-
Posts
37,945 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Do you mean that ekrn consumes more than 200-250 MB of RAM? I assume that especially ransomware protection may need more memory to store data about monitored processes so it's normal that memory consumption may rise over time a bit. Also information about scanned files is stored in RAM and the amount of the data grows a bit as files as scanned. How much memory ekrn consumes, let's say, after an hour since the system started with and without ransomware protection enabled?
-
No Responce from whitelisting request or false detection report
Marcos replied to Addison's topic in General Discussion
It's not a false positive but WebBar potentially unwanted application. This forum is not meant for disputing PUA detections. We can only recommend to contact ESET as per the instructions at http://support.eset.com/kb141. Having said that, we'll draw this topic to a close. -
With default cleaning mode, threats are cleaned automatically. However, in case of archives that contain also clean files besides malicious ones or if a potentially unwanted or unsafe application is detected, a user intervention is required. To avoid this, set the cleaning mode for the desired scan profile to "Strict cleaning" and then run an on-demand scan task using that profile settings.
-
Scan and Update on clients
Marcos replied to hungtt's topic in ESET PROTECT On-prem (Remote Management)
Please contact your local Customer care as this will need deeper troubleshooting. Still, my opinion on this is that a daily scan is redundant and you have deteriorated protection capabilities provided by ESET by disabling the default regular update task as well as default startup scan tasks. -
RDP Hanging with ESET 6 Policy
Marcos replied to Jessraea's topic in ESET PROTECT On-prem (Remote Management)
I'd suggest switching the firewall to learning mode for a while so that the necessary rule is created automatically. -
No exact release date has been set yet. I assume it will be the second half of March if everything goes well.
-
False Positive?
Marcos replied to notanotherdisplayname24get's topic in Malware Finding and Cleaning
Let's drop me a pm with the download link so that I can download the pdf file myself. -
Scan and Update on clients
Marcos replied to hungtt's topic in ESET PROTECT On-prem (Remote Management)
It is very dangerous from security point of view to run update only once a day. Keep the default regular update task which runs every 60 minutes. If you want to run a full disk scan, schedule the task at the time when the computer is idle; scanning all disks every day is overkill, once a week or 2 weeks should be enough. Real-time protection keeps your computer protected and there are also many other protection layers / features. Unfortunately, you've also disabled startup scan tasks which are one of the important protection layers. Apparently your Endpoint is configured improperly from security POV and running full disk scans on a daily basis will not make up for that. -
Scan and Update on clients
Marcos replied to hungtt's topic in ESET PROTECT On-prem (Remote Management)
Updates should be run in regular intervals which is 60 minutes by default and we do not recommend changing it. Running update only at 12 o'clock does not make much sense. After an update the scan cache is flushed so it's pretty normal that many more files will be scanned compared to the scenario where a scan is re-run with the same signature database. -
What type of files is in that folder? If they are popular PE files (exe,dll,sys,ocx), they should be whitelisted and omitted from scanning as long as LiveGrid is enabled and working. Otherwise files will be rescanned after each update. The fact that files have not changed and were not detected does not make them 100% innocuous.
-
Another Research Report That Gives Eset's SSL Scanning A Grade of "F"
Marcos replied to itman's topic in General Discussion
It is important to say that only v9 was affected by the broken validation issue and a fix addressing it was released as a module update a while ago. -
The process of 64 bit Endpoint Antivirus 5 is 32 bit?
Marcos replied to Calgresh's topic in ESET Endpoint Products
Why? Whether ekrn is 32 or 64-bit, it doesn't make any difference for users. Vendors have been successfully using 32-bit kernels on x64 systems for years without issues. -
The process of 64 bit Endpoint Antivirus 5 is 32 bit?
Marcos replied to Calgresh's topic in ESET Endpoint Products
A 64-bit ekrn.exe will be introduced in Endpoint v7. The latest version 6 still has a 32-bit version of ekrn.exe but that virtually does not have any drawbacks. -
As long as clients have access to ESET's servers through an http proxy, you don't have to use an offline license file for activation. They are intended to activate Endpoint running on computers with no Internet connection whatsoever, ie. when ESET's servers can't be reached via a proxy either. Otherwise you will get reports about license violation. In such case, send a product activation task from ERA instead.
-
V10.0.390 was released on Feb 7, 2017. The notification means that you have created a firewall rule for a communication where the communicating application has been modified. These notifications are enabled by default for unsigned applications but can be disabled in the advanced firewall setup (not recommended). If you are positive that the application has been modified in a legit way (ie. updated to a newer version), select Keep rules.
-
It will be more than that For instance, you will be able to choose from dozens of behavioral rules pre-generated by ESET malware researchers and get alerted if any of the rules are hit on clients. This will also be reported to ERA.