-
Posts
37,934 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Please provide a screen shot of the exclusion list. Is the detection name prepended with "@NAME="? You can also try excluding a potentially unwanted or unsafe application right from the yellow alert window upon detection. Also note that this only works for pot. unwanted and unsafe applications, not for malware detections.
-
The attached vbs file is an ESET html alert about blocked access to a malicious url. Is the file re-created after you delete it?
-
The latest version of ECS is 6.5.600.0. If you have this one or newer installed, you have the most current one. 6.5.600.3 is 6.5.600.0 with the latest modules included. If you don't upgrade manually, you should already have the latest modules installed so you won't gain any benefits by installing the latest install package.
-
If the url categorization provider didn't fix a miscategorized website, please contact your local customer care that will reach out to the provider and ask them for re-categorization.
-
No icon in system tray + failed module update
Marcos replied to Samoréen's topic in ESET NOD32 Antivirus
In order to troubleshoot this issue, we'll need: - A Procmon boot log created as per the instructions at https://support.eset.com/kb6308/. - ELC logs. Upload both archives to a safe location (e.g. DropBox, OneDrive, etc.) and drop me a private message with download links. -
Question about Spectre and Meltdown
Marcos replied to angelo_lopes's topic in ESET Endpoint Products
Only applying the appropriate OS update can protect you from Meltdown and Spectre variant 1. For more information, refer to https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help and https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/ for instance. So far no malicious exploits have been seen that would exploit the vulnerabilities and only benign PoCs exist. We strongly recommend upgrading to the latest Endpoint 6.6 to stay protected to the maximum extent against current threats and receive support for the latest updates of operating systems as well. -
Could you retry the procedure with disabling SSL filtering but now also deleting C:\Users\%user%\AppData\Roaming\Mozilla\Firefox\Profiles\%ProfileNamer%\cert8.db before re-enabling it?
-
Please provide a couple of example of such websites. Also try the following: - Disable SSL filtering. - Reboot the computer. - Without launching any application, re-enable SSL filtering. - Launch a browser and check if the problem persists.
-
We are currently experiencing an issue with activation servers, however, they should be up and running momentarily. Please try to activate again in a couple of minutes. We apologize for the inconvenience.
-
We are currently experiencing an issue with activation servers, however, they should be up and running momentarily. Please try to activate again in a couple of minutes. We apologize for the inconvenience.
-
I assume you have one license for 2 devices. All you need to do is use the activation key to activate ESET on each of the devices if not already activated. When upgrading from an older version, activation will not be needed. Only if you uninstall ESET and install it from scratch, the product will deactivate and re-activation will be needed.
-
Yes but this is an automated detection, not one created intentionally by a malware analyst. Since it's not triggered on a file that somebody would complain about if detected, we usually don't remove such detections.
-
Correct. I've scanned it with my Endpoint 6.6 and it's detected: Log E:\test\a9e11807f3cccd52f5476956f96d853e794ced2d - a variant of Win32/Packed.VMProtect.M suspicious application As for the SMSBomber.L, it will be reclassified later. It's not malware.
-
As far as I know, those samples from AV-Test are just innocuous POCs and we were not going to detect them. Regarding the sample above, the verdict is: It is already detected as a variant of Win32/Packed.VMProtect.M suspicious application. After the next update it will be detected as Win32/RiskWare.GameHack.CB application.
-
Dynamic groups questions
Marcos replied to Jboring's topic in ESET PROTECT On-prem (Remote Management)
What expression(s) did you use for the dynamic group without ESET installed? -
6.5.2107.1 removed from repository?
Marcos replied to j-gray's topic in ESET PROTECT On-prem (Remote Management)
Not really. We have always kept even older installers in the repository, however, if we discover a serious issue with them, we need to remove them and thus prevent users from installing a version which might cause serious issues, such as BSOD in this case. -
Web and Mail protocol Filtering is Non-Functional.
Marcos replied to Babek's topic in ESET NOD32 Antivirus
Please read my posts above. If you have ESET NOD32 Antivirus installed, temporarily uninstall it and install ESET Internet Security for easier troubleshooting (activate a 30-day trial version). With EIS installed, enable advanced firewall logging, reboot the computer, disable logging and collect logs with ELC. Upload the generated zip archive to a safe location and drop me a private message with a download link.