-
Posts
38,027 -
Joined
-
Last visited
-
Days Won
1,507
Everything posted by Marcos
-
Why my website and app marked as PUA
Marcos replied to eset.user.new's topic in Malware Finding and Cleaning
It's been explained that this forum is in no way a means to dispute PUA detection. Having said that, we'll draw this topic to a close. -
The detection is correct. JS/Agent.NKW is a malicious obfuscated java script injected into web pages by certain Joomla plug-ins. For more information about the injection, please refer to Joomla's forum: hxxp://forum.joomla.org/viewtopic.php?t=795946
- 5 replies
-
- quarantine
- cleaning
-
(and 2 more)
Tagged with:
-
1, A bubble should pop up, informing you about the detection and the action taken. Also the detection should be logged in the Detected threats log. I wouldn't recommend using strict cleaning or deleting critical system files automatically (infected or patched) might render the OS unusable. 2, That's by design. This may change in future versions.
-
Eset antivirus blocks Viber.exec file -
Marcos replied to Sussane Towers's topic in Malware Finding and Cleaning
Probably you mean the installer for MS Windows which is detected as a potentially unwanted application. This kind of detection is ok (ie. the application is not detected as malware). If you think that benefits of using software classified as PUA outweigh potential risks, you can exclude such application from detection. -
The dump must be from the time of a freeze, otherwise it wouldn't contain any useful data.
-
There has been an issue with ekrn spiking cpu recently which was caused by specially crafted (corrupt) xml files but this was already fixed earlier this week. Please drop me a download link to the ekrn dump so that I can check it out.
-
False Positive with latest definitions?????
Marcos replied to PhilMabee's topic in Malware Finding and Cleaning
Well, the hosts entry detected by ESET was added by Virut so the detection was ok. It was not a false positive but a clash of 2 security applications installed at a time which is not recommended. When both applications trigger a detection, it can have unpredictable consequences. -
We'll need to get a complete memory dump from a freeze generated manually as per the instructions here. The dump should reveal the cause of the freeze. Also checking a SysInspector log might reveal suspicious software or drivers that might potentially cause the issue.
-
False Positive with latest definitions?????
Marcos replied to PhilMabee's topic in Malware Finding and Cleaning
If malware was seen to use the same hosts entries, no wonder that a detection was added. Please supply me with a download link to your hosts file so that I can check it out. -
At the moment this is by design. Anti-Phishing protection doesn't protect against malware but rather from fraud and not everyone wants to have it enabled. In such case, changing the protection status wouldn't be desired. You could say the same about the notifications about missing OS updates which are vital for protection. However, these notifications nag many users and they rather prefer keeping this feature disabled. You would be surprised that some corporate users even want to keep the protection status green even when real-time protection is temporarily disabled.
-
Configuration - GP vs Local on client
Marcos replied to ritter.rs's topic in ESET PROTECT On-prem (Remote Management)
Not sure what you mean by overwriting configuration with a GP config; the only way how to adjust the configuration of ESET clients is by means of Remote Administrator policies. Also it's most likely policies that rewrite the configuration of the update server on clients. -
Security programs are integrated tightly with the operating system. As a result, the likelihood of an issue occuring during upgrade in certain system configurations is higher than with other software. At the moment, we were able to test only the program itself but not the PCU as the testing department is now focusing chiefly on brand new product versions that should be introduced later this year.
-
The problem is that some routers do not handle TXT DNS queries / responses properly, however, in such case using Google's DNS servers should solve the issue. I'd suggest contacting Customer care and providing them with a Wireshark pcap log from the moment when Web control doesn't work.
-
Please use the Uninstall tool in safe mode as per the instructions here. Then run Live Installer which will download and install the latest version of ESET NOD32 Antivirus 7.0.317.