Marcos
-
Posts
36,222 -
Joined
-
Last visited
-
Days Won
1,441
Posts posted by Marcos
-
-
56 minutes ago, bbahes said:
Maybe related....but I have one client (Endpoint v7) that has this alert in ESMC:
Seems to be the same issue probably with registering callouts to Windows Filtering Platform. Please provide logs from the machine as per the instructions above.
-
No, there are currently no plans for VPN.
-
Since there's no security software with 100% malware detection even with extra ransomware protection under the hood, you can also use extra HIPS rules to harden the system even more provided that you don't use scripting a lot. Please refer to https://support.eset.com/kb6119/ for details.
However, should you have issues with HIPS blocking execution of legitimate scripts, you may need to disable or adjust the necessary rule.
-
We use DNA / XDNA detections to cover basically any PE malware.
-
After running a scan you are presented with an option to delete application data on closing but it seems it basically removes only the modules. I'll look into it some time soon during work hours in the office and discuss it with devs.
-
We do.
-
ESET provides a handful of features that we've developed to protect users at various layers. For a list of the features and to watch demonstration videos, please open https://www.eset.com/int/about/technology/.
-
1, It's a HIPS feature that monitors the behavior of running processes. If a ransomware-like behavior has been detected, the malicious process is terminated.
2, No. Ransomware often deletes shadow copies anyways.
-
I was unable to find information if there's actual malware or at least PoC targeting the vulnerability and exploiting it for malicious purposes.
-
As already mentioned above, the DLP solution is not integrated in Endpoint whose purpose is to protect the machine from threats and not to prevent documents or other sensitive objects leaving the network. We have a technical alliance with Safetica that provides a DLP solution for our customers who are interested in it.
-
Is there any reason why you stick with EP6.6 and haven't upgraded yet to the latest v7.1? Please do so, if possible. Should the issue persist, please carry on as follows:
- enable advanced network protection logging in the advanced setup -> tools -> diagnostics
- reboot the system
- disable logging
- gather logs with ESET Log Collector
- upload the generated archive to a safe location and provide me with a download link. -
Module update are released 6 times a day on work days so it's possible. However, I assume that only one CPU core is used for compiling update files so unless the other cores are fully busy with other tasks, you shouldn't notice virtually any impact on performance. Does temporarily disabling startup scan tasks in scheduler make a difference?
-
-
There is a link in the Start menu that points to the executable you downloaded, ie. it's typically located in the Download folder. That said, there's nothing to uninstall, just delete the shortcut from the Start menu and possibly also the executable from the Download folder and that's all.
-
1 hour ago, pcdroid13 said:
i aslo renewed my eset, cant see in app list, getting problem. anyone can help????
Please see the answer above. If you don't see ESET among installed applications, most likely it's not installed yet. Download the latest version from ESET's website and install it. Another thing could be that a registry cleaner or whatever removed ESET's values from the registry and therefore it doesn't appear among installed applications even if it's installed on a disk. Also in that case reinstallation should help.
-
ESET Online Scanner does not install in the system. It remains in the location where you downloaded it.
-
It is there:
-
By the way, do the machines have access to the Internet? If they are offline but have access to the machine that creates a mirror, it'd be much better to use HTTP proxy than mirror. With HTTP Proxy, machines would be able to communicate with LiveGrid servers and download streamed updates and so protect better from newly emerging threats.
-
I was unable to reproduce it. Please correct what I did differently then you:
1, Without any custom fw rules created, I switched the firewall to interactive mode.
2, Launched Firefox, opened a website and chose to create a rule and allow the communication. Then closed Firefox.
3, Paused the firewall.
4, Launched Firefox and opened a website alright. Then closed Firefox.
5, Resumed firewall.
6, Launched Firefox and opened a website alright without being prompted for an action.
7, Disabled firewall in the advanced setup.
8, Launched Firefox and opened a website alright. Then closed Firefox.
9, Re-enabled firewall in the advanced setup.
10, Launched Firefox and opened a website alright without being prompted for an action. -
2 hours ago, ewong said:
Since I don't understand the contents of ep7/, I'm assuming that the dll/ contents have updates to the engines/binaries.
That is correct. Does Endpoint update from the mirror alright?
-
Please check what is being logged repeatedly. I assume it's a note that a particular file could not be scanned by the real-time scanner for whatever reason.
-
The detection is correct. Each vendor uses its own name for threats but sometimes it may be same.
And why it is not reported by other vendors? Because they do not have the same engine / detection database. Some are better at detecting certain malware, some are worse.
-
Yes, it works even after a reboot.
-
1, Do you have a proxy server configured correctly in the advanced setup -> Tools -> Proxy server?
2, Run a disk with ESET Online scanner to make sure the disk is malware free.
3, Make sure that SSL communication with ESET servers is not inspected / intercepted. If SSL inspection is performed, you'll need to set up exceptions.For a list of addresses and ports that ESET products communicate with, please refer to https://support.eset.com/kb332.
ESET Endpoint Protection constantly disabled - why?
in ESET Endpoint Products
Posted
So it happened just once or he or she can reproduce it by closing and opening the lid at any time?