Marcos
-
Content Count
20,081 -
Joined
-
Last visited
-
Days Won
870
Posts posted by Marcos
-
-
Peter is right, I overlooked that you apply a policy that enables creation of a mirror on clients. This setting must be disabled:
Ricky Martin reacted to this -
We have pinpointed the issue to pure scanning of Bluetooth registry keys. These will need to be exempted from registry scans. We expect a new Cleaner module to be available within the following days.
-
Amsi.dll is a system dll whose purpose is to load AMSI providers. There is no relation between it and Windows Defender.
What we do is we register an AMSI provider and that's it. The operating system itself decides when and what processes the provider will be loaded into. Despite the eamsi.dll being signed with a MS signature, it cannot be loaded into all processes; svchost.exe seems to be one of the exceptions and the OS protects it from any 3rd party dll being loaded into it regardless of signatures.
Please do not compare Windows Defender with 3rd party AVs. Since it's a product of Microsoft, they can do virtually anything. But once they block any 3rd party dlls, other AV vendors cannot do anything about it. I will test some other AVs with AMSI providers as time allows.
-
Module updates are very small, typically below 1 MB/day per client. My understanding is that clients in your LAN are supposed to update from ESET's servers through a proxy that caches update files (ie. not from a local mirror) while clients outside the LAN are supposed to update directly from ESET's update servers. If that's correct, then the proxy server is not configured neither under Tools -> Proxy server nor in the primary "My profile" update profile.
-
Theoretically you could use a specific ESET's update server to download updates from and then log http communication with Wireshark and a filter set to that server. This way you could leave Wireshark logging for several days while keeping the log relatively small.
-
According to https://help.eset.com/eeau/7/en-US/?system_requirements.html Ubuntu 20 is not supported yet. A new version of ESET Endpoint for Linux with support for Ubuntu 20 LTS is going to be available within a few weeks' time.
-
Icons positions are most likely saved in
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\[x]\Shell\{yyyyyyy-yy...}\ItemPosESET doesn't modify registry values except cleaning. The above registry key is never modified since it's not used by malware.
-
As far as I know we do not sell to Iraq. The license was most likely purchased in another country. All I can suggest is to ask for a refund.
-
-
Unfortunately it is not possible to create firewall rules with wildcards and specific applications must be specified.
-
1 hour ago, Bob777K said:My Default Windows 10 System Settings (for version 2004) do not have IE or FIrefox as the Default Browser. How can I restore the use of the browser of my choice as the Secure Browser??
What default browser do you use in Windows 10? And what browser is actually used as a secure browser?
-
If you don't have module version 1040 yet, you will receive it in the following days. If you want to receive it immediately, switch to the pre-release update channel in the advanced update setup.
-
1 hour ago, n1ghtm4n4g3r said:Display name is not editable in account settings. (At least, I cannot edit it.) E-mail is.
As I wrote, we'll change it for you. Just let me know your new display name.
-
If you are able to reproduce the error, carry on as follows:
- in the advanced setup -> tools -> diagnostics, enable advanced network protection and update engine logging
- run update and reproduce the error
- stop logging
- collect logs with ESET Log Collector and upload the generated archive. -
Looks like a fatal problem with installation. No drivers nor ekrn are running. Please remove ESET in safe mode as per https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool. The install Endpoint manually and generate install logs as per https://support.eset.com/en/kb406-how-do-i-generate-an-installation-error-log-for-windows-eset-products. If the installation fails, please provide the install logs.
-
I've re-sent your license email to you email address.
-
Do you mean the ESET Uninstall tool https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool ? It's meant to remove only ESET products.
-
22 hours ago, Phil_S said:I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required.
Yes, please provide these files to us.
-
Unfortunately I have no clue where the problem lies. Edge has only an uBlock Origin extension installed which is fine. There are quite many applications installed, hard to say if any of them could modify http communication. The logs didn't reveal anything suspicious. I can only suggest to try replacing DNS servers 202.88.152.8 and 202.88.152.10 with Google's DNS 8.8.8.8 and 8.8.4.4.
Is the malware detected even in safe mode with networking?
-
Could you please change the dump to "complete" in the adv. setup -> tools -> diagnostics and click "Create" when the memory consumption by ekrn reaches approx. 1 GB?
After generating the dump, collect logs with ELC, upload the generated archive to a safe location and drop me a pm with a download link.
-
Do you get the detection as soon as you open in.forum.ivao.aero or site.aace.org in Firefox? Does it make a difference if you open it in Chrome or Edge? If you have more computers in the network connected via the same router, are you able to reproduce it on every machine? Please check DNS settings of your router if it's not configured to use a malicious DNS server.
-
The dump was taken from v12. Please carry on as follows:
- uninstall ESET v12
- reboot the machine
- install the latest v13.2.16 from scratch with default settings.If you are able to reproduce the issue, create a new dump of ekrn when it consumes excessive amount of memory.
-
You can upload the generated archive here. Only ESET staff has access to attachments.
-
Please enable advanced operating system logging in the adv. setup -> Tools -> Diagnostics. Also change the memory dump type to Complete. Change the update type from regular to pre-release in the adv. update setup and wait a bit until the issue starts manifesting. Leave logging enabled for a few minutes, then disable advanced OS logging. While the issue is still manifesting, create a dump of ekrn via the adv. setup -> tools -> diagnostics -> Create (dump).
Finally collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link.
ESET replacing site EV SSL certificate with its own?!?
in ESET NOD32 Antivirus
Posted
While EV certificate used to matter and were excluded from filtering by default, this will change within the next few days and all communication will be scanned regardless of the type of certificate used. By the way, there is a big difference in trust between bank domains and ad providers.