-
Posts
37,941 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Please post the etl log here and I will check it out. It can be read only be ESET staff since symbols are required in order to open it in a readable form.
-
"Your license file does not contain a Username or Password."
Marcos replied to Cousin Vinny's topic in ESET Endpoint Products
Please provide me with your public license ID. Also make sure that those machines were not activated with an offline license file which is intended only for computers that never connect to the Internet. -
Please temporarily uninstall ESET NOD32 Antivirus and install ESET Internet Security. Activate a 30-day trial version since it's a different product than what you have purchased. In the advanced setup -> Tools -> Diagnostics, enable advanced firewall logging and restart the computer. Then disable logging and collect logs with ESET Log Collector. Upload the generated archive to a safe location (e.g. OneDrive, DropBox, etc.) and drop me a message with a download link.
-
Files were encrypted by Filecoder.Crysis. Unfortunately, decryption is not possible. We recommend keeping encrypted files in case that decryption will be possible in the future. We recommend: - using the latest version of an ESET product and keeping all protection features active - protecting ESET's settings with a password - enabling detection of potentially unsafe and unwanted applications - disabling RDP or hardening it (e.g. by restricting it to specific IP addresses or ranges, allowing RDP only for users who really need it and use a strong password, etc.) - installing critical patches that are available for the OS, keeping applications updated.
-
Force client to connect to different server
Marcos replied to jimwillsher's topic in ESET PROTECT On-prem (Remote Management)
The other ERA server must have the public CA certificate imported in order to trust the agent certificate. Without that, you'd need to reinstall agent and provide the correct CA certificate used by the other ERA server. -
Are you able reproduce BSOD with the HIPS module 1309 installed? If you have v1308, most likely you haven't switched to pre-release updates. As for the issue with the firewall, try booting in safe mode and renaming the files epfwdata.bin and epfwuser.dat in the "C:\ProgramData\ESET\ESET Security" folder. Let us know if that helps.
-
Since everything has been already said and explained, we'll draw this topic to a close.
-
The file libc-2.23.so is scanned very quickly (a few ms) so it shouldn't have any effect on this. I've passed it on to the developers anyways as I don't think it's scanned in an optimal way. Please provide me with a complete dump of ekrn by selecting full dump in the advanced setup -> tools -> diagnostics and clicking Create (dump) at the time when you are experiencing a high cpu load by ekrn.exe. Then collect logs with ELC which should also include the generated dump by default. Upload the archive to a safe location and pm me a download link.
-
Updating modules does not cause disconnection of other existing connections. Are you saying that if you download a large file via a browser for instance and ESET updates its modules while the file is being downloaded, the download is interrupted every time? Was this happening with the latest v11.0.159? What version of Windows do you use and what platform is it (32/64-bit)?
-
Does unticking "ESET Firewall" in your Network connection properties make the issue go away? Or disabling the firewall in the advanced setup is enough? As of v10, we started to use Windows Filtering Platform instead of using a lightweight firewall driver to avoid certain issues, however, it's only used on Windows 8.1 and higher where the functionality is fully supported.
-
That's not a good idea. If it was time limited, the log might not contain the valuable data that we need if logging was not stopped after an issue has manifested. On the other hand, also extremely large logs would be difficult, if not impossible to process, e.g. if opening very large pcapng logs in Wireshark would take hours or if opening them would end up with memory exhaustion.
-
As Itman said, personal experience is invaluable. If users were not satisfied with ESET's protection capabilities or performance, ESET's products wouldn't be that popular in many countries, including Japan which you will likely agree is very sensitive to quality and efficiency of any goods. Also if ESET was not good enough, it wouldn't have ranked among two best AV desktop solutions and in top 4 in the mobile segment in probably all annual AV-Comparatives surveys where it's users who cast their votes based on their personal experience with various security products. To sum it up: 1, There's nothing like 100% detection of malware. Tests are always performed on a very limited test set. 2, Without knowing the methodology and its relevance to real-wide use it's necessary to take the results with a pinch or better with a lump of salt. 3, AV solutions may behave differently in different conditions, scenarios and systems. What works for one just fine may not work well for another users. 4, Should you encounter a technical issue, a problem with performance, etc. on a particular system, ESET's customer care and we, moderators of the forum, are here to assist you with pinpointing and resolving it. 5, We are open to constructive criticism. We listen to our customers and improve our products also based on your feedback.
-
Currently that's not possible since enabling this option will generate huge firewall logs in the diagnostics folder and therefore advanced logging shouldn't be turned on for a long time. I'll ask developers if it'd be possible to create and provide you with a special version of the firewall that would have advanced logging limited to the detection of identical IP addresses.
-
I'd recommend you try each AV with 100% detection in tests and let us know after a few months about your experience. As itman said, personal experience is invaluable. Also I fully support the idea that everyone should use what fits him or her best. So we kindly ask you to stop complaining about tiny differences in detection rate and use whatever security solution you like most and fits you best.
-
I'm sure you meant Emsisoft If we add a behavior blocker, it will have to be unobtrusive and work automatically, utilizing smart heuristics and information from other protection modules to avoid asking the user for action selection (at least in default automatic mode).