-
Posts
37,926 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
You can find scan logs under Tools -> More tools -> Log files -> On-demand scanner.
-
A variant of Trojan WIN32/GenKryptik.BSJG
Marcos replied to HienKieu's topic in Malware Finding and Cleaning
The log is not from a boot. After launching Procmon, select "Enable boot logging" in the Options menu and "Enable advanced output" in the Filter menu. Then reboot the computer, launch Procmon and save the log. -
How to exclude threats from your browser?
Marcos replied to Krypton's topic in Malware Finding and Cleaning
That option is available in consumer products too. -
How to exclude threats from your browser?
Marcos replied to Krypton's topic in Malware Finding and Cleaning
Haven't tested it myself but you can try creating an exclusion for the whole computer with the threat name set: -
How to exclude threats from your browser?
Marcos replied to Krypton's topic in Malware Finding and Cleaning
Excluding a threat from being detected is not a solution unless you want to get infected. Although in this case it's adware and not malware, I would not let even adware run on a computer. If you're getting this alert right after launching a browser, ie. without opening any website, try disabling all extensions that you have installed. -
A variant of Trojan WIN32/GenKryptik.BSJG
Marcos replied to HienKieu's topic in Malware Finding and Cleaning
Unfortunately, the Procmon log was not from a boot. Please refer to the section "Gather boot log files" in the above mentioned KB article. Before you start logging, enable also advanced output in the Filter menu. -
A variant of Trojan WIN32/GenKryptik.BSJG
Marcos replied to HienKieu's topic in Malware Finding and Cleaning
Please provide: - ELC logs - A Procmon boot log created as per the instructions at https://support.eset.com/kb6308/ Upload both archives to a safe location and drop me a message with download links and a link to this topic. -
Can we used “Web Structure” to detection phishing website attacks?
Marcos replied to Humair's topic in General Discussion
Web structure tells almost nothing about whether a particular page is phishing or innocuous. There are some typical folders that contain phishing pages, such as securedview, paypal/paypal, docusignpro, adobecom, Gdrive, etc. but their names change, folder names may consist of random characters or phishing pages may be placed even right in the web root folder. It is not possible to 100% detect phishing pages just by the address / web structure and there are many things that need to be considered. -
Keine Verbindung zur Spamschutz-Cloud
Marcos replied to EURO-LOG's topic in ESET Products for Windows Servers
Please check if a firewall allows ESET Mail Security to connect to the Antispam servers listed at https://support.eset.com/kb332/#antispam. -
For Endpoint you can create a mirror. Consumer products support only online updates from the Internet.
-
Probably you meant integrating Secure Data into Endpoint and subsequent management by ERA. Unfortunately, that will take longer and Secure Data will not be included in Endpoint v7.0 but in future versions.
-
Configure Apache HTTP Proxy behind corporate proxy
Marcos replied to MriX's topic in ESET PROTECT On-prem (Remote Management)
Install and update files would be cached by the already existing proxy. I've now realized that the existing proxy requires authentication which is an unsupported scenario. Please configure ESET products to use the existing proxy. -
Configure Apache HTTP Proxy behind corporate proxy
Marcos replied to MriX's topic in ESET PROTECT On-prem (Remote Management)
Since you already have a proxy in place, why do you want to use also the Apache HTTP Proxy? -
In the Task manager, right-click "ESET Main GUI" and select "Create dump file" while the notice about a crash is displayed on the screen. Also collect logs with ELC. Then compress the dump, upload it to a safe location along with ELC logs and drop me a message with download links.
-
Unable to block Youtube or Google Drive on Chrome/Firefox
Marcos replied to CCross's topic in ESET Endpoint Products
Do you really have QUIC protocol disabled? -
Do you have any dump files in "C:\ProgramData\ESET\ESET Security\Diagnostics\" ?
-
There is probably a communication issue between your computer and ISP or between your ISP and ESET's servers. You can provide a Wireshark log from time when the error is reported but I don't think it would shed more light. Since you have a consumer product installed, I assume that you are not behind a corporate firewall that could block communication with ESET's servers. Requests to your DNS server must work or you wouldn't be able to open websites in a browser for instance.
-
Dobry den, Jedna sa o potencialne nechcenu aplikaciu (PUA), pricom starsia verzia jednej aplikacie od tejto firmy bola vyhodnotena ako Deceptor certifikacnou autoritou AppEsteem. Detekcia PUA je dobrovolna a pouzivatel sam rozohoduje, ci chce takeho aplikacie detegovat, alebo nie. Ak aj nechcete vypinat detekciu PUA, mozete priamo zo zlteho okna detekcie v rozsirenych moznostiach zvolit moznost vylucit vzorku z detekcie. Rovnako mozete pridat blokovanu stranku do zoznamu povolenych stranok v rozsirenych nastaveniach - v nastaveniach Webova a emailova ochrana - Sprava adries.
-
JS/Adware.Revizer.B malware - eset fails to remove
Marcos replied to leong's topic in Malware Finding and Cleaning
Are you getting these alerts even if no browser is running? If not, does using a different browser make a difference? Did you try to run a browser without extensions?