-
Posts
37,934 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Firewall paused with password protected settings?
Marcos replied to Lockbits's topic in ESET Endpoint Products
I have often seen Filecoders to be detected both in TS shares and on local disks which means they were detected and blocked, however, the attacker had to disable real-time or even other protection mechanisms in order to be able to run the ransomware. Did you have detection of potentially unsafe applications enabled? I'm asking because detection is disabled by default as it covers legitimate tools that can be misused in the wrong hands, however. -
Please post a screen shot of what package you selected in the repository.
-
Firewall paused with password protected settings?
Marcos replied to Lockbits's topic in ESET Endpoint Products
First of all, if an attacker gains administrator access to a computer, he or she can do virtually anything, including killing the security programs you use. In this case it's not the firewall that would have prevented the ransomware from being executed by the attacker; they typically disable real-time protection which would have otherwise prevented the ransomware from being executed. Besides hardening or completely disabling RDP, if not really needed, you should consider: - keeping the OS up to date, installing all critical security patches asap - using a non-default port for RDP connections - limiting users with RDP access - using strong passwords - limiting IP addresses / ranges for RDP connections - set a password to protect ESET settings - enable detection of potentially unsafe applications to detect legit tools that can be used to kill running applications. -
Firewall paused with password protected settings?
Marcos replied to Lockbits's topic in ESET Endpoint Products
The attacker would have to run this command from the ERA console. -
Dear Eset Community, I got a strong Malware into my device?
Marcos replied to Y.Bach's topic in Malware Finding and Cleaning
What was detected by ESET and what by the other AV you mentioned? Was it files which were detected? Do you still have them at least in quarantine? I assume you are talking about a Mac device, aren't you? -
You have posted in a consumer product forum. This feature is available only in ESET Endpoint.
-
Most likely a proxy server is serving an html code with a notice instead of the actual content of update.ver. Check proxy settings and make sure that the machine is allowed to connect to ESET's servers. Also I'd strongly recommend uninstalling EFSW 4.5 and installing EFSW 6.5. V4 is very old and is not intended for modern server systems either.
-
If temporarily disabling protocol filtering doesn't make any difference, the issue is highly unlikely to be ESET related.
-
If you have lost your registration email with a license key, please contact the seller from whom you purchased your license. If you don't get any email after entering your registration email address in the form for re-sending license details, most likely we don't have your email address on files.
-
Since this is ESET forum, A vs B discussions are not allowed. If you cannot afford paying for top-notch antivirus, you can go for a free one. Please refer to other forums for comparison. Paid antivirus can invest more into researches, developers, customer care, etc. and therefore provide you with as good protection as possible. Note that antivirus is not just the program itself. Also customer care is important, especially if you get infected with malware. Users with free AV usually don't get any support.
-
It's not that difficult as it seems. You basically choose between: 1, ESET NOD32 Antivirus 2, ESET Internet Security (EAV + firewall + antispam + Anti-Theft + Parental Control + Network protection) 3, ESET Smart Security Premium (EIS + Password Manager + Disk encryption) Depending on the country, if you have more devices you can purchase a multi-license pack or Family pack. E.g. in the US and UK, you can purchase a multi-license pack (2-5 devices), not a Family pack. In Slovakia, we don't sell the multi-license pack but a Family pack for 4 devices. As for version numbers, it's not difficult either. The latest version is v11 and we provide it as a service (the same way as Microsoft provides Windows 10 updates), ie. we release product updates on a regular basis to ensure that users have the latest version with new features and fixes. We don't use version numbering like 2017, 2018, etc., except for marketing purposes.
-
Please reproduce the issue and use Procmon to capture operations for at least one minute (make sure to enable advanced output before you start logging). When done, also collect logs with ELC, upload both archives to a safe location and drop me a message with download links. Do you have Parental Control disabled? You should get similar warnings from a browser if a certificate is not trusted. You can also check certificates used by particular websites here: https://www.ssllabs.com/ssltest/
-
Please create a Procmon log with advanced output enabled as per the instructions at https://support.eset.com/kb6308/ and also collect logs with ELC. Upload both archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.
-
It appears that you have Endpoint Security installed. A malicious Word document was blocked by Network Protection upon an attempt to download, e.g. after a user clicked a link in a spam. Since ESET is very good at detecting and preventing Emotet and its VBA downloaders both by url blacklists and LiveGrid, it's very unlikely that the malicious Emotet payload would manage to run even if the initial download attempt hadn't been blocked by Network Protection. In future versions we plan to display threats handled by Network protection in yellow and report "Blocked" instead of "Detected".