQL and use MariaDB. check current system requirement it is really funny: MySQL ODBC driver versions 5.3.11 and later, 8.0.0 – 8.0.15 and 8.0.18 and later are not supported.

Yes, v14 is going to be released later this year. It will be announced here as well as via other marketing channels.

Well, there was one last thing I had to perform to get the router, Win 10, and Eset networking to play together nicely. I have long suspected that Win 10 Smart multiple-homed DNS name resolution was the source of most of my network issues. This was further amplified by Eset networking initialization. But since this feature was using my ISP DNS servers combined with the way the router establishes Win 10 network connectivity, I could never definitively nail it down. You can read about what Win 10 Smart multiple-homed DNS name resolution does here: https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/ . The gist of the what is does is: What I have been observing after my Win 10 networking "from hell" reconfiguration activities described previously is at Win 10 fast startup and/or startup from sleep mode predominately is multiple connections to IPv4 address 1.1.1 to port domain. Err what? Port domain turns out to be port 53 and of course, 1.1.1.1 is Cloudflare's IPv4 DNS address. First, I have never ever seen these domain connections before. Next is I shouldn't be using Cloudflare's IPv4 DNS server on an IPv6 network. Bottom line is here is a graphic example of my Win 10 network connection being borked by Smart multiple-homed DNS name resolution processing. As far as what this did to Eset's network connectivity processing can best described as a double-whammy bork from the deepest depths of networking hell. Anyway, I have disabled Win 10 Smart multiple-homed DNS name resolution and finally, all is well networking-wise.

As per the subject, once Detection engine 23963 is downloaded all links to O365 Safelinks are block Had to add *.safelinks.protection.outlook.com to the allowed websites

Appears there are multiple causes involved here. The ones mentioned are: 1. Windows update cache issues. 2. Eset update cache issues. 3. You name it ........... Eset needs to provide built-in diagnostic capability for problems like this and other issues. Think along the line of Windows 10 "Fix-It" wizards. I for one am tired of the constant requests for Eset logs to diagnose product issues.

Please raise a support ticket with your ESET UK. It's probably caused by the update of the Translation support module yesterday, however, I don't have this problem myself so there must be also something else that triggers the issue.

Since malware often disguise as a crack, keygen, etc. you should avoid using them regardless of whether it's for antivirus or another application.

Eset revoked cert. detection is correct - see below QUALS screen shot. Note! Chryslercaptia.com URL cert. is OK. It is the cert. used for myaccount.chryslercaptial.com URL that has been revoked.

1. Suggestions should be posted in the appropriate topic in the appropriate roduct subforums. 2. Most of the things you've mentioned is already there. 3. Suggestions must not be general like I want a better firewall, better antiphishing etc. but should be focused on a particular feature with as many details as possible provided.

The free version of ZoneAlarm definitely has been using the Kaspersky engine for a while: https://www.pcmag.com/reviews/check-point-zonealarm-free-antivirus-plus . The paid consumer and enterprise versions use more Kaspersky components: http://svendsen.me/worried-checkpoints-use-kaspersky-products-heres-disable-remove/

What I find funny is the people behind pegasus keep saying this person and this person etc. weren't being tracked by the software and the next thing they say they don't have access to customer data so can't see who/what their customers are spying on, which contradicts the previous statements

Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.

Please just try for a second and understand the problem we are having with Eset on Big Sur since November 2020. When installing it prompts the user to approve a network proxy. If they approve, and web and email protection is turned off: We loose network connectivity. If they approve and web and email is on: Our VPN etc breaks. If they don't approve they get a warning that their machine is not protected. But at least things keep working. There is a button to enable or disable web and email protection and it doesn't work. Wether that is a risk to take or not is not the point. Your answer is not very helpful when you are arguing against what your customer wants to do. Also, keep in mind that this is on a platform where most people do not run an antivirus at all. We are looking at this from completely different sides. And a lot of my peers are looking for other AV products.

After downloading the uPCU update, the product will turn yellow, informing the user about the recommendation to reboot the machine. The notification can be disabled for users in the Application statuses setup where you can choose only to report it to the EP console:

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 14.2.19 have been released and are available to download. Changelog: Version 14.2.19 Fixed: Bug fixes and optimizations Known issues: N/A Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version If your ESET security product has not updated automatically yet, you can enforce product update by manually checking for update in the Update panel or wait until it updates automatically. Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 14.2.10 have been released and are available to download. Changelog: Version 14.2.10 Added: Added support for Upgrade Campaign Changed: Re-designed Help and support page Fixed: Various small fixes Known issues: N/A Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version If your ESET security product has not updated automatically yet, you can enforce product update by manually checking for update in the Update panel or wait until it updates automatically. Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

Note: It is not Eset's responsibility to help web site owners remove malware from their web sites. Recently, @Marcos has far exceeded what is required as an Eset moderator in assisting web site owners identify malware on their web sites.

