Marcos
-
Posts
37,013 -
Joined
-
Last visited
-
Days Won
1,469
Posts posted by Marcos
-
-
7 minutes ago, itman said:
As far as I am aware of, Sandboxie's driver is validly signed. Did you download it from here: https://www.sandboxie.com/DownloadSandboxie .
Yes, exactly from that link.
-
I've tried to install the latest version of Sandboxie on Windows 7 to no avail. Getting an error while installing the driver:
-
It's a potentially unwanted application which is an optional detection. If you think that benefits of using a particular PUA outweigh possible risks, you can exclude it from detection (Exclude signature from detection), e.g. through advanced options in the yellow alert window.
-
9 minutes ago, Mr.Wong said:
So the second picture detection is correct, and what about the first picture detection? Is it a false positive?
It's correct too. Both detections seem to be related to aggressive ads.
-
Does temporarily disabling integration with MS Outlook and (or) protocol filtering in the advanced Endpoint setup make a difference? If not, what about temporarily disabling the ESET firewall or Network attack protection or Botnet protection? Those are protection modules that may affect network communication.
-
Please carry on as follows:
1, Temporarily set Debug verbosity for trace logging in the ESMC Server setup:
2, Start logging with Wireshark
3, Change the repository to any address (may be a non-existent)
4, Change the repository to Autoselect (this will enforce a connection to the repository).
5, Wait a few seconds, then stop logging in Wireshark.
6, Save and compress the Wireshark log and upload it here along with the trace log.
-
If you want, you can switch to pre-release update channel in the advanced setup -> Update and you should receive an automatic update to v12.2 within a few hours.
-
This is not currently possible. You can contact your local customer care so that they report it to ESET HQ as a wish. A research on this would have to be carried out in the first place.
-
Please always create a new topic for different questions. As for alerts about protocol filtering, they should not occur at all. Let's create a new topic and upload logs collected with ESET Log Collector there so that we can check what's wrong and suggest further steps.
-
Probably you have insufficient free memory or the available memory is too fragmented. Please collect logs with ESET Log Collector and upload the generated archive. Try rebooting the server.
-
I'm not having any issues right now. Also checked your account and didn't find any problems either. Are you still having the said issue with logging in to the Parental control site?
-
In the currect v 12.1.34 there is a known issue with creating rules in interactive mode when connected via Remote Desktop. The bug will be fixed in v12.2.
-
There were no records related to Sandboxie in the HIPS log. Almost all blocked operations were related to Process Explorer. Does temporarily disabling HIPS and rebooting the machine make a difference?
-
It's technically one license so it will become valid for one or 2 years since the date of purchase. If you received an activation key (not a license key), typically provided with boxed versions in retail shops, such licenses become active as of the date of activation through the web.
-
Did you purchase ESET through www.eset.com/us ? I'm not 100% sure but I don't think that ESET sells boxed versions through the web. Please contact the seller or ESET LLC.
-
Since Micro Center sells in the US we can only recommend you to contact their support in the first place. In case of problems you can also contact technical support by ESET LLC.
-
Please check this out: https://forum.eset.com/topic/20067-i-cant-connect-to-activate-product/
-
For some reason you don't have msedge.exe in the list of SSL-filtered applications. It should have been added as soon as SSL communication of the process was detected:
Try adding it manually in the list:
-
First of all, please make sure there's no record of "edf.eset.com" in this file: C:\Windows\System32\drivers\etc\hosts.
-
It's all just about smart optimization, nothing else and nothing more. It's caused by obfuscation that the txt file was not detected.
1, Advanced heuristics doesn't scan scripts, there's a script scanner for that and the command-line (AMSI) scanner on Windows 10.
2, Scripts are not run sandboxed.
3, HIPS doesn't monitor file operations but real-time protection does.We'll try to address it asap but if turns out to cause more harm then good then we'll probably leave it until it's addressed in a smarter way in the future utilizing HIPS.
-
Looking at the policy, I don't see any reason why it shouldn't work:
Could you please collect logs with ESET Log Collector from the client where it doesn't work?
-
Pushing the reset button must always work since it's a hardware reset, not a software one. It's like if turning the power off and on would not make any change which can't be obviously true.
Please enable triggering of manual crash as per https://support.eset.com/kb380/, configure Windows to generate active memory dumps, restart Windows and reproduce the freeze. After a few seconds trigger a crash manually so that a memory dump is generated. After a reboot, compress the dump, upload it to a safe location. Also collect logs with ESET Log Collector and upload it as well. Finally drop me a private message with links to both files.
-
The topic was unhidden so that other users seeking an answer to your question in the future can find it here.
-
3 hours ago, Tetranitrocubane said:
Before I do that, is there any risk of personal information being included with the log, since I'll be uploading it to a public location?
Files uploaded in our forum are accessible only by ESET staff.
ESET Block our website, Email sent but never got response
in Malware Finding and Cleaning
Posted
As stated in Please read this before you post, this forum does not serve as a channel for disputing detections and blocks.
In this particular case, the website was compromised and still contains malware (JS/Spy.Banker.DF trojan) that is executed as the website opens in a browser. The detection is correct, it's not a false positive.