-
Posts
36,355 -
Joined
-
Last visited
-
Days Won
1,446
Everything posted by Marcos
-
Volume Shadow Copy backups randomly fail
Marcos replied to Frederik Hellyn's topic in ESET Products for Windows Servers
Never seen such issue reported by our users. We don't write to the registry a lot; basically it's only information about modules and settings written to the registry, if changed. Are you reproduce it by manually triggering backups several times in a row? If so, then you could try temporarily uninstalling ESET and see if the issue occurs even without ESET. -
Random BSOD after installing Nod32 netio.sys ntkrnlmp.exe
Marcos replied to skyviewe's topic in ESET NOD32 Antivirus
The dump was passed to developers for further analysis. We'll keep you posted. -
Unable to report false positive for blacklisted site
Marcos replied to pardesign's topic in Malware Finding and Cleaning
It appears that phishing has been removed. The website will be unblocked. -
ESET Endpoint Security 7.1 uses more and more RAM as time goes on
Marcos replied to Cody's topic in ESET Endpoint Products
We have pinpointed a memory leak in the memory dumper. A fix is being reviewed and will be released through an automatic module update next week. -
I would say one month at maximum until the release.
-
Unable to report false positive for blacklisted site
Marcos replied to pardesign's topic in Malware Finding and Cleaning
What website did you want to report? -
One more thing, if you want to use a custom message with graphics, you will have to block access via Web Control and not via URL management: In Web Control wildcards are not supported so just create a URL-based blocking rule for facebook.com.
-
To get rid of this error, you must have SSL filtering enabled. Then you should get the yellow notice that I posted above. The error is displayed by Chrome so we cannot do anything about it until protocol filtering is enabled in Endpoint. Please provide me with logs collected with ELC from the client so that I can check if everything is set up correctly in Endpoint.
-
Please provide me with logs collected with ESET Log Collector on the troublesome machine.
-
I'm trying to simulate the error but so far I was only able to get this one with SSL filtering disabled: Normally you should get this notification:
-
In order to block facebook, do the following: - add *facebook.com* in the list of blocked addresses - make sure that SSL filtering is enabled - make sure that communication with trusted domains is not excluded (by default it is) - in order for filtering to work in Chrome, QUIC protocol needs to be disabled as per https://support.eset.com/kb6757/
-
What version of Endpoint do you have installed? Do you have SSL filtering enabled? What browser and version do you use? What website did you attempt to block and how did you block it in a policy? Did you block it via Web Control or Web access protection -> URL address management ?
-
Signtool cannot be used to determine if a dll is properly signed to meet requirements for protection of anti-malware services introduced by Microsoft in Windows 8.1. To our best knowledge, if a dll meets requirements can only be determined via a debugger and there's no command line tool that could be used for that. In a debugger you'd get a message like
-
I'm not getting any alert and the url is not on the blacklist either. Please provide logs collected with ESET Log Collector.
-
Unfortunately there are no news from Microsoft yet.
-
If restoring ehdrv.sys in C:\Windows\System32\drivers after booting from another medium doesn't make any difference, then the cause of BSOD must be different. If you a memory dump was created during a crash (typically in c:\windows\memory.dmp), copy it, upload it to a safe location and drop me a message with a download link.
-
Check the reason why the emails are evaluated as spam. If it's because of an IP address or host being on a cloud blacklist, you can report it to ESET as a possible FP. Before releasing such email from quarantine, you'll need to add the address to the appropriate allowed address list.
-
Nod32 Error creating the temporary file when trying update database
Marcos replied to brw20's topic in ESET NOD32 Antivirus
Please provide a Procmon log from a failed update attempt as per https://support.eset.com/kb6308. In particular, start logging with Procmon, run update and after it has failed, stop logging. Then save the log, compress it and provide it to me for perusal. -
Scam website opened in a browser
Marcos replied to josefranciscoj's topic in Malware Finding and Cleaning
It sounds like a scam website that opened. If it opens when you enter www.google.com in the address bar, then your computer is either infected (e.g. hosts file was modified) or your router was hacked. There's also a chance that your ISP became a victim of a DNS spoofing attack but that's rather unlikely. You can try using a different browser, setting Google DNS servers 8.8.8.8 and 8.8.4.4, resetting your router to factory settings, etc. If it's possible to copy the address, please copy and paste it here, however, make sure that the address is non-clickable. Or at least post a screen shot of it with the address included in the screen shot. -
It sounds like ehdrv.sys was removed from the disk but was not unregistered properly from the registry. Since booting in safe mode is not possible, I'd recommend: - creating a bootable medium (e.g. ESET SysRescue) on another machine and booting the OS from it - copying C:\Windows\System32\drivers\ehdrv.sys from another machine to that folder on your machine If you want, I can upload the driver for you somewhere. Just let me know if you have a 32 or 64-bit OS and what version of ESET you have installed.