Jump to content

Marcos

Administrators
  • Posts

    37,927
  • Joined

  • Last visited

  • Days Won

    1,504

Everything posted by Marcos

  1. We appreciate your willingness to help, however, further logs are not currently needed since the issue is now solved and a fixed program update (uPCU) to v11.1.42.1 will be put on pre-release update servers soon.
  2. I don't find it surprising if attackers manage to remote in via RDP and with admin rights disable protection or uninstall the AV. Speaking about the Ransomware shield, it's only a part of consumer products. As for Endpoint, v7 will be the first version that will have it included.
  3. The detection is correct. Potentially unwanted applications are not malware. As per the description at https://support.eset.com/kb2629/: A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks. PUA detection is not enabled by default and user's interaction is required when a PUA is detected. Last but not least, I'd like to emphasize that this forum is not a channel for disputing PUA detections. The only supported channel is via samples[at]eset.com where PUA vendors can contact us.
  4. Thank you. We have eventually pinpointed the issue. It was caused by a new driver class Cameras added in v11.1.42 but the installer didn't register it during uPCU because a new driver was already installed. We've prepared a fixed version 11.1.42.1 which will be put on pre-release servers probably later today or tomorrow. The issue should occur only if your webcam appears under "Cameras" in the Device manager. If it appears under "Imaging devices", the issue shouldn't occur. Please confirm.
  5. You can upload ELC logs to OneDrive, Dropbox, etc. and drop me a message with a download link. If possible, collect 2 sets of logs - one before upgrade and one after upgrade and a system reboot if Web protection fails to get enabled.
  6. This forum is the right place for posting feedback. If you have some ideas or suggestions, feel free to post them in https://forum.eset.com/topic/51-future-changes-to-eset-internet-security-and-eset-smart-security-premium/.
  7. With 22 licenses you've purchased ESET Endpoint Antivirus or ESET Endpoint Security. In this case the license and units can be managed via the portal https://ela.eset.com/.
  8. Also please let us know if you have Windows 10 Fall Creators Update or Spring Creators update (RedStone 4) from the Insider preview channel installed.
  9. ESET is basically configured with default settings, ie. for maxim protection. I'd suggest removing all exclusions since each creates a potential security hole when otherwise recognized malware can run undetected in excluded folders. Use exclusions only as a last resort if certain issues cannot be resolved even with the assistance of customer care. If you don't plan to use scripts, you can create HIPS rules for cscript.exe, wscript.exe, mshta.exe, jave.exe and powershell.exe that will block execution or ask when a script attempts to be executed.
  10. At times update download speed may be lower than usual when a bigger module update was released. However, the speed should return to normal relatively quickly, typically within a few hours.
  11. When troubleshooting agent connectivity issues, start with checking C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html. What issues / errors are reported?
  12. Default settings are recommended and best for most users. What you could improve is to switch HIPS to Smart mode if you know how to respond when you are asked for an action when a suspicious activity is detected. Also you could create HIPS rules for wscript.exe, cscript.exe, mshta.exe and powershell.exe so that are asked when a script is attempted to be executed.
  13. That shouldn't be necessary. I assume it was recommended for smooth upgrade to v6, in particular to prevent issues with the ESET service being unable to be stopped by a new version installer.
  14. I wonder if you could try switching to pre-release updates, upgrade to v11.1.42 and see if the issue occurs or not. If there's an issue, it'd be good to troubleshoot it and find the root cause before the upgrade is distributed to all v11 users. We didn't encounter any issues nor with Device control nor Web protection after upgrade. Before you upgrade, please collect logs with ELC so that we know your current settings and system configuration. Do you use Windows 10? Do you have Device Control enabled?
  15. I would completely uninstall v4, reboot the server and install v6.5 from scratch.
  16. The thing is the dashes can be at different places, depending on the type of license keys. This is for historic reasons and we cannot suddenly stop supporting older type of license keys .
  17. Every security program detects trojans since they make up the majority of all malware. It was either a sort of scam email or the sender might have received malware with a spoofed email address which made him or her think it was sent out from you.
  18. You can disable ESET's firewall and continue using Windows firewall. The firewall will not evaluate rules, yet it will continue protecting computers from bots and malicious network communication.
  19. If real-time protection uses strict cleaning mode, the threat must have been cleaned automatically without user's interaction or running a subsequent on-demand scan. We'll need to check the logs and config as there's something peculiar about this and things don't appear to work as supposed. Please upload the logs collected by ESET Log Collector for Mac to a safe location (OneDrive, DropBox, etc.) and drop me a message with a download link. You've probably contacted ESET LLC so I have no access to your logs currently.
  20. I've heard from others that Demonslay335 is an admin.
  21. We've already decrypted files for several users
  22. You can provide me with ELC logs for a review of your ESET configuration and I will tell you if there's anything you could do to improve protection. Also let me know if you use legitimate scripts (vbs, js, hta, ps) or if it's ok to block script execution with HIPS.
  23. We've performed upgrade from 11.0.159 to v11.1.42 on several machines running Windows 10 and a web cam connected without issues. Perhaps the issue affects only specific cameras so we would appreciate if you could provide information about the vendor and type of the web cam you use or anything that would help us find the common pattern.
  24. Please email samples[at]eset.com and provide: - logs collected by ELC - a handful of examples of encrypted documents
  25. If you are a registered user then yes, we will likely be able to decrypt files.
×
×
  • Create New...