-
Posts
36,451 -
Joined
-
Last visited
-
Days Won
1,449
Posts posted by Marcos
-
-
Most likely you have blocked the "Anonymizer" category in Web Control. You can create a permissive url-based rule for it.
-
Since this is an English forum, we kindly ask you to post in English.
Please carry on as follows to resolve the issue:
1. stop the PROTECT Server service
systemctl stop eraserver
- check if the service has been stopped
systemctl status eraserver
2. install the MariaDB ODBC driver
yum install mariadb-connector-odbc
-
check if the driver has been correctly installed
yum list installed | grep mariadb mariadb-connector-c.x86_64 3.2.6-1.el9_0 @appstream mariadb-connector-odbc.x86_64 3.1.12-3.el9 @appstream
3. check the alias of the ODBC driver and search for the following section:
less /etc/odbcinst.ini
[MariaDB] Description=ODBC for MariaDB Driver=/usr/lib/libmaodbc.so Driver64=/usr/lib64/libmaodbc.so FileUsage=1
- verify if such file is present
ls -la /usr/lib64 | grep -I libmaod*
-rwxr-xr-x. 1 root root 326688 May 25 2022 libmaodbc.so
4. modify the "StartupConfiguration.ini" - replace the "MySQL ODBC 8.3 Unicode Driver" with "MariaDB" so the final configuration file will look like follows:
vi /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
DatabaseType=MySqlOdbc DatabaseConnectionString=Driver=MariaDB;Server=127.0.0.1;Port=****;User=***;Password={****};CharSet=utf8;NO_LOCALE=1;NO_SSPS=1;Database=era_db;
5. start the PROTECT server service
systemctl start eraserver
-
4 minutes ago, AlSky said:
Why in the result of smart scan do the files hiberfil.sys, pagefile.sys and swapfile.sys continue to be showed at the end, but in the result of deep scan are shown in the middle of it?
Hard to say, probably smart optimization, the number of CPU cores and the type of scanned files has an effect on that.
5 minutes ago, AlSky said:Why do ESET spend almost three more hours scanning files even if it does not show an increase in the number of scanned files? As you can see in screenshots 5 and 6. 40 minutes and the number of files scanned was the same. So three hours like that, apparently analyzing something without showing an increase in the number of files analyzed. It's never happened to me before something like this. It could stop a few minutes (three, four minutes), but never three hours in which it apparently is scanning something but shows no increase in scanned files.
Does it happen if you disable also archives and SFX archives?
-
Please contact the distributor or reseller from whom you purchased the license. We cannot update your registration information on their behalf.
-
Thank you for the heads-up, the issue has been reported to developers.
P_EESW-11483
-
1, Regarding scanning of the files in the root of the C drive while scanning the c:\users folder, I assume this is due to multi-thread scanning introduced in v17.1.
2, As an administrator, many more objects are scanned compared to a scan under a normal user.
3, "when the number of files it says are scanned just stops, although you can see that it is still scanning files. "
This is a normal behavior when scanning objects like the registry, WMI or larger archives. -
It is only the firewall or network protection that could be involved in network issues from the technical point of view or the network traffic scanner when it comes to http(s), pop3(s) or imap(s). If disabling any of them didn't make any difference and uninstalling ESET did, it could be that simply installation of the WFP driver could interfere with another application's WFP driver or cause some unknown bug in MS WFP to manifest. Please provide logs collected with ESET Log Collector and also raise a support ticket for further investigation.
-
Please refer to https://forum.eset.com/topic/40783-real-time-file-system-protection-not-running-on-debian-12/ for a workaround until a new version of the ESET Endpoint is released.
-
What Linux distro / kernel is on the machine?
-
We are in the process of preparing a KB with instructions how to address login issues caused by PROTECT server restarts under heavy server load:
1. stop the PROTECT Server service
systemctl stop eraserver
- check if the service has been stopped
systemctl status eraserver
2. install the MariaDB ODBC driver
yum install mariadb-connector-odbc
-
check if the driver has been correctly installed
yum list installed | grep mariadb mariadb-connector-c.x86_64 3.2.6-1.el9_0 @appstream mariadb-connector-odbc.x86_64 3.1.12-3.el9 @appstream
3. check the alias of the ODBC driver and search for the following section:
less /etc/odbcinst.ini
[MariaDB] Description=ODBC for MariaDB Driver=/usr/lib/libmaodbc.so Driver64=/usr/lib64/libmaodbc.so FileUsage=1
- verify if such file is present
ls -la /usr/lib64 | grep -I libmaod*
-rwxr-xr-x. 1 root root 326688 May 25 2022 libmaodbc.so
4. modify the "StartupConfiguration.ini" - replace the "MySQL ODBC 8.3 Unicode Driver" with "MariaDB" so the final configuration file will look like follows:
vi /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
DatabaseType=MySqlOdbc DatabaseConnectionString=Driver=MariaDB;Server=127.0.0.1;Port=****;User=***;Password={****};CharSet=utf8;NO_LOCALE=1;NO_SSPS=1;Database=era_db;
5. start the PROTECT server service
systemctl start eraserver
-
-
14 hours ago, lukem said:
I've enabled informational notifications as the 'file submitted' notification from liveguard is informational and without it and with pre-emptive protection enabled staff don't receive any notification to indicate why they may not be able to execute a file that has been sent to liveguard. I see this 'file submitted' notification as a requirement to run liveguard on any of my client endpoints which means I now have informational notifications enabled but now find I can't disable the scan complete notification, please add the ability to disable the scan complete notification and/or change the notification type of the liveguard 'file submitted' notification.
Would disabling these desktop notifications accomplish what you are after?
-
Is it possible to get the software in question so that we could try to reproduce the issue ourselves?
-
According to https://help.eset.com/essl/10.2/en-US/?system_requirements.html, the latest supported version of Ubuntu is 22.04 LTS. Support for 24.04 LTS will be added in the upcoming version of ESET Server Security for Linux which is planned to be released in the following weeks.
-
No, ESET PROTECT is intended for managing ESET products. However, if the 3rd party program supports uninstallatiion via the command-line, you could send a "Run command" task to uninstall it.
-
But it's not a false positive. MSIL/Microsoft.Bing is a correct detection / classification for an application that pushes users into changing the default search engine. Such applications meet the definition of potentially unwanted applications: https://support.eset.com/en/kb2629.
-
8 minutes ago, Ahamd Ahmad said:
My email starts with a not j and I'm the owner of this license?
Unfortunately it's likely that you fell victim to scam. The license owner's email address is jXXl@gmail.com.
What website did you purchase the license through?
-
Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security
-
Unfortunately ESET does not have such product for home users.
-
A verification email was sent to the license owner's email address jXXl@gmail.com.
-
Support for Ubuntu 24.04 will be added soon (ie. in upcoming weeks, probably 24Q3).
-
There is no problem with ESET, the problem is that Microsoft distributes the PUA with Edge updates. All you can do is either disabling detection of potentially unwanted applications (optional detection) or create a detection exclusion since it's probably impossible to make Microsoft not to distribute the PUA to you.
-
You can select all computers or computers in specific groups and then select Manage -> Remove and follow all 3 steps:
-
6 hours ago, Ahamd Ahmad said:
I have the very same issue.
Please provide your public license ID in the form of XXX-XXX-XXX.
ESET Protect NEW NOTIFICATION Malicious file JS/Agent.RJR was detected on computer...
in Malware Finding and Cleaning
Posted
The detection is correct, the website was indeed compromised and contains malware:
https://sitecheck.sucuri.net/results/heaviside.digital