-
Posts
37,927 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
It's most likely just a coincidence. If you enable logging of submitted files, do you see some files submitted at that time? I'd suggest the following: - enable diagnostic logging verbosity - enable advanced firewall logging - reproduce the above mentioned behavior - disable logging and also change the logging verbosity back to standard - collect logs with ELC. When done, provide me with the generated archive.
-
If running an on-demand scan of the disk doesn't remove it, please provide ELC logs from the machine.
-
If Windows starts slowly after upgrade to v11.1.42, please create a Procmon boot log as per the instructions at https://support.eset.com/kb6308 (steps 1-4, the proceed with Gather boot log files instructions). Also collect logs with ELC (https://support.eset.com/kb3466/). When done, upload both archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.
-
Display online status of clients
Marcos replied to Arnd Spiering's topic in ESET PROTECT On-prem (Remote Management)
Since computers are not permanently connected to ERAS, it's not possible to display online status of clients. However, in the ERA console you see the date and time of the last connection to ERAS. -
Please carry on as follows: - in the advanced update setup -> tools -> diagnostics, enable both advanced firewall and protocol filtering logging - reproduce the issue - disable logging - collect logs with ELC - delete the content of C:\ProgramData\ESET\ESET Security\Diagnostics - temporarily disable protocol filtering - in the advanced update setup -> tools -> diagnostics, enable advanced firewall logging - try to reproduce the issue (this time it shouldn't manifest as you said) - stop logging - collect another set of logs with ELC. Finally upload both archives generated by ELC to a safe location and drop me a message with download links.
-
1, What operating system is it? If Window 10, then not all updates are part of Windows updates. If you don't want to be notified about missing OS updates or only about critical updates, you can disable / configure this feature both in an Endpoint and ERA agent policy. 2, You can have non-ESET applications reported if you enable that option in an ERA agent policy:
-
Office 365 portal blocked in incognito mode
Marcos replied to moth's topic in Malware Finding and Cleaning
This was fixed about 30 minutes ago. If you have LiveGrid enabled and working, it shouldn't be detected any more. Otherwise it will be fixed after an update which is being prepared. -
Синхронізація Last Pass (Synchronization Last Pass)
Marcos replied to Petro's topic in General Discussion
Since this is an English forum, please post in English so that moderators and other users can understand you and answer your question. Unfortunately, it is not clear to me what you mean by synchronizing with Last Pass. -
Office 365 portal blocked in incognito mode
Marcos replied to moth's topic in Malware Finding and Cleaning
Please collect logs with ELC but also select "Quarantined files" in ELC before you click Collect. When done, drop me a private message with the generated archive attached. -
You can try temporarily uninstalling ESET to see if the issue goes away. If it doesn't make any difference, you will reinstall it and continue with further troubleshooting. If the issue doesn't manifest without ESET , try the following, one at a time, to narrow it down: - temporarily disable automatic start of real-time protection and reboot the computer - temporarily disable protocol filtering - temporarily disable HIPS and reboot the computer.
-
This forum is not the right place to report urls. Please follow the instructions at https://support.eset.com/kb141/.
-
There seems to be an issue with real-time protection since downloaded eicar.com must be detected. Please collect logs as per the instructions at https://support.eset.com/kb3404/. After clicking "Replication start", download eicar.com and then click "Replication stop" if eicar was not detected.
-
Upgrading to ERA v6.5 is not mandatory but highly recommended. For a list of changes, please refer to https://forum.eset.com/topic/11316-eset-remote-administrator-6531-has-been-released-and-is-available-to-download/ and https://forum.eset.com/topic/13632-eset-remote-administrator-6534-has-been-released/.
-
In your screen shot, the first two records don't have the "Scanned folders" column completely visible but I assume that all drives C: - I: are listed there. Please confirm. Also I'd like to ask you to generate a complete application dump during a scan via the advanced setup -> tools - > diagnostics - create. Make sure that the dump type is set to full. When done, collect logs with ELC, upload the generated archive to a safe location and drop me a pm with a download link.
-
If you compare the number of scanned files, please always disable Smart optimization to rule out the possibility that files were skipped thanks to various optimization techniques applied on trusted or already scanned files that we use. What you could try: 1, Enabling logging of all scanned files and comparing the logs after 2 subsequent scans. 2, Between the scans switch to pre-release updates and back to invalidate cached records. Anyways, with Smart optimization disabled step 2 should have no effect on the number of scanned files.
-
ESET Live Grid after latest update - cannot disable, cannot enable
Marcos replied to p0k3m0n's topic in ESET NOD32 Antivirus
Although it's possible to set it in gui, update won't be attempted in 30 minutes interval but every 60 minutes which is the default value. Of course, LiveGrid connects to servers and downloads blacklists in shorter intervals and when needed plus v11.1 introduced a new types of definition updates to make response to new threats even faster. As for the other settings you reported not to have retained after upgrade, we are checking it with testers. Although upgrade and settings retention is part of QA tests, we'll rather double-check it now.