-
Posts
37,941 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
First of all, we kindly ask you to post in English as this is English forum and most of moderators and users do not speak other languages. It appears that your Windows Security Center does not monitor firewall. Create an ERA agent policy that will have reporting of firewall issues disabled in the advanced setup.
-
KC Softwares SUMo / FALSE POSITIVE
Marcos replied to kyle_Katarn's topic in Malware Finding and Cleaning
This forum is not a channel for disputing PUA detections. Please read https://support.eset.com/kb141/. Having said that, we'll draw this topic to a close. -
ESET-NOD32 triggers false positive alert at SUMo
Marcos replied to kyle_Katarn's topic in Malware Finding and Cleaning
This forum is not a channel for disputing PUA detections. Please read https://support.eset.com/kb141/. Having said that, we'll draw this topic to a close. -
Please narrow it down by disabling the following protection features or settings, one at a time: - Web access protection in gui - Protocol filtering in the advanced setup - Advanced scanning of browser scripts in the advanced setup -> Web access protection setup - HIPS (a reboot will be required) - Automatic start of real-time protection (a reboot will be required) - Firewall.
-
No problems with EIS 11.0.144 here on Windows 10. Comparing ESI logs via gui works like a charm.
-
HOw to get ssl cert. to put into remote administrator
Marcos replied to harley95's topic in General Discussion
The problem is expired certificate on p15n.staples.com. It's the owner of the server who must fix it. https://www.ssllabs.com/ssltest/analyze.html?d=p15n.staples.com&latest Valid until Thu, 14 Sep 2017 23:59:59 UTC (expired 1 month and 20 days ago) EXPIRED Trusted No NOT TRUSTED -
Please collect install logs as per the instructions at https://support.eset.com/kb406 and upload them here.
-
Please refer to https://help.eset.com/era_install/65/en-US/index.html?upgrading_apache_tomcat.htm.
-
V6.5.34 is the version of the ERA release. For the version number of particular ERA components in this release, please refer to https://support.eset.com/kb3690/.
-
I'd recommend narrowing down the issue to a particular protection feature and then contacting Customer care to assist you with further troubleshooting.
-
That doesn't hold true for ESET. Such files would need to have a valid Microsoft signature for instance in order not to be scanned.
-
ESET Endpoint Antivirus Logs DAT under eScan
Marcos replied to MrD's topic in ESET Products for Windows Servers
There's an option to enable logging to text files in the advanced setup. -
All the above HIPS records about blocked operations were generated by Self defense. Try rebooting the computer after disabling SD. HIPS is a crucial protection feature and should always stay enabled. If disabled, neither Self defense nor Advanced Memory Scanner, Exploit Blocker nor Antiransomware protection will work.
-
I don't mind amateur "tests", even if they don't reflect real-world scenario but at least those guys should remove anything that has gui as it's unlikely to be actual malware, especially if it's in Chinese, Russian, etc. and one cannot verify the purpose of such app. The fact that a particular AV detects it at VT does not make it malicious; it can be a perfectly legitimate application detected only due to the packer used. Also the "testers" should be able to provide at least hashes of tested files to AV vendors for verification and be open to correct the verdict if a particular vendor confirms that some of the files are not malicious. Last but the least there should be a notice that the test does not show how the security product protects users in real world due to various infection vectors and protection layers being in place.
-
Please refrain from making false statements to discourage users from keeping LiveGrid enabled. In fact, it's extremely important to keep it enabled, otherwise the gap until new malware is recognized may grow from seconds or minutes to hours ! Needless to say that LiveGrid enables scanners to omit whitelisted files from scanning and thus improve performance.
-
If a popular application is unsigned and is updated, I don't think there would be many users who would want to confirm its execution each time it updates. Also waiting for LiveGrid to respond would cause a substantial delay when executing files which could be incorrectly attributed to bad performance of ESET's products.
-
Monitor client firewall traffic from ERA console
Marcos replied to pps's topic in ESET PROTECT On-prem (Remote Management)
With ESET Endpoint Security 6.6, you can set severity for particular rules. Records with warning severity are transferred to ERAS and can be used in reports. You should be cautious about what is sent to ERAS as reporting many records from a lot of machines can have adverse effect on ERAS performance.