Marcos
-
Posts
37,029 -
Joined
-
Last visited
-
Days Won
1,469
Posts posted by Marcos
-
-
Please enable logging of blocked operations in the advanced HIPS setup, reproduce the problem and then supply us with your HIPS log. Also post information about the operating system, platform (x86/x64) and modules that are installed when the issue occurs and when it doesn't as there a chance some other modules were rolled back as well. According to the engineers, HIPS 1078 has some features disabled which might slightly affect the performance.
-
If you rename C:\ProgramData\ESET\ESET Smart Security\epfwdata.bin and C:\ProgramData\ESET\ESET Smart Security\EpfwUser.dat in safe mode, does it fix the issue ?
-
Please post more information from the on-demand scanner log with the full path to the files as well as the detection names.
-
Hello,
make sure that you have SSL scanning enabled.
-
I'd suggest leaving HIPS mode in automatic mode. If you are computer savvy, you can define your own rules, e.g. make HIPS prompt you for an action when an application attempts to write to a run key. For instance, I use a rule to ask me before running an application for which no rule has been created yet.
-
I assume you have ESET NOD32 Antivirus Business Edition for Linux Desktop 4.0.79 installed on clients, do you? What Linux distribution do you use? Also post the output of running "uname -a".
-
Protocol filtering works at the application layer so it doesn't inspect packets. Did disabling protocol filtering actually make the issue go away?
-
Win32/Protector.A virus is a detection from 2009 and ESET's products should be able to clean it. Please submit a couple of uncleanable files to ESET's malware research lab as per the instructions here.
-
Thanks Marcos. But why would ESET not trigger any error when the page is viewed from Firefox, only from IE?
Jim
Script malware is often injected only if certain conditions are met, e.g. if a specific browser is used.
-
Look at the first line of the html code, it most likely contains a malicious script with an iframe.
-
If you encounter an issue with the system locking up with ESET installed, please create a complete memory dump as per the instructions here which should help the engineers find out the cause. When you have a dump from the point of a system lockup ready, contact Customer care (or me or another ESET moderator) who will provide you with further instructions how to convey it to ESET.
It's often 3rd party drivers or applications that clash with ESET's products. I, for one, am not aware of any stability issues that the latest public builds of ESET's products would suffer from.
-
Basically it should be enough to restart / turn on the computer, wait approximately 5-10 minutes until EAV/ESS updates and a startup scan is run in the background. Then restart or turn off/on the computer and the malware should be gone. Sometimes it may be necessary to wait until the next update with a detection for the malware is issued. In such case, contact Customer care who will assist you without the need to wait for the update.
-
If you run an on-demand scan, the results will be stored in on-demand scanner logs. If a threat is detected by other modules, it will be logged in the Detected threats log.
-
We are aware of the issue and investigating it. As soon as we have some news, we'll let you know.
-
This kind of error normally occurs if the backup msi file is deleted from the \Windows\Installer folder. I'd suggest removing ESET completely using the Uninstall tool as per the instructions here and installing EAV v6 from scratch.
-
We weren't able to reproduce the issue on Windows 7. Please provide more information about the cdr/dvd recorder you use (brand, model), whether it's external or internal and whether connected via (e)SATA/PATA/USB(1,2,3), firewire,etc.
-
First of all, nothing has changed in recent Endpoint builds that would make the mentioned issues manifest.
First - updates. Older versions of ESET that I used would pop up a message box when they had updated their virus database. No problem. ESET Endpoint Security does the same, but with one difference - this messagebox grabs control. So when I'm typing, text suddenly disappears in the ESET window instead of going to my text editor. And when I'm playing a keyboard-controlled game, my frentic keyboard-smashing no longer controls my avatar, causing me to lose a life. Can you please change it back so that the message box informing me of updates no longer grabs control? (Or, as a second best alternative, tell me how to change the options to fix this issue?)
This issue should be fixed in the latest build 5.0.2214.
Second - sometimes, ESET Endpoint Security will pop up a message saying that it requires my attention. Again, something previous versions did too. But again with a difference. With the previous versions, when I responded by clicking, I would see a reason. Okay, usually the reason was that I was behind with my patches, something that Windows Update would eventually fix for me anyway, but at least there was a good reason. Now, when ESET wants my attention, I am taken to the main screen showing all green tick marks for the protection status, and no indication at all for why my attention was asked. Why?
This is nothing new and the issue with pop-up notifications has been there for ages. V6 had the notification feature completely revamped to rule out the possibility of a bug. This didn't stop the notifications from appearing, however. Recently we've found out that the issue is most likely caused by the fact that Windows returns an undocumented error number. A workaround for this will be incorporated in one of the future builds.
-
Unfortunately, it's not clear what issues you've been facing while using ESET's products. Could you elaborate more on that? ESET has been continually improving the functionality, stability and overall usability of the products. Regarding malware detection, this has been tremendously improved since v2 and ESET is now able to protect against most of newly emerging threats proactively while detection for not yet recognized threats is added almost immediately.
-
It looks like a setup file so it may not be scanned internally. Please PM me the download link to the file as I was unable to find it according to the hash. Alternatively you can email it to ESET as per the instructions here.
-
You can see a list of online users at the very bottom on the main forum page:
-
It's malware written in Autoit. It registers in the HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/Windows Service Manager key and HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/Windows Service Manager with the path C:\ProgramData\Windows Service Manager0\xsytzecrn.exe. (The file name seems to be random.)
According to the alert, there was no error while cleaning. Try restarting the computer to make sure the malware does not load.
The malware will be renamed to Win32/Neurevt.A as of the next update.
-
The test was scheduled for next week so we've got no results yet.
Last response from Marcos;
This issue was initially reported on Windows XP and it's been confirmed as fixed in the latest version of Endpoint. I've asked the testers to re-test the built-in cd/dvd writing feature on Windows 7.
-
And what about ESET SysRescue?
In wich category belong this tool?
Do we count it as part of NOD32 / ESS or...?
SysRescue is not currently available as a stand-alone tool. It's part of ESET's desktop and server products.
-
ESET products work best with default settings and there's no need to tweak them. Only advanced users should do that providing they fully understand the impact on protection and system performance.
Device Control - Does Not Block Writing CD's
in ESET Endpoint Products
Posted
Could you confirm or deny that the issue affects only CDs/DVDs burnt using the Disk-At-Once method and multisession media are blocked fine?