-
Posts
37,944 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
This happens if there's a problem receiving DNS TXT responses. Some routers are known to have issues with this. A Wireshark log with the network communication captured would shed more light.
-
PDF/TrojanDropper.Agent.AH False Positive?
Marcos replied to rockshox's topic in Malware Finding and Cleaning
You can already do it from ERA by sending a quarantine management task to restore files by detection name as follows: We will do our best to restore the affected files for all users automatically within the next few hours. -
PDF/TrojanDropper.Agent.AH False Positive?
Marcos replied to rockshox's topic in Malware Finding and Cleaning
We confirm false positive. Updates were stopped minutes ago and a new version of the Rapid response module will be released momentarily. We're also investigating possibilities of restoring the affected files from quarantine automatically. -
I'm afraid that without getting a complete memory dump from the moment of a system freeze we're in a blind alley. Since you are able to reproduce the issue at any time, please configure Windows to generate complete memory dumps as per http://support.eset.com/kb380, reproduce the freeze and force the system to crash in order to generate a dump. When done, compress the dump, upload it to a safe location and pm me the download link.
-
How do you know? We've recently seen an increase in issues caused by a recent update of Windows Defender which resulted in locking up files during installation or upgrade of ESET. Hence I would like to rule out WD as a possible culprit. We haven't been reported issues like this from other users so it's not a general issue with Windows 10.
-
EAV-program-window pops up on every start
Marcos replied to simplicissimus's topic in ESET NOD32 Antivirus
Please drop me a pm with ELC logs attached. For instructions how to use ELC, see the appropriate KB linked in my signature. -
Server no shown in era web console
Marcos replied to cutor's topic in ESET PROTECT On-prem (Remote Management)
Install ERA Agent on the machine where ERA Server is installed. -
Would it be possible to generate a complete memory dump as I suggested above and provide it to us for perusal? In the mean time, you could provide me with ELC logs as per the instructions linked in my signature. Maybe I'll spot something suspicious there, e.g. some software or driver that might clash with ESET.
-
Not if they update from a local mirror which is not accessible from outside.
-
You should do the following: 1, Create a secondary update profile for updates from outside of LAN. This profile will get updates from ESET's servers. 2, Edit an update task (ideally use the default Regular update task) and specify the primary and secondary update profile. 3, Edit a policy and under Tools -> Proxy server, enable "Use direct connection if proxy is not available". Once applied on clients, both clients in LAN and outside of LAN should update fine. Last but not least, we'd recommend abandoning the local mirror and using an HTTP proxy (e.g. Apache HTTP proxy bundled with the All-In-One ERA installer) to substantially reduce the traffic with ESET's servers.
-
Check if you have Lenovo RapidBoot installed. We recommend uninstalling it as it's known to cause various issues. Should the problem persist, configure Windows to generate complete memory dumps as per the instructions at http://support.eset.com/kb380/ and initiate a manual crash to generate one. When done, upload it to a safe location and pm me the download link. Also provide me with ELC logs as per the instructions linked in my signature.
-
I have serious doubts in ESET anti-ransomware module
Marcos replied to novice's topic in ESET NOD32 Antivirus
Home and Endpoint versions never been same in terms of functionalities. Developing antiransomware for corporate environment takes much more time and research than for home users. As I have mentioned, Endpoint must be able to decide about suspicious applications' behavior without user's interaction and reliably, ie. without causing false positives which is more likely to happen in larger networks.