-
Posts
38,021 -
Joined
-
Last visited
-
Days Won
1,507
Everything posted by Marcos
-
Minsajes Automática en Redes Sociales
Marcos replied to hulde's topic in Malware Finding and Cleaning
We were unable to download any malware from the mentioned url, only a potentially unwanted application. Please follow the instructions in the above mentioned KB article to submit files to ESET for analysis. Also please write in English so that we all can understand you. -
Version 6 Kernel Panic & Firewall (Application Paths)
Marcos replied to planet's topic in ESET Cyber Security Pro (for Mac)
We are working on a new service build that should address all issues known to date. Please try increasing the spinlock timeout by running "sudo nvram slto_us=0xffffffff" and restart OS X for the change to take effect. -
Weird. We replied to all who had sent complaints about the block to samples[at]eset.com. Anyways, the issue is still investigated as the domain is involved in scam so the domain may be blocked again after the investigation has been completed.
-
I'd suggest running the uninstall tool twice or even more times unless it reports that no security program has been detected. It seems that the HIPS driver is still loaded and protecting the ESET install folder. PS: We would appreciate if you could share with us the reasons that led you to uninstalling ESET
-
Please follow the official guidelines for reporting blocks to ESET: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141
-
ESET 7 anti-virus does not run scheduled scans
Marcos replied to blackkat's topic in ESET NOD32 Antivirus
You can check task details in Scheduler for information when a task was run last time. -
Please follow these instructions and report the file to ESET Malware Research Lab. No wonder that the file is detected as it's packed using Themida and has no version information and is not digitally signed either. These factors make files highly suspicious for antivirus scanners.
-
Config update fail between RAS 4.0 and NOD32 4.2
Marcos replied to warswe's topic in ESET PROTECT On-prem (Remote Management)
Exactly. Since the clients are running an old v. 4.2, perhaps the best course of action would be to create a new installation package with the latest version of ESET Endpoint Antivirus / Security 5.0.2228 and push it to the clients with a correct ERAS configuration. -
How to disable NOD32 v4 from updating?
Marcos replied to Super_Spartan's topic in ESET NOD32 Antivirus
As I wrote, one of the main differences between v4/v5 and v7 is that in v7 advanced heuristics is used by real-time protection on execution by default. Emulation by advanced heuristics is a resource and time consuming process, however, thanks to LiveGrid files with good reputation may be omitted from scanning which substantially improves the whole performance. There are several reasons why you don't notice this "lag" with other AV products: 1, Some vendors may not attempt to unpack such large files at all due to an adverse impact on the scan time. While such approach improves performance on one hand, it leaves a potential security whole on the other hand as malware spreading in similarly large files wouldn't be unpacked. 2, I dare to say that no other vendor has such an efficient and powerful emulator like Advanced heuristics employed by ESET's products which can emulate the code very deeply, allowing to detect many new malware variants utlilizing different envelopes. You can play with settings, such as advanced heuristics on file execution as well as with LiveGrid and Smart optimization to see what impact it has on scanning this particular file. -
Delete zip file attachments containing .exe
Marcos replied to FTL's topic in ESET Products for Windows Servers
You could hold you breath before this feature becomes available More information soon... -
I see, it was a typo. The correct command is "sc query ekrn".
-
How to disable NOD32 v4 from updating?
Marcos replied to Super_Spartan's topic in ESET NOD32 Antivirus
According to my investigation, the installer file is 21 MB in size and is packed with UPX. It takes 4 seconds to scan. In an unpacked form, the size of the installer is 23 MB so the difference is negligible and the scan is completed in less than a second. I assume that disabling advanced heuristics on file execution would help in this case (was disabled in v4 and v5 by default). Of course, we don't recommend disabling this option but you can try just to confirm my assumption. Subsequent execution (scanning) of the file should be very quick with LiveGrid and Smart optimization enabled. If you have v4 installed, you can try enabling Advanced heuristics on file execution to make the setting set up the same way as in v7. -
This indicates a problem with ekrn. If you run "sc query ekrn" with administrator rights, is ekrn running or stopped? PS: When posting, did you get an error "Service unavailable" ? I'm asking because a duplicate post was created.
-
Unfortunately, without further logs we can only speculate what happened. It's not clear if the threat was detected by ESET or not at all and whether ESET was installed on the infected computer or only on the server. Also we don't know how ESET installed on the server is configured and what version of the signature database was installed at the point of infection. Please run ESET Log Collector on the server and send me the output via a personal message. PS: Did you get a "Service unavailable" message when posting? I'm asking because you posted twice.
-
Activation Failed After Changing Apple ID Password
Marcos replied to scruples's topic in ESET Cyber Security (for Mac)
Changing the Apple ID password shouldn't affect ESET at all. Maybe there was a glitch with activation servers or whatever when you attempted to activate. -
AV-Comparatives - Data transmission in Internet security products
Marcos replied to SweX's topic in General Discussion
A simple answer - no, local IP addresses are not submitted to ESET. -
Eset endpoint antivirus server configuration required for update
Marcos replied to ahmedsa's topic in ESET Endpoint Products
If you enter "hxxp://192.168.1.10:2221" in a browser on a client, will this open a window with the mirror content?