Marcos
-
Posts
36,488 -
Joined
-
Last visited
-
Days Won
1,452
Posts posted by Marcos
-
-
The problem with the machine from which the latest logs were taken is that you have an old eamonm.sys driver from v4.5 running. Did you upgrade to EFSW v7 from EFSW v4.5? If so, a restart is needed after installation for new drivers to get loaded. Did you reboot the server? If so, please uninstall EFSW completely, make sure there is no eamonm.sys driver in c:\windows\system32\drivers and install EFSW v7 from scratch.
-
If Octagon is your local retailer, you should contact them or your local customer care for assistance.
-
EFSW v7 doesn't support Windows Server 2003. The latest version with support for this OS is EFSW v6.5.
If security of your data matters to you, we recommend considering upgrade to a modern, secure and fully supported OS. Installing an antivirus on the server won't make it secure enough and having all known critical vulnerabilities patched is a must. Unfortunately, this can't be accomplished with an OS not supported by the vendor (Microsoft) any more.
-
5 minutes ago, vanguard said:
Marcos. Independent of what ESET facilitates in its service, anti-they will no longer work because Google have removed features in the phone. Please acknowledge - Google have stated THEY have removed it - the ESET anti-theft portal isn't going to put it back.
Do you see support of the Anti-Theft portal listed here? It's not there.
I use a Google Play version of EMS, have Anti-Theft enabled and I'm able to control it via the AT portal.
-
41 minutes ago, vanguard said:
Not since an update in the Google Developer Policies...
Anti-Theft in any version of EMS can be controlled via the Anti-Theft portal https://anti-theft.eset.com/ provided it's enabled in the AT setup on a phone.
-
You can find your device through the Anti-Theft portal that you can reach through my.eset.com.
-
On 5/14/2019 at 9:01 PM, cmit said:
Our "Display alerts" and "Display notifications on desktop" is set to disabled. Is this the reason we didn't get that red and yellow alert?
That's correct.
1, With "Display notifications on desktop" disabled:
2, With "Display notifications on desktop" enabled:
-
A post has been removed. Please refrain from personal attacks and offense and keep the discussion to point.
-
We'll need a log from time when the communication occurs. The log you've provided basically doesn't show any other than MDNS communication generated by the TV stick. I'd suggest disconnecting it while generating the logs so that only relevant packets are recorded.
-
8 minutes ago, itman said:
as long as the it shows that the cert. is valid on the download .exe, there is nothing to be concerned about
I would correct this - as long as there is a timestamp (countersignature), the digital signature remains valid if the certificates used to sign the file already expired.
-
23 minutes ago, Martin223 said:
Hello, Marcos. Johuan says his .exe has a signature with an expiration date of 06 May of 2019 but itman has expiration date of 12 December 2028. Can you please confirm witch is the right one? P.S. I know both are valid but curious why they are different. I just downloaded and says 06/05 /19 in the sha256.
I don't know what executables they checked but it doesn't matter. What matters is the presence of a countersignature which ensures that the certificate was valid at the time of signing the installer:
-
Definitely I'd suggest opening a support ticket for your local customer care. Also please provide me with logs collected with ESET Log Collector after renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode (the folder "C:\Program Files\ESET\ESET Security\Drivers" must be renamed during troubleshooting too).
-
"JS/ScrInject.b virus is a highly dangerous virus." This must be a joke since it's rather the opposite. It's a very generic detection that may trigger false positives at times.
By the way:
wipersoft_setup_1_1_1100.exe » INNO » {app}\wipersoft.exe - a variant of Win64/WiperSoft.A potentially unwanted application
The website in question is also blocked as scam and it indeed resembles tech support scams.
-
Most of the packets and communications are MDNS, there was basically no communication through other protocols:
MDNS is allegedly not natively supported by Windows and you need a 3rd party application like Bonjour to support it, however, it was not among installed or running applications (could be a different one).
What device is 192.168.0.212? There are many repetitive MDNS queries for "amazon-399dfd5f2.local", what is that?
206 0.058018 2019-05-18 02:35:52,484647 192.168.0.13 192.168.0.212 MDNS 82 Standard query 0xfa0b A amazon-399dfd5f2.local, "QM" question
Maybe related to this?
-
This is not a problem of ESET at all. The certificate used by the server in question was revoked and is not trusted any more as you can also see here:
https://www.ssllabs.com/ssltest/analyze.html?d=cardsecurity.standardchartered.com
-
It was a false positive which was resolved quickly. The host was blocked due to malware that was detected there.
-
I consider this case closed. The only solution we can advise is reinstalling the OS.
-
The firewall troubleshooter is meant to be used only when you are having a specific network communication issue. If you are not having any, do not run it please.
-
If you are not having any issues, then there's nothing to solve. It is normal that firewall blocks some unwanted or unneeded traffic. Should there be an issue, we can help you with troubleshooting it.
-
Please if you are not an advanced user with technical knowledge about how networking works, use default settings. Otherwise setting non-default values may cause issues that you may not be able to resolve yourself without reverting to default settings.
As to what ARP requests and responses are, you can read about it on Wikipedia (https://en.wikipedia.org/wiki/Address_Resolution_Protocol) or elsewhere on the Internet.
-
Please elaborate more on the issue that you are having. What connections are blocked? How does it manifest? Do you have an application that doesn't work properly because of that? Do you use automatic firewall mode without any custom rules? Did you set your local network as home/office (trusted)?
-
You can create a blocking rule and put it on top of pre-defined rules that are hidden by default to take precedence over them. Do it on your own risk and in case something stops working it might be because of that.
-
If you have marked your local network as home/office and not as public, sharing via SMB will be allowed within your network but blocked from outside.
https://www.thewindowsclub.com/smb-port-what-is-port-445-port-139-used-for
...it is in our interest to not expose Port 445 to the Internet but like Windows Port 135, Port 445 is deeply embedded in Windows and is hard to close safely. That said, its closure is possible, however, other dependent services such as DHCP (Dynamic Host Configuration Protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs, will stop functioning.
-
Please refer to How do I report a false positive or whitelist my software with ESET? in the FAQ.
However, in this case the url will most likely remain blocked.
Since this forum is not meant to be a channel for disputing detections and blocks, we'll draw this topic to a close.
Eset File Security issues
in ESET Products for Windows Servers
Posted
I don't think that upgrade from ERA to ESMC would have any effect on systems. Did you mean upgrade of EFSW v6 to EFSW v7? Would you please provide a complete memory dump from an unresponsive state as per https://support.eset.com/kb380/?