Jump to content

Marcos

Administrators
  • Posts

    25,390
  • Joined

  • Last visited

  • Days Won

    1,054

Posts posted by Marcos

  1. 13 minutes ago, karsayor said:

    While I think auto-update is great for bugfix and security issues, I'm afraid of it deploying newer version with new features and changes automatically without any control over it ?

    It depends on your program update settings. If set to auto-update, products will be updated to the latest stable version, typically 1-2 months after the release. If EULA has changed, an administrator will be notified in ESET PROTECT and will have to accept the new EULA prior to applying the program update. uPCU updates are installed after the next computer restart so no additional restart is needed.

  2. 13 minutes ago, karsayor said:

    Hi Marcos,

    Sorry to interfer in this thread, but I don't get it. I tought uPCU updates were for updates in the same version (8.1.2031 to 8.1.2037) while PCU were for upgrades (8.0.2039 to 8.1.2037). Is this incorrect ?

    Also, how do we manage both type of updates / upgrades in ESET Protect ? AFAIK there is only one setting for this.

    Both PCU and uPCU are program updates, however, we haven't used PCU for a long time since uPCU was introduced. uPCU are differential updates while PCU is basically equal to downloading and installing the whole msi installer and always require a computer restart.

    We're going to use uPCU to upgrade any older v8.0/v8.1 of Endpoint to upgrade to the latest version 8.1.2037 soon. There is one setting for this which you marked in your screenshot.

  3. 15 minutes ago, LeszekU said:

    Hello, I have a similar problem for some time. On some webs I get alert page:

    for example: 

     https://e.shell.com/

     https://stackoverflow.com/

    What can I do with it ?

    I'm not getting any alert from ESET and neither https://certificate.revocationcheck.com/stackoverflow.com shows any issues with certificates.

    Are you still getting the alert? Is the system date and time set correctly?

  4. 6 hours ago, GDI said:

    By "prevent users from using this scan profile" are you referring to if they go into Endpoint > Computer Scan > Custom Scan > Settings? If so, yeah it would be great to be able to "hide" it but, for us, it shouldn't be a big deal. Just as long as that profile isn't used for automatic/scheduled scans, we are OK setting it up this way.

    Correct. If it's ok for you that users could select a profile that will be able to clean suspicious apps and PUAs then the above should work for you. I'd also recommend enabling detection of potentially unsafe applications which cover legitimate tools that can be misused in the wrong hands, e.g. to disable or uninstall antivirus.

  5. 3 hours ago, AZ Tech said:

    Blocked now. Also blocking of redirectors has been improved too. After unpacking the sfx exe and upon running it, it was sent to LiveGuard with a positive result:

    image.png

    The sfx archive contains a bunch of various malware which would be detected anyways upon extraction or running the file without LG analysis.

    image.png

    3 hours ago, AZ Tech said:

    Finally , I have a question related to LiveGuard, when I ran the aforementioned sample even though it was new and undetected from the eset database, the LiveGuard feature didn't work as I expected, even though eset did detect the malicious file after running it with the Advanced Memory Scanner, This means that the malicious file was not sent via LiveGuard, so what's wrong here?

    Screenshot 2021-10-18 203819.png

    I assume that the sample didn't do anything suspicious during replication in sandbox. E.g. it could expect certain user's input in order to drop a malicious payload which may be tricky to simulate.

  6. 1 minute ago, ronmanp said:

    Unfortunately for us last resort is hundreds of machines that refuses to either uninstall or upgrade to a newer build. 

    The best would be to find out why the standard uninstall is failing which could help us suggest the best / most effective procedure how to proceed.

    Run:

    msiexec /uninstall "C:\ProgramData\ESET\ESET Security\Installer\ees_nt64.msi" /lvx* uninstall.log

    If uninstallation fails, please provide uninstall.log.

  7. Whitelisted are basically files signed by known trusted certificates, e.g. by Microsoft. Samples submitted to LiveGuard are separated from samples submitted by LiveGrid. In case of LiveGuard they are submitted to a safe environment where even access by ESET staff is very limited. This is because users can also choose to submit suspicious documents and it would not be safe if a broad group of ESET staff could access them. If a file submitted to LiveGuard turns out to be malicious, the result is shared with LiveGrid users. Other than that, nothing is shared.

    The fact that a file is old and more users have got it does not mean that it's 100% safe. Therefore only whitelisted files are not submitted. EDTD submits a lot of more files than LiveGuard and the systems can manage processing that load.

  8. 43 minutes ago, AZ Tech said:

    But what happened is that eset did not send the file to the sandbox in the first place, and this is what I am asking about.

    Maybe it was already detected with higher detection sensitivity level than what you have configured for malware. I didn't scan the file with ESSP and aggressive settings so I can't tell if that was the case. If the file was dowloaded from the Internet and then executed, it should have been sent out for analysis.

  9. I think I know what you would like to achieve but I'm afraid it's not possible. The thing is you now have all on-demand scan profiles configured to use real-time protection reporting and detection settings, ie. reporting is set to Balanced for pot. unwanted applications and suspicious applications and protection is set to Off. That means cleaning is not possible because of the protection level set to Off. What you need to do is create a new on-demand scan profile or use an existing one (e.g. Context menu scan), configure it to use individual reporting and protection setting and set same reporting and protection levels. Using this profile to clean detections should work. The problem is that it would not be possible to prevent users from using this scan profile.

    I have created an improvement task so that a particular on-demand scan profile can be hidden for users but admins could use it for a remote scan from ESET PROTECT.

  10. 6 minutes ago, Faizan Siddiuqi said:

    Dear, still getting the same error problem is why its unable to connect to the server  proxy settings are correct, ip/ports are allowed, what could be the issue?

    Obviously something happened, e.g. a change was made in your network infrastructure, etc. between these times:

    On Aug 5, 9:34 the product was able to update, however, since 12:02 all updates attempts have been failing:

    5. 10. 2021 12:02:00    Update    Could not connect to server.    SYSTEM    
    5. 10. 2021 9:34:33    ESET Kernel    Detection Engine was successfully updated to version 24073 (20211005).    SYSTEM    

    I assume the problem could be with the proxy 172.xx.xx.xx1. Try updating directly from the Internet to confirm that there's something wrong with the proxy configuration.

×
×
  • Create New...