-
Posts
37,944 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Yes, that is a correct behavior.
-
You can create allowing or blocking Device control rules based on the vendor, model and serial number of a device.
-
Can't Start "Eset HTTP Server"
Marcos replied to Heitor Araujo's topic in ESET PROTECT On-prem (Remote Management)
This service is not related to ERA but to the security product that you have installed. Do you have EFSW or Endpoint v6 installed on that machine? Is it configured to create a mirror and provide mirrored update files via http? -
Does it work with IE? Does temporarily disabling HIPS and restarting the computer make a difference? We'll need a Process Monitor log as well as logs from ESET Log Collector for analysis. For instructions how to generate them, see the links in my signature. When done, upload the logs to a safe location and pm me a download link.
-
Does it work with IE? Does temporarily disabling HIPS and restarting the computer make a difference? We'll need a Process Monitor log as well as logs from ESET Log Collector for analysis. For instructions how to generate them, see the links in my signature. When done, upload the logs to a safe location and pm me a download link.
-
Even if that would be possible, we couldn't afford blocking an address without verification. If you manage to report a phishing url to Google for instance, there's a good chance ESET will block it soon too. For instance PhishTank provides an API but it seems it's only for retrieving data from their servers, e.g. if you want to find out if a particular url is phishing.
-
Ekrn.exe loads egui.exe.
-
I'd also add that HIPS is a fundamental protection feature without which self-defense, Advanced memory scanner, Exploit Blocker and Ransomware protection don't work. I emphasize this as there are some users who like to disable particular features without knowing what other protection modules it affects and how substantially they reduce proactive protection provided by ESET's advanced technology.
-
Let's start off with providing me with basic logs. In particular: - in the advanced setup, Tools -> Diagnostics, enable advanced update engine logging - run manual update - collect logs using ESET Log Collector as per the instructions linked in my signature If the generated zip file is too large to attach, upload it to a safe location (e.g. wetransfer.com) and pm me a download link.
-
The files were encrypted by Filecoder.Crysis. Unfortunately, decryption is not possible. Crysis has been seen to be triggered by an attacker after getting to a computer via unsecured RDP: https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/. It's important to back up important data on regular basis, secure RDP (or disable it, if not needed) and practice safe computing. Also we recommend protecting ESET's settings with a password to prevent unauthorized users from disabling or uninstalling AV.
-
Already there. It's called Smart mode. Files are run in a virtual environment to determine the behavior. Not sure what you mean. Not sure what you mean. By default, detected malware is automatically cleaned without asking the user. It's been there for ages but only for the on-demand scanner. We don't plan to extend it to web/email/real-time protection as the computer could been every while.
-
Restarting your computer should resolve the issue.
-
Your assumption is wrong. With ESS/EIS v10 installed, no ESET firewall driver is supposed to appear in the ethernet adapter properties. As for the problem with Device control, it could be registry permission issues which causes it not to register in the system. Since further troubleshooting will be needed, including an analysis of a Process Monitor log as well logs collected by ESET Log Collector, I'd suggest contacting your local customer care.
-
Do you also have http scanning enabled?
-
FYI - Cerber Ransomware Served Up From Web Site
Marcos replied to itman's topic in Malware Finding and Cleaning
Did you somehow format the threat record that each field is on a new line? I'm asking cause Hash and First seen here are shifted one line down. Correctly it should look like: Information: Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe (8288B566340C2BFEC37768F5A029027DDA7C2A5B) Hash: 793568AC8277B3F03FAC123E0898A16AF1E103A5 First seen here: -
You have protocol filtering disabled. As a result, the computer is exposed to Internet-borne threats and other protection features that depend on it will not work. Namely HTTP(S)/IMAP(S)/POP3(S) scanning and Web Control.
-
HIPS - User rules file contains invalid data
Marcos replied to Wallaby's topic in ESET NOD32 Antivirus
You can try uninstalling v8 and installing it from scratch. The error used to occur during an upgrade from v3/v4 versions and could be fixed by editing the registry but in this case it's most likely different as you didn't upgrade. We will always recommend using the latest version of the ESET product as it contains a lot of fixes from older versions besides other improvements.