Jump to content

Marcos

Administrators
  • Content Count

    23,926
  • Joined

  • Last visited

  • Days Won

    1,000

Everything posted by Marcos

  1. Please provide a Procmon boot log. Stop logging only after the threat has been detected after the reboot.
  2. Check the system and user TEMP and TMP variables and make sure the folders they point to do not contain too many files. Empty the folders in safe mode (some files may not be possible to remove).
  3. You must enable 2FA for the particular user in the EBA User management setup first:
  4. I meant the Internet banking website that should open in the secured browser. Besides that, please upload also logs collected with ESET Log Collector. Please sing up for the forum and re-post in the appropriate product subform while providing also the above stuff. This subforum is intended for quick questions, not for troubleshooting issues.
  5. ESET has higher expenses for ESSP than for EIS/EAV. Should the price be only a slightly higher than the price of the EIS license, ESET would lose money with every ESSP license sold which is something that vendors of commercial software cannot afford.
  6. What actually happens? Does the bank website open in a normal browser? What version of Chrome do you have and what is the IB url?
  7. Please check the version of the MySQL ODBC driver and make sure that a supported version is installed. For more information, please read https://help.eset.com/protect_install/80/en-US/?database_requirements.html
  8. Does the problem persist after switching to the pre-release update channel in the advanced update setup?
  9. Automatic mode - all outbound communication is allowed and any inbound non-initiated communication blocked. Interactive mode - the user is asked to choose an action if no rule for the given communication exists. Learning mode - a permissive rule will be created for any detected communication. Policy-based mode - only the communication defined by rules will be allowed or blocked. We recommend using automatic mode.
  10. Does excluding the Sage process(es) from scanning make a difference? If not, does the issue go away after pausing real-time protection or disabling HIPS and rebooting the server?
  11. If you have installed EMS from Google Play and your Google Play email address matches your license address, it should be paired and activated automatically. Alternatively you can select License -> Enter a license key in the main EMS menu (under the icon with three lines).
  12. I, for one, don't think that EAV for LD stores its installer in the temp folder so that clearing the temp folder would cause problems with uninstallation. You can raise a support ticket with your local ESET distributor, however, the product is no longer being developed, it's in limited support phase and will reach EOL in Q2/21.
  13. Both leading and trailing spaces matter. I recollect this should change soon and they should be ignored. I'd recommend creating a rule on a workstation with the removable medium connected and selecting "Populate" in the Device Control rule editor. This will enable you to create a rule exactly based on the medium properties. You can then retrieve the configuration of Endpoint via the ESET PROTECT console and convert it to a policy.
  14. 1, No. It may not necessarily have been a malicious file that injected the code and even if it was a file, it probably no longer exists. It could have been a vulnerable CMS plug-in that was exploited. To find out the infection vector on Windows systems, we recommend using ESET Enterprise Inspector which is able to show you the path of infection among others. Of course, EEI must be installed prior to security accidents occur. 2, The latest version of EFSW that can be installed on Windows Server 2003 is EFSW 6.5. However, this version is quite old and will reach EOL in Dec 2022. Howe
  15. Do you need to protect two devices - a PC running Windows and a mobile phone with Android? Since you already use a password manager, if you don't need also disk encryption you don't have to upgrade to ESSP. However, in H2 ESSP will also bring a premium protection feature that won't be available in EAV/EIS any time soon. There will be a campaign for upgrade to ESSP in H2 so I'd wait with upgrade if your EIS license is not due for renewal soon.
  16. If you switch to the pre-release update channel, you will get the latest modules and BPP will work.
  17. Do you have SP1 installed? Then you should be able to install also the two required updates that add SHA-2 code signing support.
  18. One of the infected files is full-scripts.6.1.5.js. You can find the offending JS at the end of the file. Based on this you should be able to find it in other infected files as well.
  19. That happens if a post is made in an incorrect forum. This one is for ESET PROTECT and the OP had ESET PROTECT installed. Nevertheless, please open a support ticket with your local ESET distributor.
  20. The website SSL certificate was indeed revoked: https://www.ssllabs.com/ssltest/analyze.html?d=dgip.gov.pk&latest Revocation status Revoked INSECURE
  21. Are you able to create a ticket if you don't attach any file?
  22. It's a web threat so it should be stopped by Web access protection in the first place. However, even if the adware is found in files on a disk, ESET should delete them.
  23. What is reported in the Product column?
  24. Please enable the LiveGrid Feedback system, detection of potentially unsafe applications and SSL filtering, then run a full disk disk scan and provide fresh ELC logs. Is the threat detected after a reboot? Even if the server is temporarily disconnected from the network?
×
×
  • Create New...