Marcos
-
Posts
37,032 -
Joined
-
Last visited
-
Days Won
1,469
Posts posted by Marcos
-
-
I don't want to discourage ESET, but I think it is time to overhaul the network/internet interface for the firewall.
What do you dislike about the firewall? In my opinion, the interface is very clear and straightforward, much easier to control compared to some other firewalls. Of course, there's still room for improvement like in any software product but personally I don't miss a thing when it comes to features.
-
Does the problem persist even after a computer restart? I'd suggest installing ESS v6 or v7 beta just in case the issue was caused by a bug in old v4 versions.
-
Whenever a certain network communication is blocked, enable logging of all blocked communications in the IDS setup, reproduce the issue and then check the firewall log for details about the communication that was blocked. This should help you create the appropriate rule.
-
There is no version 4.5 except ESET File Security and ESET Mail Security. The latest v4 version for workstations is 4.2.71. As explained above, ESET does not recommend installing v4 as it contains bugs fixed in newer versions and does not provide as good protection as newer versions.
-
Your license is valid until Nov 2013 and I was able to verify it via the built-in function "Verify license validity". It rather sounds like a communication problem with license servers, maybe the communication is blocked by firewall on your end. Try reinstalling ESS and see if that helps.
-
You can find diagnostic settings here:
-
V4.2.71 is the latest v4 available for home users. I'd strongly recommend using v6 which has better protection against new born malware than its predecessors. V7 is going to be available soon which will have protection capabilities improved even more.
-
They are already detected with default settings. If you come across an undetected sample, please submit it to ESET as per the instructions here.
-
Please pm me your username (probably commencing with "EAV-") so that I can check your license details or contact the distributor from whom you purchased your license.
-
Startup scans are essential as they can detect and clean new malware otherwise undetected by other protection modules. The question is whether disabling MBAM's real-time protection actually makes a difference or not.
-
In the IDS setup, enable logging of all blocked communications, reproduce the issue and then post the recent records here.
-
This happens if a router doesn't forward DNS requests produced by Parental control further to ESET's servers. A Wireshark log from replication of the issue would confirm my assumption. If you create one, upload it to a safe location and pm me the download link.
-
Please refer to this list of servers that ESET products communicate with.
-
If you connect to the Internet via wi-fi or DSL, it may take more time until an Internet connection is established. Does v7 update automatically after an hour when the program attempts to update next time?
-
Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication.
-
Since you've mentioned having Malwarebytes installed, do you use the free or paid version? The driver used in the paid version is known to interfere with ESET under certain circumstances, I'd definitely try disabling MBAM's real-time protection to see if it makes a difference.
If you have a dump ready, compress it, upload it to a safe location and pm me the download link. If necessary, I can provide you with access to our ftp server.
-
Antivirus companies should detected actual threats, not just lab-borne made ones intended for studying or presenting one skills. If a threat makes it out of a lab, it definitely deserves to be detected so that users are protected against it. We've been seeing a lot of actual zero-day threats endangering users that were detected only by ESET and all other big vendors missed it (of course, some might have been detected and blocked by behavioral blockers but they are not used on mail servers or gateways so the overall protection is not 100% equal to what ESET provides).
Since everything has been said and explained, we'll draw this thread to a close.
-
Please post the exact error message you're getting when attempting to update.
-
Each file in an archive is counted as an object. Maybe you could set a size limit for scanned objects or disable scanning archives if you want to run an on-demand scan on a regular basis.
-
So you're publicly admitting to have created malware which might be considered a crime if you spread it and the malware performs malicious actions on victims' computers. If you don't spread it and the malware exists only on your computer, that answers why it's not detected by ESET.
-
Please create a Process monitor log from the point when you access the advanced setup and the error occurs, compress it, upload it to a safe location and pm me the download link.
-
If the ESET service (ekrn) crashes, enable generation of complete application memory dumps in the main setup -> Tools -> Diagnostics. When it crashes again, please compress the dump, upload it to a safe location and pm me the download link.
-
Malware was removed from the website and thus we unblocked it.
-
I presume that excluding c:\users\*\ntuser.pol should do the trick.
JS/Agent.NKI.Gen trojan HELP!
in Malware Finding and Cleaning
Posted
It seems to be a recently added malware that is probably downloaded from legitimate compromised websites. I assume the alert started popping up only after you visited certain website, not immediately after reinstalling Windows. This is also a good example of that ESET excels in detection of web-borne threats
Is the threat detected even if you don't open any website in a browser? Couldn't it be that you were attempting to look up something on the "www.re.....ce.com" domain? (some letters were intentionally replaced by periods).
Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread by following the instructions in this KB article.