-
Posts
37,944 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Please provide more information about the use case. Why do you need to temporarily disable even email protection remotely? There's a security risk as malware might infect the computer while protection is disabled. Re-enabling protection should also trigger a full disk scan to ensure that no malware is found in memory or on the disk.
-
Update all Outdated Software
Marcos replied to Tuxedo's topic in ESET PROTECT On-prem (Remote Management)
Do you mean ERA components, ESET Security products or operating system by "software"? Only these can be updated via a task from ERA. -
We have only one or two year or monthly billed licenses. Licenses valid for 30-90 days are typically trial licenses and are not sold for money.
-
ESET ERA 6 Scheduled tasks | How to stop?
Marcos replied to avielc's topic in ESET PROTECT On-prem (Remote Management)
What tasks are you having issues with? -
What is the name of the potentially unsafe application? This detection is optional and is disabled by default. It covers legitimate tools that can be misused in the wrong hands. If an administrator uses a specific pot. unsafe application on purpose, he can exclude it from detection. Also in ERA it's possible to make exclusions by detection name regardless of the location of such files.
-
Again, that's because we don't use localized tag messages that are appended to email and English text is used, hence "virus" which is an English word. What you did is you changed default text to custom which is possible but it wouldn't work correctly with special Polish characters.
-
Policies for EAV Scheduler: Cannot use local time
Marcos replied to fxcd's topic in ESET PROTECT On-prem (Remote Management)
Currently this is not possible because the time is converted to Unix time when saving a task. We'll track it as an improvement for future versions. -
A, This cannot be fixed easily plus it's been so since NOD32 v2 at least. We don't support local encoding in tag messages and the text displayed uses strings with detection types that are globally used in the whole product which is why there can be a mix of English and localized strings in the detection name in notifications. B, I don't understand what the issue is and how it's related to ESET.
-
3. It's expected as we don't support local encoding. Otherwise special Polish characters would not appear correctly, hence English text is used. Notifications to email are not added by default.
-
1, Why should the icon change? To me it works correctly. 2, It's worked like that since the beginning if I remember well. Not sure if this behavior can be changed, will ask developers about it.
-
Create policies for eset v5 with era v6
Marcos replied to kapela86's topic in ESET PROTECT On-prem (Remote Management)
Yes, it's possible. However, once you have moved to ERA v6 I don't see any reason not to upgrade to Endpoint v6 on clients and get better protection. -
I was talking about Web access protection which is part of all ESET security products for Windows. Some remarks: - I/O operations also include communication with drivers. That said, the amount of data read/written from/to a disk cannot be determined from Process Explorer and you'd need to use Process Monitor instead. - Browsers do not need to keep data from streams; they read the data, process it and do not keep it any more or ditch it right away, if not needed. However, antivirus programs need to see the whole content in order to be able to evaluate if it's malicious or not and therefore the data must be temporarily stored which is not the case of browsers. - We keep 1 MB of data in memory and the rest is saved to a disk. Antivirus programs cannot allocate too much memory in order to to store all data they need to scan. It's possible to exclude a particular url or IP address from protocol filtering in the Web access protection setup - URL management to prevent the http communication from being scanned. Edit: I've just received your Procmon log from colleagues in the US. The log contains information about operations performed in approx. 2 minutes. During this time, ESET read 4,5 MB from the disk and wrote 0 bytes to the disk which appears ok to me. Reading 4,5 MB in 2 minutes is not excessive. It appears that no media was streaming while the log was being created, otherwise ekrn would have likely created htt*.tmp files in a temp. folder.
-
I'm sure that your current license can be transferred to EIS seamlessly. Please contact your local distributor or ESET office to arrange that. The price of the remaining EAV license period should be subtracted from the price of EIS.
-
Please generate install logs as per the instructions at http://support.eset.com/kb406/. Also collect logs with ELC by following the instructions linked in my signature. When done, drop me a pm with the logs attached.
-
If you use an IP camera to stream video and if it causes a lot of data to be written to a disk,you can exclude its IP address from protocol filtering. I'd bet that Windows writes much more to the swap file than Eset does. Please provide a Procmon log (ideally a boot log created as per the instructions linked in my signature) so that we can check what operations were performed.
-
Obviously you cannot prevent software from writing to SSD unless you store temporary and user profile folders on a HDD. If larger archives or http streams are scanned, the data is saved to temp files on a disk. We cannot allocate additional hundreds of MB of RAM when needed and we have to work with RAM in an optimal way. Also when update is being performed it requires quite a lot of data to be prepared for compilation of modules which is again something that cannot be accomplished solely in RAM. I guess it wouldn't be a problem to not write to a disk at all if it was common to have dozens of GB of RAM installed on users' systems but this is not something that's gonna happen in the near future.
-
Massive GoldenEye ransomeware attack going on atm, ESETs view?
Marcos replied to m4v3r1ck's topic in General Discussion
https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine/ It appears that ESET Endpoint Security v6 was again able to protect from the exploitation of the EternalBlue vulnerability by network attack protection. -
Error - User rules file contains invalid data
Marcos replied to Palps's topic in ESET Products for Windows Servers
Check process exclusions. A full path to executables must be entered, otherwise HIPS will report that error. -
Eser Mail Security rules and PDF as container
Marcos replied to katbert's topic in ESET Products for Windows Servers
Do you have that pdf so that we could use it for testing? I'd suggest contacting customer care and creating a regular support ticket for this as more iterations will be needed. You can also provide the pdf file along with ELC logs to me too via a pm.