-
Posts
37,924 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Please gather logs with ELC and drop me a private message with the generated archive.
-
Comparing ESET Internet Security and ESET Smart Security Premium, currently ESSP has two additional modules - Disk Encryption and Password Manager. If you don't need any of these or use another tools already, it's enough to purchase EIS. Transition between products is smooth; simply click Change product in the main gui and you will be offered products that you can activate. After a computer restart, the selected product will be activated.
-
To submit a suspicious file, please follow the instructions at https://support.eset.com/kb141/.
-
Downgrading is not a solution. You should install EP6.6 for maximum protection. We'll be releasing Endpoint v7 within the next few months which will bring even better protection. I assume you must have been attempting to update EP6.6 from a mirror created by EP6.5. The fact that downgrading to EP6.5 helped only confirms my assumption.
-
1, Enable advanced update engine logging under Tools -> Diagnostics on a client that updates from the mirror. 2, Run update. 3, Disable logging. 4, On the client, gather logs with ELC. 5, Compress the content of the mirror folder. 6, Upload both archives to a safe location (e.g. OneDrive, DropBox, etc.) and drop me a message with download links.
-
It appears that your computer is infected. There are malicious DNS servers used: 82.163.143.176, 82.163.142.178. If you have IPv4 configured to obtain an IP address automatically from a DHCP server, check your router's setup and configure it to use Google's DNS 8.8.8.8 or 8.8.4.4. It is also weird that many legitimate processes aren't showing the status "running" but "unknown". Besides that, run a full disk scan with ESET Online Scanner or better from a rescue disk. I've also noticed that you have HIPS disabled. Re-enable it as soon as you get things working. Also you have a CoinMiner PUA excluded. If that was not deliberately excluded, remove it from the exclusion list.
-
So you are attempting to update Endpoint 6.6 from a mirror created by Endpoint 6.5? This won't work since EP6.6 uses a different format of update files. You'll need to create the mirror with Endpoint 6.6.
-
What product / version do you use to create the mirror? Is there any reason why you don't use http proxy to save traffic? When using a mirror, maybe about 90% of downloaded files will never be needed by clients.
-
Only apk files are scanned so if you don't have any on the SD card, no files will be scanned.
-
winlogon.exe trying to reach blacklisted site
Marcos replied to snlehton's topic in Malware Finding and Cleaning
Try renaming the file or moving it to a different folder, e.g. c:\malware. -
No, I didn't register there. I simply entered the address in the address bar several, chose to remember the action and the website was opened in a secured browser alright. I repeated it several times without issues. Perhaps it'd be good if you could shot a video to demonstrate the issue.
-
Been trying to reproduce it on Windows 10 and Chrome 66.0.3359.139 (Official Build) (64-bit) to no avail. I also closed Chrome, re-opened the website and it was always opened in a secured browser without issues or errors.
-
Does the problem occur with any browser, including IE? Does creating the above mentioned exclusions make a difference? Do you have Endpoint Antivirus or Endpoint Security installed?
-
The request http://eset.com/BPPRedirector doesn't go to the Internet but is rather intercepted by BPP. I've tried to reproduce it to no avail. Please provide: - information about the OS - information about the browser, version and platform (32/64-bit)
-
I've checked your logs and there was not a single record about blocked access to a website. The website is not on our url blacklist either. I'd suggest contacting Customer care and clarifying what issue you are having.
-
For me it works with v11.1.42. However, I'd strongly recommend upgrading to v11.1.54. Try manually running update and update to the latest version should be offered.
-
winlogon.exe trying to reach blacklisted site
Marcos replied to snlehton's topic in Malware Finding and Cleaning
@snlehton This was most likely caused by the driver c:\windows\system32\drivers\netutils2016.sys. It's a legitimate driver, however, to my best knowledge it can load malicious configuration. Renaming it or moving it to a different folder in safe mode would have resolved the issue. -
Blocking of unwanted spam phone numbers and sms
Marcos replied to archampion's topic in ESET Products for Mobile Devices
I recall it's a limitation of Android itself. Will update this topic when I have more information on this.