-
Posts
36,380 -
Joined
-
Last visited
-
Days Won
1,447
Everything posted by Marcos
-
If possible, try connecting to the Internet through another ISP and see if the issue persists. There must be some connectivity issues on the way between your machine and the ISP or between the ISP and ESET's servers. Other users haven't reported such issues so it's not a global problem. If you can't resolve the issue, I'd suggest contacting your local ESET distributor.
-
This "Malware finding and cleaning" is the right forum to report problems with malware or false positives which is why have moved your topic here. Many Nirsoft tools can be exploited for malicious purpose in the wrong hands which is why they may be detected as potentially unsafe applications which are not detected by default. The application detected as potentially unwanted meets the criteria for PUA detection (https://support.eset.com/en/kb2629) which is optional and enabled only with user's consent. Our experts on detection analyze applications deeply prior to categorizing them as PUA/PUsA so there was a good reason for the PUA detection. Also exclusions work as supposed. However, when creating an exclusion to a junction (e.g. c:\documents and settings), we recommend creating also another one for the actual folder under c:\users.
-
Multiple restarts due to cleaning
Marcos replied to Kiwifruit's topic in Malware Finding and Cleaning
Do you recognize this code which is highly suspicious? If not, it's very likely malicious and the detection is correct. If you think it's legit and you use it on purpose, I would ask colleagues with expertise to look into it. -
Do you mean blocking DNS communication with a specific IP address so that the system would be forced to use the secondary DNS server configured in the system?
-
Eset Management Agent Cloud installation via Proxy
Marcos replied to Lemon71's topic in ESET PROTECT
-
We've added a detection on May 6th. https://github.com/hfiref0x/KDU Id Vendor Driver Software package Version 52 Intel PmxDrv Intel(R) Management Engine Tools Driver 1.0.0.1003 and below
-
eset_deamon kills Microsoft AutoUpdate
Marcos replied to matus_li's topic in ESET Cyber Security (for Mac)
So there is no issue with ESET uninstalled? Does the issue return if you install ESET Endpoint Antivirus 7.4.1500? -
eset_deamon kills Microsoft AutoUpdate
Marcos replied to matus_li's topic in ESET Cyber Security (for Mac)
What ESET product / version do you use? I would assume that the autoupdate tool downloads updates via https which is not scanned by ESET on MacOS. Do you use default settings in ESET? -
module update - connectivity issues
Marcos replied to Erlend's topic in ESET Products for Windows Servers
You can ignore the AMSI error. It is probably a system where registration as an AMSI provider takes the system long during a system start. If disabling AMSI integration in the advanced setup, saving the changes and re-enabling it doesn't make any difference, you can temporarily turn off the appropriate application status so that the error is not reported in GUI. Network connectivity issues cannot be connected with the AMSI error. Please raise a support ticket for further investigation if the issues actually go away after temporarily uninstalling ESET and return as soon as you install the latest version with default settings. -
Then it's very likely that the vulnerability has not been fixed yet. Please upload the latest driver to https://www.virustotal.com and provide a link to scan results.
-
Multiple restarts due to cleaning
Marcos replied to Kiwifruit's topic in Malware Finding and Cleaning
It is probably some php files where ESET detects PHP/Agent.VQ upon create by ZohoWorkDriveTS which seems to be an alternative to Google Drive for desktop. It is not clear what are the files like D:\ZohoWorkDriveTS_15214227173253408199101426494295781001\.~$zstmp\Dno1y00967e349b4bf4e1f8ea8e48422f80a5e;kxltr97ca298838e74620a03135297a113d93~, whether C:\Program Files (x86)\Zoho\ZohoWorkDriveTS\bin\ZohoTS.exe creates them them because there are some PHP files being synced or they are some auxiliary files needed during sync by ZohoTS.exe. Please provide logs collected with ESET Log Collector and make sure to collect quarantined files. -
Download new (Rocky Linux based) ova
Marcos replied to me myself and i's topic in General Discussion
The Rocky Linux-based ESET PROTECT VA has been temporarily pulled back due to a bug in the MySQL ODBC driver and certain issues with with SELinux as well. I assume that an updated version with fixes and the MySQL ODBC driver replaced with a MariaDB one will be available for download soon. -
Syscall init_module returns error
Marcos replied to TomDib's topic in ESET Products for Linux Servers
