-
Posts
36,365 -
Joined
-
Last visited
-
Days Won
1,446
Everything posted by Marcos
-
If restoring ehdrv.sys in C:\Windows\System32\drivers after booting from another medium doesn't make any difference, then the cause of BSOD must be different. If you a memory dump was created during a crash (typically in c:\windows\memory.dmp), copy it, upload it to a safe location and drop me a message with a download link.
-
Check the reason why the emails are evaluated as spam. If it's because of an IP address or host being on a cloud blacklist, you can report it to ESET as a possible FP. Before releasing such email from quarantine, you'll need to add the address to the appropriate allowed address list.
-
Nod32 Error creating the temporary file when trying update database
Marcos replied to brw20's topic in ESET NOD32 Antivirus
Please provide a Procmon log from a failed update attempt as per https://support.eset.com/kb6308. In particular, start logging with Procmon, run update and after it has failed, stop logging. Then save the log, compress it and provide it to me for perusal. -
Scam website opened in a browser
Marcos replied to josefranciscoj's topic in Malware Finding and Cleaning
It sounds like a scam website that opened. If it opens when you enter www.google.com in the address bar, then your computer is either infected (e.g. hosts file was modified) or your router was hacked. There's also a chance that your ISP became a victim of a DNS spoofing attack but that's rather unlikely. You can try using a different browser, setting Google DNS servers 8.8.8.8 and 8.8.4.4, resetting your router to factory settings, etc. If it's possible to copy the address, please copy and paste it here, however, make sure that the address is non-clickable. Or at least post a screen shot of it with the address included in the screen shot. -
It sounds like ehdrv.sys was removed from the disk but was not unregistered properly from the registry. Since booting in safe mode is not possible, I'd recommend: - creating a bootable medium (e.g. ESET SysRescue) on another machine and booting the OS from it - copying C:\Windows\System32\drivers\ehdrv.sys from another machine to that folder on your machine If you want, I can upload the driver for you somewhere. Just let me know if you have a 32 or 64-bit OS and what version of ESET you have installed.
-
Since this is an English forum, we kindly ask you to post in English (use a machine translator if necessary). Regarding issues on mobile phones, the best course of action is to create a support ticket using the in-product form which will ensure that logs from the program and device necessary for troubleshooting will be submitted to customer care.
-
EEI and LiveGrid connection lost
Marcos replied to Lockbits's topic in ESET Inspect On-prem (Detection and Response)
EEI shows the notification for 24 hours since the outage while security products don't continue to display it once the connection has been restored. -
In the system settings -> Battery -> Launch, make sure that Parental Control has Auto-launch, Secondary launch and Run in background enabled:
-
We have also created a KB article about that: https://support.eset.com/kb7309/.
-
Unfortunately you didn't mention what brand and model of the phone you use. For instance, on Xiaomi it's necessary to set no restrictions in the battery saver section of the Parental Control app setup:
-
ESET Endpoint Security 7.1 uses more and more RAM as time goes on
Marcos replied to Cody's topic in ESET Endpoint Products
Please carry on as follows (run all commands as an administrator): - temporarily disable self-defense and reboot the machine - enable heap tracing for ekrn by running wpr -HeapTracingConfig ekrn.exe enable - reboot the machine - run wpr -HeapTracingConfig ekrn.exe and make sure Heap tracing is enabled for process ekrn.exe is displayed - start tracing by running wpr -start Heap -filemode - reproduce the issue (ekrn memory usage should be above 200-300 MB) - stop tracing by running wpr -stop heap_trace.etl - re-enable Self-defense and reboot the machine - compress heap_trace.etl, upload it to a safe location and drop me a personal message with a download link. -
Please open a support ticket and provide step-by-step instructions how to reproduce it. This forum is primarily intended for sharing the knowledge between users, advanced users and moderators. If we're able to reproduce a particular issue reported, we'll do it, however, in this case it's not easily reproducible. Therefore the best course of action would be creating a support ticket which can be tracked and eventually looked at by developers if reproduced successfully.
-
Bloqueo telefono (Phone block)
Marcos replied to Rocadi74's topic in ESET Products for Mobile Devices
Since this is an English forum, we kindly ask you to post in English (use a machine translator if necessary). To resolve the issue, please run the wizard https://support.eset.com/unlockems/ and follow the on-screen instructions. -
On offline computers you can keep LiveGrid enabled but disable the application status "ESET LiveGrid is not accessible". This can be accomplished via policies as well:
-
Not on machines that are completely offline. If a machine can access ESET's servers via HTTP Proxy, then LiveGrid will work.
-
Correct. Such machines can reach ESET's servers and thus are not considered offline. An offline license is intended for activating machines that are completely offline, e.g. computers on ships.
-
First of all, since you work for our distributor you should turn to ESET HQ tech support which is your 1st support line. You'll need to narrow it down to the particular protection feature or setting that makes the error go away if disabled. That said, you should start with pausing protection / real-time protection, disabling protocol filtering, HIPS (requires a reboot), etc.
-
Migrate to MySQL ?
Marcos replied to ziemekhellsing's topic in ESET PROTECT On-prem (Remote Management)
It is not possible to migrate from MS SQL to MySQL used by the virtual appliance. However, if you don't mind losing data in the current db, you can deploy VA and then re-deploy agent on clients so that they start reporting to the new ESMC server. Note: if more than 5000 clients were to connect to the ESMC server, we don't recommend using VA and MySQL db. -
Two license activated for the same PC
Marcos replied to davidvaknin's topic in ESET Endpoint Products
-
It is not recommended. First, the scan is very quick and should be unnoticeable. Second, it scans areas, such as UEFI and WMI so disabling startup scan tasks would leave them not scanned.