-
Posts
36,228 -
Joined
-
Last visited
-
Days Won
1,441
Posts posted by Marcos
-
-
ESET does not automatically disconnect from unsecured wi-fi. Security audit only notifies you and provides a link to open wi-fi settings where you can disconnect from the wi-fi and connect to another one, if needed.
-
The purpose of this forum is to share the knowledge among standard users, advanced users and ESET moderators. It is not meant to serve as a substitute of contacting customer care, especially if an issue is not obvious, easily reproducible, if diagnostic logs are required and multiple iterations with support or developers are needed. Also this forum cannot track the progress of tricky issues and thus ensure timely response.
-
Please temporarily lower the sleep time for disks to 5 minutes or even more so that logs are not too big. Then start logging with Procmon as per the FAQ on the right-hand side of this forum, reproduce the issue and then save the log. When done, compress it, upload it to a safe location and drop me a message with a download link.
-
It can be anything from a benign system file, renamed calculator.exe to malware or whatever. The file name doesn't tell anything about the file. Please provide its hash or upload it to VirusTotal and provide a link to scan results.
-
Most likely you have attempted to boot from an infected USB flash (assuming you don't use the old good floppy disks any more) if you had ESET installed and enabled.
In order to fix mbr, refer to existing 3rd party articles, e.g. https://pureinfotech.com/repair-master-boot-record-mbr-windows-10/.
-
Since the current (legacy) version of Endpoint for Linux does not support the activation system, it does not connect to edf.eset.com whatsover.
If you use a proxy server for connecting to the Internet, configure it in the Endpoint's advanced setup (e.g. via a policy) and send a software activation task from ESMC. This will ensure that the legacy connector in agent will add your username and password in the Endpoint's setup and Endpoint will then be able to communicate through the proxy and authenticate against ESET's update servers with the username and password.
If you plan to update from a mirror, simply set the path to the mirror in a policy. If updating via http, no username/password for authentication will be needed. Otherwise if you update from a remote share, you will need to specify also a username and password for authentication against the machine that creates the mirror.
-
Do you have ESET installed on the SSD? Do the disks start spinning up right after double clicking the ESET icon in the tray?
-
Quote
According to the below, only IP addresses are allowed for a proxy server:
I don't think this is true. The help says "address", not "IP address" and I didn't find it mentioned anywhere that entering a hostname instead of an IP address shouldn't work.
-
1 hour ago, kittenofd00m said:
I am having the same issue.
I can only repeat what I have already stated: The issue has been already fixed in v12.2 beta.
-
Please create a support ticket since this is something that cannot be solved here in the forum.
-
Are you positive that nslookup can resolve the hostname but if entered correctly in the EAV advanced setup -> tools -> proxy server neither updates nor LiveGrid checks work ?
-
It's nothing unusual, I have several similar records as well:
Time;Application;Operation;Target;Action;Rule;Additional information
5/28/2019 4:38:13 PM;C:\Windows\System32\svchost.exe;Get access to another application;C:\Windows\System32\winlogon.exe;blocked;Self-Defense: Do not allow modification of system processes;Modify state of another applicationSo unless you are experiencing issues caused by SD, consider it normal.
-
The product will work without activation because it doesn't support it. A brand new version of Endpoint for Linux with the activation system will be available probably next year.
If you plan to update the computer from a mirror, just set the path to the mirror through a policy. If the client will access it through a network share, also the username and password for authentication to the mirror folder will be needed which is not needed if the mirror is accessible via http.
If the machine has Internet connection and you plan to update it from ESET's update servers, just send a software install task to the client and the agent will add a username/password for authentication against ESET's update servers in the configuration.
-
For those who have a license for ESET Dynamic Threat Defense and connect through a firewall with the communication restricted to IP addresses, as of June 3 we are going to add a new server in the US which also brings a change of the IP addresses of EDTD servers as follows:
https://support.eset.com/kb332/#EDTD:
Hostname IP address r.edtd.eset.com 137.117.138.135 (Europe)
13.83.244.211 (USA)
d.edtd.eset.com 137.117.138.135 (Europe)
13.83.244.211 (USA)
The nearest server for communication will be picked based on your IP address. We recommend allowing communication with both IP addresses.
-
Good to hear that you've nailed it down. Please do not hide a topic when an issue has been resolved since other users may come across it as well and search for an answer here.
-
The current version of Endpoint for Linux does not support activation yet. If you want to update it from a mirror, you just enter the path to it in the update setup and that's it. In case the machine has visibility to the ESMC server, you can manage it and change settings via a policy.
-
What happens if you enter the license key in the activation window under Help and support -> Change license?
-
It is. If it is causing an issue to your system, we'd like you to elaborate more on it so that we can further investigate it.
-
No, it shouldn't. We protect our services and no other process should be allowed to tamper with them in any way.
Please disable logging of all blocked operations since besides bigger logs debug logging has also adverse effect on performance.
-
If you are having an issue with Self-defense, please elaborate more on it. Otherwise disable logging of blocked operations in the advanced HIPS setup which should only be enabled while troubleshooting HIPS-related issues.
-
Please create a support ticket via the internal form so that logs from Parental Control are submitted to ESET for perusal.
-
There are currently no such plans.
-
Chrome OS is not supported. Parental Control can only be installed on Android. It's also part of ESET Internet Security and ESET Smart Security Premium for Windows.
-
It's enabled by default in HIPS setup:
HIPS Event in log files
in ESET Internet Security & ESET Smart Security Premium
Posted
Do you have custom HIPS rules created? Do you have some processes excluded?
Please provide "C:\ProgramData\ESET\ESET Security\HipsRules.bin" as well as logs collected with ESET Log Collector.