Please raise a support ticket then. Downgrade to kernel 6.1.0-18-amd64 was confirmed to work around the issue so I assume that it should work with kernel 6.1.0-12-amd64 too. -
If it's not possible to uninstall ESET Endpoint in a standard way, you can use the ESET Uninstall tool in safe mode. I assume that you want to keep the management agent installed and reinstall Endpoint. If you want to uninstall the agent as well, it will stop replicating to the ESET PROTECT server. In order to remove a client, we recommend to perform all 3 steps suggested by the client removal wizard:
-
Preposielam vyjadrenie k problemu od vyvojarov: Opravnenia (permissions) si menezuje Android OS a ESET aplikacia len kontroluje, ci dana permission je pridelena alebo nie. Ak sa Android rozhodne permission odobrat, tomu sa neda zabranit. Bohuzial informacie o heuristike, kedy toto Android robi, nie su k dispozicii. Moze odobrat permissions, ked napr. appky dava do deep sleepu a podobne, ale zaznam o tom neexistuje. Nemame vedomost, ze by prave All Files Access permission sposobovala problem. Odporucame sustredit sa na konkretneho uzivatela, ci nepouziva nejaky cleaner alebo inu security applikaciu, ktora by za neho ten permission menila. Taktiez odporucame skusit udelit vsetky vynimky, ako je napr. vynimka na battery saver a podobne podla navodov na https://dontkillmyapp.com/ Co sa tyka toho preco to chvilu fungovalo, dovodov moze byt viacero. Mozno sme v ramci verzie znizili a zase zvysili nejake naroky na OS (pocet beziacich servicov na pozadi atd.) cim sme sa zaradili niekam inam v ramci nejakej kategorizacie. Moze to byt hocico, napriklad aj zmena v target API. V ramci verzie 9 sa kod okolo permissions samotnych nemenil.
-
Game progress files (.dat and .sav) ,malware question
Marcos replied to NickH's topic in Malware Finding and Cleaning
Malware typically spreads in the form of executable files or scripts that are associated with a script interpreter. In order for malware to be present in binary data files, a vulnerability would need to exist in the application that opens the files, in this case the game that the files belong to which is highly unlikely. -
ESET Cloud Office Security (ECOS) 409.3 released
Marcos posted a topic in ESET Cloud Office Security
Release Date: May 6, 2024 ESET Cloud Office Security 409.3 has been released. Changelog Added: Ability to send encrypted Syslogs to user defined network endpoints in CEF, LEEF and json formats. Added: Automatic email re-scans for specific emails in order to decrease the number of false positive spam (missed spam) Updated: ESET HUB integration - Improved “per company” access permissions support for ESET HUB customers Portal: Added "Sender" field to email details in Quarantine, Detections and Scan Logs Portal: Update of license management pages Portal: Refreshed charts components Portal: Added warning for GWS tenant if ECOS app consent revoked (e.g. app deleted) Portal: Added info about infected mail body in scan detail Portal: Optimized certain portal requests in Quarantine and Detections logs to lower the chance of timeouts Portal: Added icon for Google Workspace suspended user Portal: Suspended companies are visible now Portal: Users can be filtered by clicking the company/site in the filtering tree Fixed: Other bugfixes and back-end improvements Improved: Google Workspace Admin Account Verification Support Resources For more information, visit the ESET Cloud Office Security help page or contact your local reseller, distributor or ESET office. -
Trojan Reported whilst using a "safe" site
Marcos replied to IcarusQ's topic in Malware Finding and Cleaning
-
You can enable the firewall with a policy like this: Beforehand make sure to set up your trusted zone / networks properly, e.g. through Network access protection -> IP sets -> Trusted zone. By default, RDP is allowed only in the trusted zone / networks. A good practice is to apply a policy on one or a small group of machines only and to the others only if you have verified that it worked as supposed to prevent unexpected issues by applying wrong firewall or network protection settings.
-
Could you please provide a screenshot of the notification for clarification? The firewall should be turned off only if you are installing ESET during an RDP session to prevent the session from being disconnected.
-
Please elaborate more on what "ongoing migration" means. Does it involve also upgrading ESET Endpoint by sending a software install task from ESET PROTECT? What was the user doing shortly before the error showed up? Is the error showing up repeatedly? If it wasn't caused by an upgrade of ESET Endpoint, please provide logs collected with ESET Log Collector to find out if there are any signs of ekrn crashes.