-
Posts
37,942 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
It happens that legit applications scan computers for open ports. Also because of this, there's an option to define exceptions for particular IDS detections.
-
To be honest, I'm not aware of any recent crashes caused by ESET. The fact that eamonm.sys was listed as the culprit does not necessarily mean that it really was. Please get a kernel or better complete memory dump from a crash, compress it, upload it to a safe location and pm me a download link. We'll check the dump and let you know the cause.
-
6.6.2052.0 New build upgrade crashed Windows 10 machine
Marcos replied to tmuster2k's topic in ESET Endpoint Products
By "crashed system" do you mean BSOD? If so, we'd need to get a kernel or better complete memory dump from the crash to determine the cause and to confirm or deny that it was caused by ESET. At the moment I'm not aware of any recent crashes caused by ESET. -
Please report any FPs (be it Generik or something else) to samples [at].eset.sk. As for the differences between DNA and XDNA detections,both are based on the results of emulation by advanced heuristics. While DNA detections are based on so-called DNAs of function calls, XDNA detections use various metadata gathered during emulation.
-
Kryptik is a generic detection of the envelope or obfuscation method. Its name doesn't tell anything about the malware beneath the envelope. The detection is based on emulation by advanced heuristics. GenKryptik is same but it's generated by automatized systems. Generik detections are generated by automatized systems. They are less smart that (Gen)Kryptik or other DNA/XDNA detections created by humans and are usually only temporary until they are replaced with a smarter detection.
-
Ekrn is started as soon as possible, among the first services. It's the crucial process responsible for protecting your system. As of v11, egui is loaded by the operating system when the resource load is lower. This change was needed in order to comply with Microsoft's conditions in terms of performance on startup and in order to receive certification. Instead of the flashing command line window, we could simply display the splash-screen after a fixed period of 30 seconds which was less acceptable than the current solution when the operating system decides when is the right time to run egui.
-
As of v11, egui is loaded by the operating system when the resource load is lower. We had to change the behavior in order to acquire Microsoft certification. It's just the gui that loads with a small delay, not the kernel which is the component responsible for protecting the system.
-
.arena Virus on Windows server 2008 R2
Marcos replied to netbus's topic in Malware Finding and Cleaning
The files were encrypted by Filecoder.Crysis. Decryption is not possible. Modus operandi is that an attacker runs a bruteforce attack on RDP, disables or uninstalls AV and then runs ransomware to encrypt files. It could also be that files were encrypted from a remote computer in shares for which the remote user has write permissions. Make sure that you have the latest version of the ESET product installed and all protection features are enabled. We recommend protecting the settings with a password and also enabling detection of potentially unsafe applications. -
On-demand computer scan is very slow in Windows 10.
Marcos replied to Haresh2015's topic in ESET Endpoint Products
On my computer it took 13 minutes to scan ~850,000 files. In your log, I see that ~1,553,000 files were scanned in ~5 hours. I'd start of by running a full disk scan locally and providing me with ELC logs from that machine, including on-demand scan details selected to be collected. -
Try the following: - Temporarily uninstall ESET. - Check for the presence of the above mentioned registry key. It should not exist. - Install v11. - Check for the presence of the registry key. Let us know about your findings. Did you previously upgrade to v11 from an older version? If so, was it v10 or an older one?
-
nedarí sa odinštalovať napadnuté aplikácie
Marcos replied to Erika's topic in Produkty pre mobilné zariadenia
Pokial sa jedna o predinstalovane aplikacie, jedinou moznostou je ich vypnut v nastaveniach systemu, kedze sa nachadzaju v pamati ROM, do ktorej sa neda zapisovat. -
Shortcuts are scanned like any other files, ie. when accessed by the operating system or other applications. You could try temporarily disabling automatic start of real-time protection and rebooting the system to see if it makes a difference.
-
ESET IS
Marcos replied to manukes's topic in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
If you don't use ESET's BPP for online banking, you can use an alternative solution. What you should avoid is using multiple real-time or HIPS protections at a time.