-
Posts
37,945 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
False Positive?
Marcos replied to notanotherdisplayname24get's topic in Malware Finding and Cleaning
Even if the alert says "Cleaned by deleting", a copy of the original file is put to quarantine. I can't find the file in our ticketing system with samples sent to samples[at]eset.com. Please send it to me via a personal message. -
False Positive?
Marcos replied to notanotherdisplayname24get's topic in Malware Finding and Cleaning
Before cleaning / deleting a detected file, a copy of the original file is put to quarantine. Do you have your ESET quarantine empty and therefore it's not possible to restore the file? -
False Positive?
Marcos replied to notanotherdisplayname24get's topic in Malware Finding and Cleaning
Where can I find that file? -
False Positive?
Marcos replied to notanotherdisplayname24get's topic in Malware Finding and Cleaning
You can temporarily disable protection in order to submit the file to samples[at]eset.com. -
Yes, uninstalling via the Control Panel or Start menu should be enough. Even installation over v9 is supported but I wouldn't recommend it as ESET Internet Security would install in the ESET Smart Security folder. If you plan to use Anti-Theft, you can download and install ESET Smart Security v10. If not, ESET Internet Security will be ok for you.
-
The setting works but since we haven't released any PCU for business products, it has basically no effect. Regarding dynamic groups, of course, it's necessary to adjust the version number in the appropriate rule and bind a new install task to it. Still I think it requires less effort than downloading nup files and editing update.ver. As I wrote, ERA v7 will have upgrading to the latest version significantly improved.
-
Yeah, upgrade using a dynamic group is much easier than fiddling around nup files and update.ver that were downloadable from a KB for Endpoint v5. The good news is that ERA v7 will include a mechanism for upgrading to the latest version with ease.
-
We don't recommend doing topic hijacking, instead please create a new topic where we could discuss your issues. Also include information about what makes you think that your computer is infected. Do you have the latest v10 installed and have run a full disk scan with no malware found? Do you observe a suspicious behavior, such as bad performance, pop-up windows, etc?
-
The detection seems to be ok. There are two dlls - dma.dll and dma_x64.dll embedded in the package. They belong to DiskMetrics Analytics SDK. A description says: "DeskMetrics provides the data you need to identify the most engaged segments, so you can target high value users and maximize revenue." That said, if the data is collected without your knowledge and consent, the behavior is PUA-like.
-
The website is already on ESET's blacklist so there's no need to add it again manually. Check the Filtered websites log for information about the application that attempted to access blocked websites.
-
ekrn.exe consume 40% CPU since 3 days
Marcos replied to Jesposito's topic in ESET Products for Windows Servers
We'll see what the logs will show. Maybe they will actually reveal an issue that was fixed in v6.4 -
ekrn.exe consume 40% CPU since 3 days
Marcos replied to Jesposito's topic in ESET Products for Windows Servers
Please generate a Process Monitor log and let it log operations for at least one minute when the issue occurs. Also collect logs with ELC. For instructions, see the appropriate links in my signature. When done, compress the Procmon log, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and pm me a download link. As for ELC logs, you should be able to attach the output archive directly to the message, if not too large. -
ekrn.exe consume 40% CPU since 3 days
Marcos replied to Jesposito's topic in ESET Products for Windows Servers
Couldn't it be that an on-demand scan is running? If not, does temporarily disabling real-time protection make a difference? -
Automatic mode is suitable for most users as it allows all outgoing communication and blocks all non-initiated incoming communication. Of course, if you are running an HTTP server for instance, the firewall would block incoming communication unless allowed by a rule, however, this is not a common scenario on home computers. Speaking about "leak tests", I rather associate this term with DLP which ESET isn't so testing ESET for something that is meant to be handled by a DLP solution is not correct.
-
@Pankaj You wrote that ESET's ransomware protection is weak. However, you seem to also understand that there's no 100% malware protection and that every AV misses threats, including ransomware. You have pointed out some videos where files got encrypted despite having ESET installed. This only confirms that no AV protects from 100% of threats. So according to your evaluation you should call any AV without 100% detection an AV with weak protection. I reckon those videos were made before Christmas, ie. before we substantially extended the replicator farm for automatic replication and signature generation and also before adding a new Filecoder detection mechanism that is now part of Ransomware protection in v10. I would say it will be much harder now to find a Filecoder that would not be detected. For instance, here are the results of the latest Filecoders that are currently a few minutes or 1-2 hours old: with2901_4b76ad8a_cr246.exe (Locky) Symantec clean AVG clean ESET Suspicious object McAfee clean DrWeb clean Bitdefender clean Microsoft clean Avira clean Kaspersky clean with2901_4b76ad8a_cr42.exe (Locky) Symantec clean AVG clean ESET Win32/Filecoder.Locky.C trojan McAfee clean DrWeb clean Bitdefender clean Microsoft clean Avira clean Kaspersky clean system32_2017-01-29_20-01.exe (Filecoder.FS) ESET Win32/Filecoder.FS trojan Bitdefender clean Symantec clean McAfee clean AVG clean Kaspersky clean DrWeb clean Microsoft clean Avira clean Avast clean All I want to say is that ESET's protection against ransomware and zero-day threats is excellent and in no way can it be called weak.
-
It just redirects to an ad service which subsequently serves ads some of which are legit and some are scam. It will be blocked momentarily.
-
This would happen if the root certificate could not be imported automatically for some reason. Try the following: - restart the computer - without launching any application, open the ESET advanced setup, disable SSL/TLS filtering and click OK - re-enable SSL/TLS filtering and click OK - after a few seconds launch a browser and try to open an https website.
-
Windows 10 not updating after ESET installation
Marcos replied to cherti's topic in ESET NOD32 Antivirus
ESET does not affect Windows updates. Does temporarily disabling protocol filtering in the advanced setup make a difference?