Jump to content

Marcos

Administrators
  • Content Count

    20,081
  • Joined

  • Last visited

  • Days Won

    870

Posts posted by Marcos


  1. First of all, on Windows server you should install ESET File Security. Please uninstall EEA and install EFSW 7.2. Secondly, v5.0 is a legacy version which is in limited support and will have reached EOL by the end of this year.

    Please update ESET products to the latest version. If you have offline computers, use the ESET Mirror tool to create a mirror (https://help.eset.com/esmc_install/70/en-US/mirror_tool_windows.html). If the machines have access to a computer connected to the Internet, install an HTTP proxy server (it's a part of the ESMC all-in-one installer) and configure clients to update through it.

    image.png


  2. 10 hours ago, Peter Randziak said:

    It may, make sure that the product is able to access edf.eset.com, for details see https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall

    Besides edf.eset.com, it's also important that clients can connect to pki.eset.com as well to perform activation.


  3. Please carry on as follows:
    - Temporarily disable protected service in the HIPS setup and reboot the machine
    - Start logging with Procmon
    - Reproduce the issue
    - After a while, stop logging.
    - Enable advanced operating system logging in the adv.setup -> tools -> diagnostics
    - Reproduce the issue
    - After a while, disable logging
    - Re-enable protected service and reboot the machine.

    When done, collect logs with ESET Log Collector and add the Procmon log to the generated archive. Upload the archive to a safe location and drop me a personal message with a download link.


  4. Via the network connections panel you can temporarily block communication for a process:

    image.png
     

    Quote

    Now I can't block it the traditional way since the user have no access to the folder ("C:\Program Files\WindowsApps\DisneyMagicKingdoms") by default.

    I don't understand. Only users with administrator rights can create rules. And such users have access to folders in Program files.


  5. Let's stop any speculations, all AVs have this issue. The topic is subject to dispute with Microsoft.

    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
     
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
     
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\DrWeb\drwamsi64.dll that did not meet the Microsoft signing level requirements.
     
     
×
×
  • Create New...