-
Posts
38,002 -
Joined
-
Last visited
-
Days Won
1,507
Everything posted by Marcos
-
Do you mean that Endpoint Security didn't block Conficker with "Protocol RPC" selected in the IDS setup -> Intrusion detection? If you used ESET Endpoint Antivirus, don't wonder that it's not detected at the network level. Unlike Endpoint Antivirus, ESET Endpoint Security contains a firewall with IDS which is the module responsible for inspecting network communication. ESET Endpoint Antivirus is a lighter version that doesn't include the firewall, antispam and Web control. ESET Endpoint Antivirus can detect Conficker at the file system level as it's spreading over network, after it has created its binary files in a remote share. Obviously the malicious file was detected and removed (C:\WINDOWS\System32\vxwmpkj.mu Win32/Conficker.AA) as expected. In order to clean Conficker in LAN, it's necessary to follow the instructions in the KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2209 (install the appropriate hotfixes on all machines, change admin password to non-trivial ones, etc.). To find out infected computers in a large network, an administrator could use a Nmap script as per the instructions here. PS: The topic would have received better attention if it had been posted in other than the General forum.
-
Please create a Process monitor log from the moment you connect the Ironkey thumb drive to a computer and attempt to access it. When done, compress the log, upload it to a safe location and pm me the download link. Also run ESET Log Collector and send me the archive created, attached to a personal message.
-
In interactive mode, ESS may block the communication for a network-aware application as no window with action selection pops up due to a bug. In the advanced setup, navigate to Network -> Personal firewall -> Application modification detection, add the application to the list of exceptions until the issue is addressed in the next v7 build.
-
Endpoint Antivirus Renewal - odd behaviors
Marcos replied to mfdenver's topic in ESET Endpoint Products
As for EES being robust, the fact that it includes Web control, Firewall and Antispam doesn't make it heavy on resources. Firewall not only allows for controlling network communications, it is also capable of blocking malicious packets when an attempt to exploit known vulnerabilities is detected. Regarding the issue with accepting your renewal code, please contact the distributor from whom you purchased your license (probably ESET, LLC). -
Did you also restart the computer? Device control integration remains active until the next restart / shutdown. As for the issue, it could be a general problem with Ironkey that might not be possible to resolve. We'd need to get a Process monitor log for analysis to see what's going on. Therefore I'd suggest contacting customer care and opening a ticket who will help you create the log and will subsequently pass it to the engineers for analysis.
-
Perhaps if you choose strict cleaning, you will no longer be asked for an action. However, with strict cleaning any detected files will be removed automatically, be it patched or infected system files or archives containing also clean files besides malware.
-
ESET merely uses Windows API functions to determine the temporary folder. That said, you'd need to move the Users / Documents and settings folder elsewhere and adjust the appropriate registry values as well as all users' variables to point to the new location.
-
how do i remove sirefef (zeroaccess) trojan
Marcos replied to jimallan's topic in Malware Finding and Cleaning
Please post a screen shot of the warning message you're getting. -
Currently all scanner profiles use the same default settings which is by design and cannot be changed in v7. Maybe in future versions it will be possible to change this behavior. Smart optimization should be kept enabled as it doesn't involve any security risks. It substantially speeds up scanning (especially with LiveGrid enabled) without any adverse effect.
-
For some unknown reason, Windows API returns this weird and non-existing path to the temp folder. If you run echo %TEMP% in the command-line console, it should return the same path. Unfortunately, I was unable to find more information about the weird path so it will remain a mystery as to why Windows returns it
-
Did you also check the c:\windows\temp folder? If emptying it doesn't help, it could be a permission issue. In that case, a Process monitor log will shed more light.
-
how do i remove sirefef (zeroaccess) trojan
Marcos replied to jimallan's topic in Malware Finding and Cleaning
Do you mean that the Sirefef cleaner didn't find any threat even if your ESET product is detecting it? Could you please post a screen shot of the alert you're getting? -
PROOF that NOD32 v7 is a resource hog
Marcos replied to Super_Spartan's topic in ESET NOD32 Antivirus
What kind of performance impact do you mean? V7 should be the lightest version since v1/v2 thanks to Smart optimization and LiveGrid. If there's a performance issue, we'll be happy to assist you with troubleshooting it. The OP has been probably the only person to have reported a performance issue so far but it couldn't be reproduced and all other users are happy with the performance of v7.