-
Posts
37,944 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
10.1.210 Causing Occasional Freezes - v10.1.219 Fixes Issue
Marcos replied to MarcFL's topic in ESET NOD32 Antivirus
Are you having the issues when launching browsers or when opening websites? Does it make a difference if it's an http or https website? Does temporarily disabling protocol filtering in the advanced setup make a difference? You can also try switching to pre-release updates in the advanced update setup in case the issue was caused by an ESET module and was fixed in the latest version of the module which hasn't been distributed for the general public yet. -
So you would like to ask user to allow access for word.exe or excel.exe if he or she wants to open a document from a protected folder? I was talking about protection from ransomware that injects into legitimate processes so the path to the executable will be standard and the file will have good reputation even if the malware injected in it could do malicious actions, such as encryption.
-
Web Access and Anti-Phishing not enabled
Marcos replied to winstonsmith84's topic in ESET Endpoint Products
As for ELC, see my signature for a link to a KB with instructions how to use it. Also I've uploaded the tool here: https://we.tl/RjB97PfkW2 -
What if ransomware is injected into an Office process or if it is run as a VBA macro? Do you know know these solutions protect the folder in such case? It's not much difficult to implement a simple protection but it could be relatively easily bypassed. And that is also the reason why we don't use just simple HIPS rules in antiransomware but instead it's a complex HIPS-based system for monitoring suspicious behavior of processes.
-
@Eta76 Please uninstall v10 completely and install it from scratch. In your case the problem with upgrade is caused by having the system temp folder located on other than the system volume which causes issues when replacing the eamonm.sys driver during upgrade. A workaround for such scenarios will be implemented in future builds.
-
There are issues that can be fixed easily and then there are those that require a change of design or substantial changes under the hood. While the first type of issues / bugs can be fixed quickly, the other type of issues may take weeks or months to implement. Also it's necessary take into account time needed for QA tests as well as other resources. Even Microsoft doesn't release changes immediately but aggregates them into service packs and Windows updates that are released twice a year.
-
The problem is that malware could drop psexec under a different name to bypass such HIPS rules with wildcards. Only a true application control would be the ultimate solution. We've been working on HIPS which is also why wildcard support has not been added yet. We want to deliver true and complete solutions, not just partial ones and therefore some tasks have lower priority than others.
-
Switch to pre-release updates in the advanced setup and then check for a newer product version in the Update pane to get v10.1.219 installed. Or you can wait a few more days until it's distributed to all v10 users.
-
This is problem with v9 update servers not removed after upgrade to v10. Please uninstall v10 and remove "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" manually before installing v10 from scratch. Before you do that, please uninstall v10, do not remove anything from the registry yet but run Process Monitor as per the instructions linked in my signature and install v10.1 from scratch. When done, stop logging and provide me with logs collected by ESET Log Collector as well as with the Process Monitor log.
-
ESET NOD32 Antivirus version 10.1.219 has been released. Update to the new version is now available to all users in-product with an older version 10 and installers are available from https://www.eset.com/download/home/. Changelog Improved: Screen reader improvements including product user interface text-to-speech and tab key navigation Improved: Ability of in-product upgrade to install cross-line products to support Smart Security to Internet Security migration Fixed: Minor bug fixes and localization updates Internal improvements and fixes (e.g. "Pause protection" option is back in the tray icon menu) Known Issues Update progress indicator does not refresh automatically. This is a known issue of the current v10.1 but it will be fixed once you upgrade to v10.1.219.
-
ESET Smart Security Premium, ESET Smart Security, ESET Internet Security, and ESET NOD32 Antivirus versions 10.1.219 have been released. Update to the new version is now available to all users in-product with an older version 10 and installers are available from https://www.eset.com/download/home/ Changelog Improved: Screen reader improvements including product user interface text-to-speech and tab key navigation Improved: Ability of in-product upgrade to install cross-line products to support Smart Security to Internet Security migration Fixed: Minor bug fixes and localization updates Internal improvements and fixes (e.g. "Pause protection" option is back in the tray icon menu) Known Issues Update progress indicator does not refresh automatically. This is a known issue of the current v10.1 but it will be fixed once you upgrade to v10.1.219.
-
Threats are not cleaned
Marcos replied to Clinton Babi's topic in ESET PROTECT On-prem (Remote Management)
It's not possible to select an action for scans run from ERA. You can: - create a policy that will set Strict cleaning mode for the In-depth scan profile and wait until it's applied on clients - run an on-demand scan task with in-depth scan profile All threats and PUAs will be cleaned automatically. You can review the quarantine in case you'd like to restore some files. -
Threats are not cleaned
Marcos replied to Clinton Babi's topic in ESET PROTECT On-prem (Remote Management)
Those are either potentially unwanted or unsafe applications, or archives that also contain other than detected files. In such case, action selection is required in the standard cleaning mode. If you want to clean PUAs automatically, set strict cleaning mode for web access protection, real-time protection and startup scans. As for on-demand scans, I'd be cautious with using strict cleaning as it would also remove archives that also contain other than detected files, or files infected with a virus that cannot be cleaned at the moment. For instance, if you have an archive with tools of which some may be detected (e.g. tools for finding serial numbers), the whole archive would be removed. If you run an on-demand scan with strict cleaning, it's a good practice to review what files have been removed / quarantined.