-
Posts
36,194 -
Joined
-
Last visited
-
Days Won
1,440
Posts posted by Marcos
-
-
The best course of action would be to contact LATAM technical support that would subsequently report the issues you have in a ticket for ESET HQ developers.
-
We don't need ELC logs. You'd better create a dump of ekrn through the advanced setup -> tools -> diagnostics. However, whether real-time protection starts or not does not depend on the registry value but on the state that the OS reports. The registry value just tells what state it the system is in, however, we've seen that the actual state often differs from what is in the registry.
-
No problem here with v12.1.34:
Please check if the number of files grows in "C:\ProgramData\ESET\ESET Security\Logs\eScan".
-
Please report it to samples[at]eset.com and provide logs collected with ESET Log Collector as well.
-
-
You can deactivate seats that have not reported to ERA for a longer time either through ELA/EBA or by using a server task "Delete not connecting computers".
-
This registry value should be controlled by Windows each time it starts. Forcing a value manually may have unforseeable effects on the system. There are good reasons why it's checked.
-
By sideloading you mean transferring files from your mobile to your pc? Is it a phone running Android? How do you know it "uploads" spyware? Is it detected on the pc?
-
A secure browser doesn't load add-ons and plug-ins except trusted ones allowed by ESET. Also keystrokes are scrambled to prevent keyloggers from stealing what the user types.
-
25 minutes ago, kamiran.asia said:
And what can be the reason of IMAGE_STATE_UNDEPLOYABLE ?
I'm sorry, we have no clue. I've tried googling for possible reasons to no avail. We've had several cases like this (usually with even a different image state) when we could only suggest reinstalling the OS.
-
Just now, kamiran.asia said:
We are waiting for your update.
I was right, real-time protection doesn't activate because of the image state IMAGE_STATE_UNDEPLOYABLE. There's something wrong with Windows, it should be in IMAGE_STATE_COMPLETE state.
-
The system is in a weird state IMAGE_STATE_UNDEPLOYABLE. I'm just consulting it with developers but this could be the reason for real-time protection not being activated. An expected state is IMAGE_STATE_COMPLETE.
-
Just to let you know, I was able to find a license registered to a different email than the one used for your previous license. It's XXXXXX.XXX5@gmail.com (most letters were replaced with X). I've entered it in the password retrieval form https://www.eset.com/int/support/lost-license/ so you should have received it to that email address.
-
No ELC logs were attached.
-
You can have only one firewall active at time. If you want to use Windows firewall, disable ESET's firewall in the advanced setup.
Do you mean that permissive rules from Windows firewall are not honored? Please provide an example of such rule.
-
With ECA you have to generate a Live Installer (epi_win_live_installer.exe) and deploy it on machines.
-
I don't think it's necessary to remove the extension. Please follow the instructions in the KB https://support.eset.com/kb6551 if it is continually being detected.
-
I would strongly recommend upgrading to the latest version of Endpoint v7.1. V7 brought support for streamed updates to react even quicker to new threats and also Behavioral inspection was added among other improvements and fixes so upgrade definitely makes sense.
-
Please move the following files to a new folder, then reboot the machine. Those are two tasks that trigger powershell to download a resource from blocked URLs:
c:\windows\system32\tasks\Sync
c:\windows\system32\tasks\WinnetPlease submit the two files to samples[at]eset.com in an archive encrypted with the password "infected".
-
Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed.
The OP was informed and improvements in protection were suggested.
- JamesR, itman, 0xDEADBEEF and 1 other
- 4
-
I'm sure the OP meant edevmon.sys which is the only driver that may cause the said issue if removed from the disk without being properly unregistered from the chain in the registry.
-
What exact version of Endpoint do you have installed? Is it a 32 or 64-bit OS?
-
If possible, uninstall ESET and install the latest version of Endpoint v7.1. In case of problems with uninstallation, use the Uninstall tool in safe mode as per https://support.eset.com/kb2289/.
Should the problem persist, please carry on as follows:
1, Configure Windows to generate complete memory dumps as per https://support.eset.com/kb380/.
2, After a reboot, reproduce BSOD.
3, Gather logs with ESET Log Collector (e.g. after removing ESET in safe mode).Provide us with both the dump (in a compressed form) and ELC logs. You can upload them to a safe location and drop me a private message with download links.
-
The files were probably encrypted by Filecoder.STOP. Decryption is not currently possible. I'm going to provide you with instructions how to generate and gather logs for further investigation.
Problems with NVDA Screen Reader
in General Discussion
Posted
Things like this must be tracked. You can provide a list of things that don't work as expected and we will create tickets for developers if necessary. However, it would be better if LATAM support did it based on your support ticket in their system so that you could inquire about it at a later time by a reference to your ticket.