-
Posts
36,515 -
Joined
-
Last visited
-
Days Won
1,453
Posts posted by Marcos
-
-
It will be fixed in v12.2. I reckon the beta version has it already fixed.
-
Please check https://forum.eset.com/topic/19566-dynamic-group-to-pick-up-multiple-old-versions-of-eset/ for information how to create a dynamic group with computers running an older version of ESET security product. Subsequently you can send a software install task to the group to upgrade the security product to the latest version.
-
By default ESET security products check for new version of modules in 1 hour interval plus we also employ streamed updates and LiveGrid check for maximum protection.
If you mean program updates, currently you need to create and send a software install task on clients when you want to upgrade a security product to a newer version. However, we now have so-called micro program component updates ready which will allow for automatic update to the latest version if you configure program updates to be installed automatically.
-
Of course the bug when Ransomware shield detection is not logged on clients manifests every time a suspicious (encrypted) file has been created by renaming, however, that's the only bug related to your report.
I don't see any problems with the records you marked with the red rectangle. Please clarify and post a screen shot with alarm details.
-
5 hours ago, ebudihar said:
what about for Cambodia? Do you have a special price for non profit organization education based?
Please contact your local distributor to answer your questions. For contact information, refer to https://www.eset.com/kh/about/contact/.
-
Ok, so this is most likely what happened:
- the support agent received encrypted files from a customer
- upon saving the encrypted files on a disk, Ransomware shield detected a suspicious behavior and triggered a detection which was not logged locally in the Detection log due to a bug but it was reported to EEIWhat I would suggest:
- Excluding the ESET folder in which files from customers are saved to
- Editing ACL and denying the permission to read & execute files in the folder to prevent the support agent from executing malicious files that might be saved there. -
0b36728a48fbff17a45be400c628052e6dca95fc - NSIS/CoinMiner.T trojan
NsCpuCNMiner32.exe - a variant of Win32/CoinMiner.DQ potentially unwanted application
NsCpuCNMiner64.exe - a variant of Win64/CoinMiner.CZ potentially unwanted applicationThe first one is a NSIS archive, the detection was added in April 2018. The other 2 executables (PUAs) are inside the NSIS archive, the detection was added in July 2017.
-
Does the user on the machine in question receive files from customers for instance and processes them? Are there any files that had been on the machine and were encrypted?
What is the ESET subfolder in the Downloads folder intended for?
-
It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy.
-
What ESET product did you purchase; Endpoint or EAV/EIS for home users? If the former, in ELA or EBA (https://eba.eset.com) you should see the last seen date and deactivate devices that haven't reported for a long time.
-
4 hours ago, Amr Elsisi said:
When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes
What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected.
-
1, ESET like any other application on Android is considerably limited by the design of the operating system and permissions granted by the system / user. I've searched bug reports and tickets from users related to S10 issues and there was basically just one related to fingerprint authentication. That said, I assume that EMS works alright on S10. In case of issues, customer care should be contacted and logs should be submitted from the application for perusal.
2, Without further investigation and logs it's impossible to tell what happened. Users are expected to contact customer care if there's an issue and a resolution or explanation should be provided relatively quickly.
-
I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.
-
Basically you shouldn't need to do anything after purchasing a renewal. Your existing license is prolonged on ESET's side and your product continues to work without any interaction.
I've found your renewed license and indeed the license key hasn't changed.
-
So is it detected by ESET or not? If it is, under what name? If not, please submit it to samples[at]eset.com in an archive encrypted with the password "infected".
-
Have you also submitted logs as per the KB I referred to? Just knowing the file name doesn't tell anything.
-
Is that "DC002. Exe" a name of a file? Is it detected by ESET? If not, please submit it to ESET for analysis as per FAQ on the right-hand side of this forum.
-
If you have a paid license for an ESET product, please provide logs collected with ESET Log Collector for a start.
-
After disabling which of the 2 above settings the issue disappeared ?
-
Since this is an English forum, we kindly ask you to post in English. If you don't speak English well, you can use a machine translator.
As for your question, the files were most likely encrypted by Filecoder.STOP. Decryption for this variant is not currently possible. Do you have a license for an ESET product? If so, which one and what version have you had installed?
-
-
1, Not necessarily. In networks administrators usually manage Endpoint configuration centrally via ESET Security Management Center.
2, Unless exclusions are set by a policy, you can edit them. However, it's not equal to disabling real-time protection in the advanced setup and rebooting the machine which ensures the real-time protection not to be loaded at all.
-
We are said to hear that you are moving away from state-of-the-art security products that ESET develops. We would highly appreciate if you could elaborate more on the reasons that made you make such decision.
And to answer your question, simply uninstall ESET (e.g. from the ESMC console if you have it installed on many computers) and that's it.
-
Here you disable protocol filtering:
And here HIPS:
Make sure that both settings are re-enabled after running the tests.
Easy Protection !!!!
in ESET Internet Security & ESET Smart Security Premium
Posted
It's enabled by default in HIPS setup: