-
Posts
37,924 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
[Critical] ESET can not clean Win32/Agent.TXV
Marcos replied to H3xX0r's topic in Malware Finding and Cleaning
Please collect logs with ELC on that machine and provide me with the generated archive for perusal. -
Having a multi-user license doesn't mean that you are entitled to install ESET on any number of devices. The number of devices has to be chosen during the purchase process. From FAQ below this selection: One ESET Multi-Device Security licence can cover up to 5 of your devices. You should choose number of covered devices at the first stage of your buying process. You can transfer protection to another device at any time without the hassle of getting new licence. You can easily check your licence usage through our Licence Manager site at my.eset.com portal. If there's something unclear about this type of license or should you need to correct your order, please contact ESET UK.
-
1, Make sure that the VPN network is trusted. The first time the computer connected to the VPN, you should have been offered an option to mark it as home/office (trusted) network or public. Later you can change it in the advanced setup -> firewall -> known networks. 2, As the name suggests, in interactive mode you are asked whether to allow or block particular communications. It's possible to create the necessary rules in interactive mode and then switch back to automatic mode. Or use learning mode to create rules first and then switch to interactive mode for instance. In your case I assume that marking the VPN connection as trusted will resolve possible issues with firewall blocking desired communication. 3, I assume that temporarily pausing firewall makes a difference and that marking the network as trusted would also resolve this issue. In untrusted (public) networks, sharing and some other communications are disabled. Should the problem persist, create a separate topic for this. We'll need you to: 1, enable advanced firewall logging in tools -> diagnostics, 2. reboot the computer, 3. reproduce the issue, 4. disable logging and collect logs with ELC.
-
It depends on the country where you purchased your license. In Slovakia, we don't sell multi-user license but Family pack which is intended for 4 devices at maximum. In the US, it's possible to purchase a multi-device license for up to 10 devices. The price depends on the number of devices you want to cover.
-
I found an error "Activation context generation failed for "C:\Program Files\ESET\ESET Security\ekrn.exe".Error in manifest or policy file "C:\Program Files\ESET\ESET Security\ekrn.exe" on line 0. Invalid Xml syntax." in your event log. Please continue as follows: - Run "sxstrace.exe trace -logfile:sxstrace.etl" in a commandline console. You should see: C:\LOG>sxstrace.exe trace -logfile:sxstrace.etl Tracing started. Trace will be saved to file sxstrace.etl. Press Enter to stop tracing... - attempt to start ekrn.exe from the Services console or by running "net start ekrn" - press enter in the commandline console to stop logging - provide me with sxstrace.etl. Then you can also provide me with fresh ELC and Procmon logs for me to check that the malware c:\windows\rss\csrss.exe is not running any more.
-
You can drop me a private message with the license key belonging to the license used in a product activation task and I will check if it's a correct license that is still valid.
-
An automatic update (uPCU) will be issues to users with an older v11 later, not immediately after the new v11.1 is released. If you want to have it asap without waiting for automatic update, you can download it and install it over your current version. Installation over an older version is a fully supported scenario to preserve your current settings.
-
Update 11.1.42 Event error ScRegSetValueExW
Marcos replied to Zardoc's topic in ESET NOD32 Antivirus
This will be fixed as of the HIPS module 1316 which should be released soon. -
I would recommend to use this opportunity to move to ERA6 since ERA v5 is due to reach its end of life by December 2018. Moreover, v5 Endpoint products do not provide as good protection as Endpoint v6 and may be affected by issues that were addressed in newer versions. If you don't need to keep the existing db, simply deploy an ERA v6 virtual appliance, generate an agent live installer and install it on a group of clients via group policy. The clients will start reporting to the new ERA then. Both old Endpoint v5 and new Endpoint v6 can be managed with ERA v6. If you want to keep the existing db, follow the instructions at https://support.eset.com/kb3607/. How many endpoints do you manage with ERA?
-
I advised you to use HKEY_USERS\*\ where "*" represents any SID, ie. any user. Note that I'm talking about HKU, not about HKCU.
-
/var/log/esets filled root directory
Marcos replied to LollyColinRhodes's topic in ESET Products for Linux Servers
Unfortunately without knowing what was being logged that made the logs that big I cannot advise any further. Try to reproduce it and then provide such dat file for perusal. -
I'd suggest to start off with posting a screen shot of both the ESET warning and a list of wifi networks in your neighborhood. Also collect ELC logs as follows and provide them for analysis: - temporarily enable advanced firewall logging under Tools -> Diagnostics - reboot the computer - wait until the warning appears - disable logging - collect logs with ELC.
-
/var/log/esets filled root directory
Marcos replied to LollyColinRhodes's topic in ESET Products for Linux Servers
Please upload one of the smaller dat files to Dropbox, OneDrive, etc. and provide a download link. You can safely delete the other big dat files in that folder. -
It appears to be your local seller. Please contact them to resolve the issue.
-
Instead of HKEY_CURRENT_USER, use HKEY_USERS\%SID%. I reckon that * should work as a wildcard for any SID.
-
Issue Re-Active A License After Reinstallion
Marcos replied to Avenger15's topic in ESET NOD32 Antivirus
I've just tried activation and it worked like a charm. Since you are installing ESET NOD32 Antivirus, I assume that you also have a firewall installed which might be preventing ESET from reaching activation servers.