Closing this topic due to trolling. The OP obviously also lyed, initially pretending to be a user who accidentally felt a victim of ransomare and then he turned out to deliberately perform amateurish tests by skewing the reality to bash ESET in favor of his favorite AVs

I dont think this is the right place to ask about "cracked" apk files 😬

This is not possible without downloading the whole msi installer. After a microPCU update has been applied, the Repair option changes to Export.

Good afternoon! The behavior you describe is normal - Policies applied by the installer do not show in the console. However, where EFDE is concerned, you will see the encryption status information on the computer panel here: If you want to update the Policy details in the ESET Protect console, then you can press the "REQUEST CONFIGURATION" button. Once processed, you will see the currently applied policies. Here's an example: Before After It might be possible to automate this process, however I don't know enough about ESET Protect to assist you further with this. You may want to ask for further help in the ESET Protect forum or contact support. I hope this helps out!

Hi Kostadin, If you set policy via Protect, you can't change that locally. Password protected settings are meant in case you're not managed or some settings are not managed... If you set every setting like that (even defaults) from Protect, user can't change that. On Mac, ESET Agent password protection is not present. To limit/protect against uninstallation ensure, that users are not administrators (root access) of a machine. In UNIX world, root can do everything.

It doesn't affect any functionality, it's just a minor bug in internal reporting. However, you can suppress the notification by disabling it in the application statuses setup: The first check will suppress it on the client while the other (Send) will suppress it in the ESET PROTECT console.

Same problem here (Dropbox v111 - the lastest stable to the date). On the second computer, no problem with Dropbox v112 (early updates enabled). It's apparently a problem on Dropbox side since they have release the version 112 fixing this issue: https://www.dropboxforum.com/t5/Dropbox-desktop-client-builds/Beta-Build-112-3-254/td-p/476277 If you cannot update to Dropbox version 112, you can temporarily set Dropbox client to ignore in SSL/TLS filter.

itman would be undoubtedly the person to award for his big contribution of helping others on this forum 👌

solution (just tested with one of our systems) for our site: [root@vm /]# cd /var/opt/eset/esets/lib [root@vm lib]# mv em002_32.dat em002_32.dat.o [root@vm lib]# cd /opt/eset/esets/sbin/ [root@vm sbin]# ./esets_update --verbose Virus signature database has been updated successfully. ESETS Update utility +-+--------------------+------------------------+------------------------+ | | Module | Available version | Installed version | +-+--------------------+------------------------+------------------------+ |*| loader | 1076 (20200313) | | |*| perseus | 1566.4 (20201006) | | |*| engine | 22334 (20201117) | | |*| archiver | 1310 (20201029) | | |*| heuristic | 1203 (20201015) | | |*| cleaner | 1214 (20200921) | | | | | | �o}��Ue��o}��<{��0|�p6{�0�[�� | | | | | | | | | | | +-+--------------------+------------------------+------------------------+ [root@vm sbin]# ./esets_update --verbose Update is not necessary - the installed virus signature database is current. ESETS Update utility +-+--------------------+------------------------+------------------------+ | | Module | Available version | Installed version | +-+--------------------+------------------------+------------------------+ | | loader | 1076 (20200313) | 1076 (20200313) | | | perseus | 1566.4 (20201006) | 1566.4 (20201006) | | | engine | 22334 (20201117) | 22334 (20201117) | | | archiver | 1310 (20201029) | 1310 (20201029) | | | heuristic | 1203 (20201015) | 1203 (20201015) | | | cleaner | 1214 (20200921) | 1214 (20200921) | +-+--------------------+------------------------+------------------------+ [root@vm sbin]# systemctl start esets [root@vm sbin]# systemctl status esets ● esets.service - ESET Scanner Daemon Loaded: loaded (/usr/lib/systemd/system/esets.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2020-11-19 16:59:09 CET; 4s ago Process: 94942 ExecStart=/opt/eset/esets/sbin/esets_daemon (code=exited, status=0/SUCCESS) Main PID: 94943 (esets_daemon) CGroup: /system.slice/esets.service ├─94943 /opt/eset/esets/sbin/esets_daemon ├─94944 /opt/eset/esets/sbin/esets_daemon └─94945 /opt/eset/esets/lib/esets_wwwi

According to https://support.eset.com/en/news7604-eset-support-of-macos-11-big-sur, a version compatible with Big Sur that will include a firewall is planned for Dec 2020:

Thanks, quite a good idea. We will try to bring it in a service release next year.

Unfortunately it's by design. The plug-in writes information about scan to emails which causes the unwanted behavior. This will ultimately change with a new Outlook plug-in that will be most likely introduced next year.

Thanks for the heads-up, I can confirm the issue too and have reported it to developers. Will keep you posted.

Also just started migrating our users across to ECA - worked fine last week, can't sign in without errors this morning. Any estimated time to fix? Do you have a status page somewhere, rather than relying on paying customers stumbling across a user forum that I had no idea that existed until 5 minutes ago ?