-
Posts
37,944 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
I would ask your administrator to disable scanning of removable media (real-time protection would still scan files on them). Stopping a scan would require administrator rights or entering an admin password anyways.
-
I was unable to reproduce it. Please provide a Process monitor boot log as well as ELC logs as per the instructions linked in my signature.
-
I see that it's detected as Win32/FusionCore.L potentially unwanted application. The detection is correct; the installer has fusion.dll embedded. Detection of potentially unwanted applications is optional. If you have opted for PUA detection, you can still exclude a particular PUA from being detected by checking Exclude from detection after unfolding advanced options in the yellow alert window.
-
Performance Problem with NOD32 + Warsaw plugin combination
Marcos replied to Junior Feo's topic in ESET NOD32 Antivirus
Did you try to disable automatic start of real-time protection and restarting the computer? If that doesn't help, try disabling HIPS and restarting the computer. Should the problem persist, try renaming C:\Windows\System32\drivers\ehdrv.sys in safe mode. Is there a way to get the software in question and reproduce the issue on our part? -
I tested it and didn't have any issues after switching back to regular updates. Again, I'd like to encourage everybody who don't work on a production system to keep pre-release updates enabled. This will enable you to receive new modules with new features or fixes in advance and in case there are issues with a new module, you can switch back to regular updates after you report it to ESET and wait until a new module addressing the issue becomes available.
-
ESET Endpoint Security 6.5 constantly restarting
Marcos replied to KrzysiekS's topic in ESET Endpoint Products
Please check if dumps are created in C:\ProgramData\ESET\ESET Endpoint Security\Diagnostics folder. If so, upload at least two recent ones to a safe location and pm me download links along with the output from ESET Log Collector. -
ESET Endpoint Security 6.5 constantly restarting
Marcos replied to KrzysiekS's topic in ESET Endpoint Products
Do you mean that the gui (egui.exe) or the kernel process ekrn.exe is continually restarting? Are there any records of it in the system event log? -
That's quite a lot. Please generate a dump of ekrn via the advanced setup -> Tools -> Diagnostics -> Create (dump). When done, compress the dump created in the Diagnostics folder, upload it to a safe location and pm me a download link.
-
Any Deep Learning Techniques in ESET products?
Marcos replied to 0xDEADBEEF's topic in General Discussion
HIPS was first introduced in v5. Since then it's improved a lot, especially its subfeatures like AMS, Exploit Blocker and the brand new anti-ransomware protection introduced in v10. All these including self-defense are virtually parts of HIPS. For those who don't mind being asked about an action when a suspicious operation is attempted can switch HIPS to Smart mode which is more effective then automatic mode but some decisions must be made by the user. As already said above, AV programs use various protection layers to make it difficult for malware authors to bypass them all. Also J.D. mentioned that even if a particular malware is not visually recognized it doesn't mean we won't learn about it. Quite the contrary; such samples are automatically replicated and detection is added within minutes via LiveGrid. -
There's nothing new on this matter. However, as a workaround excluding the whole Dropbox folder (which includes .dropbox.cache) should work.
-
ESET does not integrate into Thunderbird as a plug-in. Please elaborate more on the issue. Also try the following: - restart Windows - without launching any application, disable SSL/TLS filtering in the advanced setup and click OK - re-enable SSL/TLS filtering - launch Thunderbird and check if the issue is solved.
-
We were unable to reproduce it. Please enable advanced firewall logging in the adv. setup -> Tools -> Diagnostics, then trigger the firewall window, select to create a rule and deny the communication. If the communication of the application was allowed, disable logging, collect logs with ELC as per the instructions linked in my signature, upload the generated zip file to a safe location and pm me a download link.
-
Package configuration vs Policy
Marcos replied to leviu's topic in ESET PROTECT On-prem (Remote Management)
I would also strongly recommend upgrading to Endpoint v6 and ERA v6 for maximum protection and using an http proxy to cache update files instead of using a mirror to save traffic. -
I don't think it's an attacker or malware that disables anti-phishing. An attacker would disable the whole AV product or even uninstall it and not only disable a less important protection feature. I'd suggest opening a case with your local customer care and providing them with ELC and Procmon logs created at the time when you observe performance issues. Also a complete memory dump might shed more light.
-
Unable to update file exclusion
Marcos replied to gaapplied's topic in ESET Products for Windows Servers
You can control a particular setting (exclusions) either via a policy or by user. Policy overriding is only temporary. There's a chance that this will be improved in ERA / Endpoint v7 but I can't confirm it now. -
The solution is to disable Windows Defender. The rule has always been not to have two or more real-time protections running at a time which happens when ESET installs; it takes some time for Defender to disable after our real-time protection activates which causes deadlocks under specific circumstances and file operations then take minutes to complete. The plan is to release a hotfix for Endpoint 6.5 next week. As for home users, it will take longer since changes needed to prevent clashes with Defender are not trivial.
-
The issues may basically occur with any version since it's a clash of two real-time protections running at a time. It's always been a rule not to run 2 real-time protections at a time but recently Microsoft has made some sudden changes that triggered the clash. The issue is not limited to ESET's products and more AVs are affected.
-
Is Endpoint v6 installed on clients? If so, you can manage licenses via ela.eset.com. As for the higher number of seats covered by your license than actually needed, I'd suggest contacting the distributor or reseller from whom you purchased your license to reduce it to the number of computers that you actually use.
-
Action column in THREATS section!
Marcos replied to HienKieu's topic in ESET PROTECT On-prem (Remote Management)
ERA merely displays action that is logged on clients. "Deleted" means that a file was deleted right away, e.g. when malware was detected in a newly created file and cleaning the registry is not needed. "Cleaned by deleting" is reported when cleaning was performed but the file contained only malicious code and therefore was deleted.