Marcos
-
Posts
25,390 -
Joined
-
Last visited
-
Days Won
1,054
Posts posted by Marcos
-
-
Please provide me with step-by-step instructions as well as logs collected with ESET Log Collector.
-
13 minutes ago, karsayor said:
While I think auto-update is great for bugfix and security issues, I'm afraid of it deploying newer version with new features and changes automatically without any control over it ?
It depends on your program update settings. If set to auto-update, products will be updated to the latest stable version, typically 1-2 months after the release. If EULA has changed, an administrator will be notified in ESET PROTECT and will have to accept the new EULA prior to applying the program update. uPCU updates are installed after the next computer restart so no additional restart is needed.
-
10 minutes ago, karsayor said:
OK. I relied on KB2256 but it seems wrong then. What in case of update to v9 for example, will it also auto-update via uPCU updates ?
Thanks for the heads-up, the KB needs a complete overhaul. We have notified the documentation team.
-
Unfortunately it is not clear what you mean and no bug like that is known. Are you suggesting that not all attack attempts are logged? How do you know that there were more attack attempts than those logged?
-
10 minutes ago, Jakub244 said:
mame obdobny problem s jednym mailom (o ktorom vieme), je na to prosim nejake riesenie?
Dobry den,
Postupujte podla instrukcii na https://www.mail-tester.com/ a poslite mi v sprave linku na stranku s vysledkami. -
13 minutes ago, karsayor said:
Hi Marcos,
Sorry to interfer in this thread, but I don't get it. I tought uPCU updates were for updates in the same version (8.1.2031 to 8.1.2037) while PCU were for upgrades (8.0.2039 to 8.1.2037). Is this incorrect ?
Also, how do we manage both type of updates / upgrades in ESET Protect ? AFAIK there is only one setting for this.
Both PCU and uPCU are program updates, however, we haven't used PCU for a long time since uPCU was introduced. uPCU are differential updates while PCU is basically equal to downloading and installing the whole msi installer and always require a computer restart.
We're going to use uPCU to upgrade any older v8.0/v8.1 of Endpoint to upgrade to the latest version 8.1.2037 soon. There is one setting for this which you marked in your screenshot.
-
15 minutes ago, LeszekU said:
Hello, I have a similar problem for some time. On some webs I get alert page:
for example:
What can I do with it ?
I'm not getting any alert from ESET and neither https://certificate.revocationcheck.com/stackoverflow.com shows any issues with certificates.
Are you still getting the alert? Is the system date and time set correctly?
-
Searching for "+C(0x13c)+C(0x12d)+C('0x13a')+'r='+token();" should help you locate the malicious javascript.
-
You showed that the website is not on a blacklist of any of AVs. However, what I showed was malware that is on the website. Those are two different things.
-
11 minutes ago, total said:
None of the anti-viruses on "Virus Total" would detect anything in this "travelbubble.in"
Not true:
However, VirusTotal uses on-demand scanners so it's not very suitable for checking infections on websites.
-
The website is infected with JS/Agent.OZD trojan.
Searching for "/amenities/amenities.php?id='+token();" should help you locate the malicious javascript.
-
First try to uninstall ESET in a standard way. Failing this, use the ESET Uninstall tool in safe mode to remove the product.
-
Please raise a support ticket, probably HAR files will be needed for perusal.
-
6 hours ago, GDI said:
By "prevent users from using this scan profile" are you referring to if they go into Endpoint > Computer Scan > Custom Scan > Settings? If so, yeah it would be great to be able to "hide" it but, for us, it shouldn't be a big deal. Just as long as that profile isn't used for automatic/scheduled scans, we are OK setting it up this way.
Correct. If it's ok for you that users could select a profile that will be able to clean suspicious apps and PUAs then the above should work for you. I'd also recommend enabling detection of potentially unsafe applications which cover legitimate tools that can be misused in the wrong hands, e.g. to disable or uninstall antivirus.
-
3 hours ago, AZ Tech said:
Blocked now. Also blocking of redirectors has been improved too. After unpacking the sfx exe and upon running it, it was sent to LiveGuard with a positive result:
The sfx archive contains a bunch of various malware which would be detected anyways upon extraction or running the file without LG analysis.
