-
Posts
36,501 -
Joined
-
Last visited
-
Days Won
1,453
Posts posted by Marcos
-
-
4 hours ago, brhanson said:
I am connected vu USB cable. Temporarily interrupting the firewall does not appear to make a difference
So the above screen shot from the firewall troubleshooting wizard is irrelevant then.
Does pausing protection or temporarily uninstalling ESET resolve the issue then? -
-
Do you have your iPhone connected to your PC via wi-fi or via a USB cable? Does temporarily pausing the ESET firewall make a difference?
-
You can try uninstalling Chrome and installing it from scratch so that your user profile is created from scratch as well. After installation, make sure that synchronization is disabled. Is the url still blocked then?
-
What problems with screen readers are you having? What screen reader do you use? Does temporarily disabling Self-defense in the HIPS setup and rebooting the machine make a difference?
-
It's a hosts file and by the looks of the screen shot and the detection name I'd say it's a crack for the AV in the screen shot that added a record to the hosts file to prevent the program from contacting activation servers or whatever
-
As soon as possible means the next time ekrn starts which is in fact as soon as possible for us.
-
In case that somebody else would seek an answer to this, the notifications can be customized and variables added in the Distribution section of the notification editor:
-
1, Activation was never performed automatically. Most likely you had a dynamic group (DG) with not activated clients in ERA and a software activation task assigned to the DG. Do you have the same in ESMC?
2, Do you have the proxy server set correctly in Endpoint advanced setup under Tools -> Proxy server?
3, Under Tools -> Proxy server there is a setting "Use direct connection if proxy is not available" which is enabled by default. However, we do not recommend disabling it since a direct connection will only be attempted if the proxy is unavailable for whatever reason.
-
If you apply a policy with rules with the default action "replace", all rules on clients will be replaced with the rules set by the policy, however, since you also apply rules by policies with append/prepend action, I understand that this is not a solution for you.
In previous versions of ERA, if a policy was no longer applied, settings set by the policy remained set on the client which allowed for resetting settings to defaults. However, as of ESMC if a policy is no longer applied, previous local settings are used.
I'm afraid there's no way how to remove default rules from clients completely without uninstalling the security product and installing it from scratch.
-
Please create a support ticket for customer care and provide logs gathered with ESET Log Collector and possibly an application dump that might be generated when the application crashes.
-
Do you have custom HIPS rules created? Do you have some processes excluded?
Please provide "C:\ProgramData\ESET\ESET Security\HipsRules.bin" as well as logs collected with ESET Log Collector.
-
ESET does not automatically disconnect from unsecured wi-fi. Security audit only notifies you and provides a link to open wi-fi settings where you can disconnect from the wi-fi and connect to another one, if needed.
-
The purpose of this forum is to share the knowledge among standard users, advanced users and ESET moderators. It is not meant to serve as a substitute of contacting customer care, especially if an issue is not obvious, easily reproducible, if diagnostic logs are required and multiple iterations with support or developers are needed. Also this forum cannot track the progress of tricky issues and thus ensure timely response.
-
Please temporarily lower the sleep time for disks to 5 minutes or even more so that logs are not too big. Then start logging with Procmon as per the FAQ on the right-hand side of this forum, reproduce the issue and then save the log. When done, compress it, upload it to a safe location and drop me a message with a download link.
-
It can be anything from a benign system file, renamed calculator.exe to malware or whatever. The file name doesn't tell anything about the file. Please provide its hash or upload it to VirusTotal and provide a link to scan results.
-
Most likely you have attempted to boot from an infected USB flash (assuming you don't use the old good floppy disks any more) if you had ESET installed and enabled.
In order to fix mbr, refer to existing 3rd party articles, e.g. https://pureinfotech.com/repair-master-boot-record-mbr-windows-10/.
-
Since the current (legacy) version of Endpoint for Linux does not support the activation system, it does not connect to edf.eset.com whatsover.
If you use a proxy server for connecting to the Internet, configure it in the Endpoint's advanced setup (e.g. via a policy) and send a software activation task from ESMC. This will ensure that the legacy connector in agent will add your username and password in the Endpoint's setup and Endpoint will then be able to communicate through the proxy and authenticate against ESET's update servers with the username and password.
If you plan to update from a mirror, simply set the path to the mirror in a policy. If updating via http, no username/password for authentication will be needed. Otherwise if you update from a remote share, you will need to specify also a username and password for authentication against the machine that creates the mirror.
-
Do you have ESET installed on the SSD? Do the disks start spinning up right after double clicking the ESET icon in the tray?
-
Quote
According to the below, only IP addresses are allowed for a proxy server:
I don't think this is true. The help says "address", not "IP address" and I didn't find it mentioned anywhere that entering a hostname instead of an IP address shouldn't work.
-
1 hour ago, kittenofd00m said:
I am having the same issue.
I can only repeat what I have already stated: The issue has been already fixed in v12.2 beta.
-
Please create a support ticket since this is something that cannot be solved here in the forum.
-
Are you positive that nslookup can resolve the hostname but if entered correctly in the EAV advanced setup -> tools -> proxy server neither updates nor LiveGrid checks work ?
-
It's nothing unusual, I have several similar records as well:
Time;Application;Operation;Target;Action;Rule;Additional information
5/28/2019 4:38:13 PM;C:\Windows\System32\svchost.exe;Get access to another application;C:\Windows\System32\winlogon.exe;blocked;Self-Defense: Do not allow modification of system processes;Modify state of another applicationSo unless you are experiencing issues caused by SD, consider it normal.
HIPS Event in log files
in ESET Internet Security & ESET Smart Security Premium
Posted
If you keep getting the error message, please provide me with the stuff requested above.