-
Posts
37,943 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
The self-development program is blocked on the eset firewall
Marcos replied to RandyWang's topic in ESET Endpoint Products
Please answer my question - does pausing firewall from gui make the issue go away? If so, then all you need to do is to set up the appropriate rule as all non-initiated inbound traffic is blocked in automatic mode. Do not remove "ESET firewall" from network properties or you will disable the firewall completely. -
Beta versions of Mac OS are not supported by ESET products. However, we plan to provide beta versions of ESET CyberSecurity (Pro) but currently we do not have any new version for beta testing.
-
The self-development program is blocked on the eset firewall
Marcos replied to RandyWang's topic in ESET Endpoint Products
Do you mean that temporarily disabling firewall from gui doesn't make any difference? -
offline usage and livegrid security warning
Marcos replied to tbsky's topic in ESET PROTECT On-prem (Remote Management)
But why do you disable LiveGrid for offline machines? Leave it enabled even if they don't have Internet access. Do these computers update from a mirror? -
Would it be possible to temporarily install the 30-day trial version of EIS on this machine at least to generate the advanced firewall log? With EAV, enabling etw logging would require disabling self-defence and importing specific reg files to enable/disable logging.
-
First of all, applications must be thoroughly analyzed before they are classifies as PUA, adware or whatever. As for the app you've pointed out, it's on the verge between legit app and PUA but so far we haven't got sufficient proofs for PUA detection.
-
Mail Security quarantining valid emails
Marcos replied to sos4eset's topic in ESET Products for Windows Servers
If it's due to sender's IP address being on the blacklist, contact your local customer care and provide them with an example of an email (eml or msg) that was incorrectly evaluated as spam. -
Please carry on as follows: 1, Download EpfwWfpRegV10.1.3.exe. 2, Run "EpfwWfpRegV10.1.3.exe /unreg" as an administrator and reboot the computer. Should the problem persist and you have ESET Internet Security or ESET Smart Security installed: - enable advanced firewall logging in the advanced setup -> tools -> diagnostics - reboot the computer - disable logging - collect logs with ELC If the generated zip archive is too large to attach here, upload it to a safe location and pm me a download link.
-
Yes, we plan to have a new version of the mirror tool but it will take some time. Isn't an http proxy an option for you? With http proxy much less data should be downloaded with each update compared to using a mirror.
-
Eset Repository with Selected Products
Marcos replied to genief17's topic in ESET PROTECT On-prem (Remote Management)
Please clarify the use case. Wouldn't caching installers on an http proxy be an option? Or specifying a local address for the msi installer in a software install task. -
Eset Repository with Selected Products
Marcos replied to genief17's topic in ESET PROTECT On-prem (Remote Management)
Unfortunately, this is not currently possible. -
Please create a Procmon log as per the instructions in the FAQ section at the right-hand side at the time when the issue occurs and leave it logging for at least one minute. Afterwards save the log, compress it and upload it to a safe location. Also collect logs with ELC, upload the zip file as well and provide me with download links.
-
How can you know that a particular file should be detected if you didn't analyze it? Please submit undetected files to samples[at]eset.com and pm me the email address from which you will send it. As for a separate product just for adware detection, this is a very bad idea. Then we could have plenty of product, one for virus detection, another one for Trojans, another one for ransomware, another for potentially unsafe applications, another product for adware... There's no sense in that. If something should be detected it should be detected by the current integrated solutions. It makes no sense to split detections with the same effect in terms of detection.
-
https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/
-
This test doesn't show how effective AVs are against encryption. Firstly, there are many ways how encryption can be done. The simulator simulates the behavior that can happen when files get encrypted but it cannot cover all ways of encryption. Secondly, legitimate software may also work in a way that is utilized by ransomware. Encryption as such is not always malicious and it's been used for perfectly legitimate purposes for ages. It is necessary to correctly distinguish between malicious and innocuous applications which may be a daunting task.
-
Not sure what you mean by "LiveGrid heuristics". As for internal analysis, samples are run on replicators and we use various systems, including machine learning to asses if a sample is malicious or innocuous.
-
Try running "EpfwWfpRegV10.1.3.exe /unreg" as an admin, especially If you had v4 installed some time ago and then reboot the computer. Does it solve the problem? If not, try disabling the following, one at a time: - automatic start of real-time protection followed by a reboot - HIPS followed by a reboot - protocol filtering If that doesn't make any difference either, you can try renaming drivers in safe mode to narrow it down further: 1, "C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm\eamonm.sys" and C:\Windows\System32\drivers\eamonm.sys 2, "C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys" and C:\Windows\System32\drivers\ehdrv.sys. If that doesn't change anything either, configure Windows to generate complete memory dumps as per http://support.eset.com/kb380/. When you encounter the issue, manually trigger a crash so that a complete memory dump is generated. Please compress it, upload it to a safe location and pm me a download link.
-
Multiagent is overloaded.
Marcos replied to Haresh2015's topic in ESET PROTECT On-prem (Remote Management)
Please provide MDM trace.log, ideally after setting the logging verbosity to Debug or Trace via a MDM policy, restarting MDM and reproducing the issue. -
It will be staggered release so not all users will update at once. Some users might receive it next week and the rest of users afterwards. Also thank you for pointing out this scary warning. We'll likely replace it with the description from Endpoint help: Pre-release updates are updates that have gone through thorough internal testing and will be available to the general public soon. You can benefit from enabling pre-release updates by having access to the most recent detection methods and fixes. However, pre-release updates might not be stable enough at all times and SHOULD NOT be used on production servers and workstations where maximum availability and stability is required.