-
Content Count
22,669 -
Joined
-
Last visited
-
Days Won
952
Posts posted by Marcos
-
-
3 minutes ago, cesareset said:
1. Revisa disponibilidad de la RAM y espacio de disco duro.
2. reinstala el producto
Firstly, this is an English forum. We kindly ask you to post in English.
Secondly, your instructions above have nothing to do with the issue reported in this topic.
-
Did you set a correct home group for each of the users? Are policies assigned to the All group with propagation to lower groups or different policies are applied to each of the static groups?
Are access rights set correctly for each of the users? Aren't both set to All group?
-
I assume that you have firewall in learning mode but rules are locked by a policy which would account for the errors.
-
Please open a support ticket with your local ESET distributor and provide logs gathered as follows:
- enable advanced logging under Help and support -> Details for tech support
- reproduce the issue
- disable logging
- collect logs with ESET Log Collector. -
Basically WMI is fully scanned only if you run "Scan your computer" or if you run a custom scan and select WMI as a target.
According to MS the code means:
WMI-Activity Error 5858 with ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED) indicates that the WMI caller has successfully issued IWbemServices:ExecQuery, but has released the IWbemContext object before retrieving the full result set using the IEnumWbemClassObject::Next method. If the WMI service is still holding data for the client when the client terminates the link (by releasing the IWbemContext object), this event will be logged.
This error can happen if the WMI application calls IEnumWbemClassObject::Next with a timeout value (lTimeout) that is not long enough to retrieve the object being queried, and is not checking for a return code of WBEM_S_TIMEDOUT (0x40004) in order to issue the request again.
I assume that during a WMI scan it took long for the system to provide the scanner with the requested data. Just ignore the error. Also don't run WMI scans if you need to run just a quick disk scan.
-
According to the logs you have a backup software installed. Couldn't it be that a backup is running when the issue occurs?
Please enable advanced operating system logging in the adv. setup -> tools -> diagnostics when the issue is manifesting. Disable logging after 30-60s to prevent the log from growing too much. Then compress the log C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl, upload it to a safe location and drop me a message with a download link.
-
You wrote that deactivating ESET worked. What do you mean by "deactivating"? What exactly did you do?
We'll need a complete memory dump from time when the issue occurs. However, let me check logs prior to asking for a dump. Please collect logs with ESET Log Collector and upload the generated archive here.
-
Please install the latest version of Endpoint Antivirus for Linux 7.1.9.0:
- Fixed: Real-time file system protection does not work on new Ubuntu 20.04 kernel 5.8.0-36
-
It's a shortcut to a blacklisted website, hence the detection.
-
You can disable real-time protection, firewall and HIPS completely in the advanced setup, however, it is not clear why you want to do that and why simply pausing protection is not enough.
-
If disabling fast start actually helped we believe you must have shut down the machine instead of just rebooting it.
Are you positive that you clicked Restart before and not Shut down?
As for the logs, attachments posted in the forum are accessible only by ESET staff so it's safe to post logs here.
-
Please paste the url here so that we don't have to transcribe it manually for a test; it's quite long.
-
Please answer my questions above prior to disabling fast start, it could shed more light on the issue.
-
Any attachments in the forum are available only to ESET staff.
I'd recommend creating an ekrn dump using Procdump; run "procdump -ma -e ekrn" and provide it to us when generated. I'd also recommend creating a support ticket with your local ESET distributor so that the case is properly tracked.
-
Please check your personal messages.
-
13 hours ago, nosch said:
Please also send me my username and password... Will there be an update of the ESET NOD32 Antivirus for Linux desktop?
Sent via PM.
-
No special rule to allow specifically IPv6 communication is needed. You can:
- temporarily use learning mode to create permissive rules automatically
- on a client run the firewall troubleshooting wizard to view a list of recently blocked communications and unblock the desired one(s). You can then check the created rule and apply the same rule via a policy. -
You should contact the owner of the website, inform them about the issue and suggest replacing the certificate with a valid one. That is the only actual solution for websites utilizing revoked certificates. Disabling protection just to allow access would be playing with fire.
-
In the ESET PROTECT console Detection exclusions can be created only via the Detection panel:
However, performance exclusions are created via policy:
-
Does the notification about restart disappear if you reboot by running "shutdown /r" ?
Please provide logs collected with ESET Log Collector from a machine where it doesn't go away after rebooting the machine via the Start menu - Power button -> Restart.
What version of Endpoint did you have installed prior to upgrade to EPv8?
-
This is an English forum, please post in English or we won't understand and be able to help.
-
I've found a similar ticket with this resolution:
Windows ESMC 7.2 server uses by default LDAPS protocol. By selecting check box LDAP fallback, standard LDAP protocol is used.
For successful connection to Active Directory with LDAPS protocol it is necessary to meet this requirements:
1. FQDN of a domain controller must be used. IP address is no longer enough.
2. Domain controller must have installed issued machine certificate. This can be checked by opening mmc -> Certificates (Local machine) -> Personal certificates -> a certificate with FQDN of the domain controller must be present there.It is possible to use for testing LDP tool that is part of Remote Server Administration Tools (RSAT). It is a Windows feature that must be added. After the tool is installed, execute it and from the menu select Connect, fill in DC's FQDN, port 636 and select checkbox SSL. A connection must succeed. Otherwise machines are not configured properly.
To issue a certificate for your domain controller, you must do following:
1. Install Active Directory Certification Authority (AD CA) role and finish the configuration. At the end a new certification authority would be present in Trusted Root Certificates.
2. Navigate to mmc -> Certificates (Local machine) -> Personal certificates -> right click into the empty pane -> All tasks -> New certificate -> Enroll Domain Controller role. This should produce a new certificate with DC's FQDN and place it into Personal certificates. -
We'll see that the logs show.
-
1 minute ago, Ghana-Engineer said:
@Marcos we started the scan yesterday and ESET will detect the worm alright, delete and it will reappear.
Of course. That's because you have another machine in the network which is infected and from which the worm spreads to other machines.
WMI stop working
in ESET Internet Security & ESET Smart Security Premium
Posted
You can run a full WMI & registry scan when not working with the computer or not running resource-intensive applications.
Autorun keys are scanned after a module update and when the system starts.