3 hours ago, AZ Tech said:Finally , I have a question related to LiveGuard, when I ran the aforementioned sample even though it was new and undetected from the eset database, the LiveGuard feature didn't work as I expected, even though eset did detect the malicious file after running it with the Advanced Memory Scanner, This means that the malicious file was not sent via LiveGuard, so what's wrong here?
I assume that the sample didn't do anything suspicious during replication in sandbox. E.g. it could expect certain user's input in order to drop a malicious payload which may be tricky to simulate.
-
1 minute ago, ronmanp said:
Unfortunately for us last resort is hundreds of machines that refuses to either uninstall or upgrade to a newer build.
The best would be to find out why the standard uninstall is failing which could help us suggest the best / most effective procedure how to proceed.
Run:
msiexec /uninstall "C:\ProgramData\ESET\ESET Security\Installer\ees_nt64.msi" /lvx* uninstall.log
If uninstallation fails, please provide uninstall.log.
-
Whitelisted are basically files signed by known trusted certificates, e.g. by Microsoft. Samples submitted to LiveGuard are separated from samples submitted by LiveGrid. In case of LiveGuard they are submitted to a safe environment where even access by ESET staff is very limited. This is because users can also choose to submit suspicious documents and it would not be safe if a broad group of ESET staff could access them. If a file submitted to LiveGuard turns out to be malicious, the result is shared with LiveGrid users. Other than that, nothing is shared.
The fact that a file is old and more users have got it does not mean that it's 100% safe. Therefore only whitelisted files are not submitted. EDTD submits a lot of more files than LiveGuard and the systems can manage processing that load.
-
43 minutes ago, AZ Tech said:
But what happened is that eset did not send the file to the sandbox in the first place, and this is what I am asking about.
Maybe it was already detected with higher detection sensitivity level than what you have configured for malware. I didn't scan the file with ESSP and aggressive settings so I can't tell if that was the case. If the file was dowloaded from the Internet and then executed, it should have been sent out for analysis.
-
The uninstall tool serves as a last resort in case that standard uninstallation procedure fails. It must be run in safe mode since in normal mode ESET processes, self-defense as well as drivers are running.
-
I think I know what you would like to achieve but I'm afraid it's not possible. The thing is you now have all on-demand scan profiles configured to use real-time protection reporting and detection settings, ie. reporting is set to Balanced for pot. unwanted applications and suspicious applications and protection is set to Off. That means cleaning is not possible because of the protection level set to Off. What you need to do is create a new on-demand scan profile or use an existing one (e.g. Context menu scan), configure it to use individual reporting and protection setting and set same reporting and protection levels. Using this profile to clean detections should work. The problem is that it would not be possible to prevent users from using this scan profile.
I have created an improvement task so that a particular on-demand scan profile can be hidden for users but admins could use it for a remote scan from ESET PROTECT.
-
What proxy server do you use? If the Apache HTTP Proxy provided with ESET PROTECT All-In-One installer, then it would be pre-configured to allow access to ESET's servers. Or you use a different proxy? Is it a Linux or Windows machine?
-
22 minutes ago, Faizan Siddiuqi said:
No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk.
Did you try updating Endpoint directly, ie. not through the proxy?
-
6 minutes ago, Faizan Siddiuqi said:
Dear, still getting the same error problem is why its unable to connect to the server proxy settings are correct, ip/ports are allowed, what could be the issue?
Obviously something happened, e.g. a change was made in your network infrastructure, etc. between these times:
On Aug 5, 9:34 the product was able to update, however, since 12:02 all updates attempts have been failing:
5. 10. 2021 12:02:00 Update Could not connect to server. SYSTEM
5. 10. 2021 9:34:33 ESET Kernel Detection Engine was successfully updated to version 24073 (20211005). SYSTEMI assume the problem could be with the proxy 172.xx.xx.xx1. Try updating directly from the Internet to confirm that there's something wrong with the proxy configuration.
-
Can you confirm that you are no longer getting update errors when you run update?
14. 10. 2021 9:02:14 Update Could not connect to server. SYSTEM
14. 10. 2021 8:02:09 Update Could not connect to server. SYSTEM
feature is not monitored by Windows Security Center
in Quick questions by guests (registration not required)
Posted
Please disable monitoring of firewall issues via an agent policy: