Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Marcos

  1. According to https://support.eset.com/en/which-version-of-eset-remote-administrator-or-eset-security-management-center-server-and-related-components-do-i-have, the latest version of ESMC Server for Windows included in the release 7.1.27 is indeed 7.1.717:
  2. I don't think you can map internal storage or SD card as a drive on Windows and scan it then.
  3. If agents were connecting to the ESMC server before upgrade and you upgraded ESMCS via an ESMC component upgrade task, there should be no problem with communication / replication after upgrade. If the certificates were not preserved, then you'll need to re-deploy agent on clients.
  4. You wrote that you had ESET NOD32 Antivirus installed and then "turned off ESET firewall". The thing is ESET NOD32 Antvirus doesn't contain a firewall at all, only ESET Internet Security and ESET Smart Security Premium do. Also ESET doesn't contain a proxy for network communication. Perhaps you've confused egui_proxy with an http proxy but it has nothing to do with communication; it's nothing more or less than a process for visualizing UI in the form of a tray icon and its right-click menu. Does ping work and it's only http that has issues? Have you tried more browsers? Are both http and https sites affected? Does temporarily disabling protocol filtering in the advanced setup make a difference? Please provide logs collected with ESET Log Collector so that we can check for 3rd party drivers and software and might intervene in http(s) communication.
  5. Migration scenarios are described here: https://help.eset.com/esmc_install/70/en-US/migration_same_version.html There are four ways to migrate ESET Security Management Center from one server to another (these scenarios can be used when reinstalling your ESMC Server): •Clean Installation - same IP address - The new installation does not use the previous database from the old ESMC Server and keeps the original IP address. •Clean Installation - different IP address (Knowledgebase article) - The new installation does not use the previous database from the old ESMC Server and has a different IP address. •Migrated Database - same IP address - Database migration can only be performed between two similar database types (from MySQL to MySQL or from MSSQL to MSSQL) and similar alike versions of ESMC. •Migrated Database - different IP address - Database migration can only be done performed between two like database types (from MySQL to MySQL or from MSSQL to MSSQL) and two like versions of ESMC.
  6. This appears to be a problem of a particular proxy server which responds with 304 Not modified even to non-conditional requests which is not in concordance with RFC.
  7. It was confirmed that the issue affected users with custom applications who had the LiveGrid Feedback system disabled. As a result, LiveGrid had no information about the application and a new protection mechanism implemented recently in the Ransomware Shield kicked into action when a suspicious operation was attempted.
  8. I'd recommend upgrading to EMSX v7.1 since it would: - add an option to capture network communication during update - add Ransomware Shield (improves protection) - add support for Deep Behavioral Inspection (improves protection) - add support for streamed updates (improves protection and detection of malware in scanned mails) - add support for Advanced Machine Learning (improves protection and detection of malware in scanned mails) - add support for ESET Dynamic Threat Defense which you might want to use in the future to analyze email attachments in ESET's cloud on the fly - add new options related to mail scanning, fix issues present in EMSX v6. For now enable advanced engine update in the advanced setup -> tools -> diagnostics and run update. Next disable advanced logging and collect logs with ESET Log Collector. When done, upload the generated archive here. It would be also useful if you could provide a Wireshark pcap log with the network communication generated during the update.
  9. I would recommend opening a support ticket and providing: - logs collected with ESET Log Collector - a Procmon log created when the issue occurs; make sure to temporarily disable protection service in the HIPS setup and reboot the system.
  10. If a process accesses a blocked website it doesn't automatically mean that - the url / host is 100% malicious - the process is 100% malicious. While we are aware of the majority of urls with malware, it can be even an innocuous application (e.g. browser) that accessed it.
  11. Site blocking is often interconnected with malware being active on a machine. E.g. if there's an undetected downloader running on a machine that continually attempts to download payload from a url that is blocked by Web access protection, alerts about blocked urls give the user an indication that something bad is going on there which should be looked at.
  12. As I wrote, it's a rootkit so you and other apps / AVs won't normally see it. You should see it in safe mode.
  13. The above has a missing condition for aggregation of same alerts generated in the last 1-2 seconds. If the same alert was to be generated a while later, it would have to be displayed. Without that the user would not know that the machine is infected and the AV is blocking something silently in the background.
  14. You have a rootkit there. Either boot from a clean medium (e.g. ESET SysRescue) and run a full disk scan, or do the following: - start Windows in safe mode - move C:\Windows\System32\Ms96FB23EEApp.dll to another folder, e.g. to c:\eset - start Windows in normal mode - run a full disk scan.
  15. ESMC doesn't act as a proxy server. While the All-in-one installer contains Apache HTTP proxy, it's intended for caching download and update files.
  16. Unfortunately your question doesn't make sense. Please try to explain in more details what you would like to achieve.
  17. Files with those extensions are not scanned even if not excluded. Moreover, real-time protection doesn't scan archives or containers at all. To exclude files from scanning due to other than detection reasons, add them to performance exclusions: Please elaborate more on what actual issue you are trying to solve so that we can understand the use case.
  18. What version of the ESMC agent and server do you have installed? Maybe they are the latest already.
  19. Please provide logs collected with ESET Log Collector, not just recent records from the HIPS log. As I already mentioned, the applications' behavior seems to trigger a new detection in the Ransomware shield but we'll need ELC logs to confirm. Since it's a behavior detection and the applications are not prevalent, you need to add them to performance exclusions to prevent detection.
  20. Then it's very likely that even uninstalling ESET wouldn't resolve the issue.
  21. Please provide logs collected by ESET Log Collector.
  22. Please provide the requested logs along with quarantined files. We would like to find out what was actually detected. I can imagine the process renaming files had a low reputation in LiveGrid and the log files had a suspicious extension used by ransomware which, along with some other conditions, led to the detection by Ransomware shield.
  23. Should be available on the pre-release update channel soon.
  24. Are you getting the error when attempting to update? Do you update directly from ESET's servers, via an http proxy or from a mirror? Please upgrade to the latest version of ESET Mail Security for MS Exchange v7.1 and see if the issue persists.
  25. This is a rule to block execution of Notepad:
  • Create New...