Marcos
-
Posts
36,872 -
Joined
-
Last visited
-
Days Won
1,464
Posts posted by Marcos
-
-
No ELC logs were attached.
-
You can have only one firewall active at time. If you want to use Windows firewall, disable ESET's firewall in the advanced setup.
Do you mean that permissive rules from Windows firewall are not honored? Please provide an example of such rule.
-
With ECA you have to generate a Live Installer (epi_win_live_installer.exe) and deploy it on machines.
-
I don't think it's necessary to remove the extension. Please follow the instructions in the KB https://support.eset.com/kb6551 if it is continually being detected.
-
I would strongly recommend upgrading to the latest version of Endpoint v7.1. V7 brought support for streamed updates to react even quicker to new threats and also Behavioral inspection was added among other improvements and fixes so upgrade definitely makes sense.
-
Please move the following files to a new folder, then reboot the machine. Those are two tasks that trigger powershell to download a resource from blocked URLs:
c:\windows\system32\tasks\Sync
c:\windows\system32\tasks\WinnetPlease submit the two files to samples[at]eset.com in an archive encrypted with the password "infected".
-
Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed.
The OP was informed and improvements in protection were suggested.
- Mauricio Osorio, itman, 0xDEADBEEF and 1 other
-
4
-
I'm sure the OP meant edevmon.sys which is the only driver that may cause the said issue if removed from the disk without being properly unregistered from the chain in the registry.
-
What exact version of Endpoint do you have installed? Is it a 32 or 64-bit OS?
-
If possible, uninstall ESET and install the latest version of Endpoint v7.1. In case of problems with uninstallation, use the Uninstall tool in safe mode as per https://support.eset.com/kb2289/.
Should the problem persist, please carry on as follows:
1, Configure Windows to generate complete memory dumps as per https://support.eset.com/kb380/.
2, After a reboot, reproduce BSOD.
3, Gather logs with ESET Log Collector (e.g. after removing ESET in safe mode).Provide us with both the dump (in a compressed form) and ELC logs. You can upload them to a safe location and drop me a private message with download links.
-
The files were probably encrypted by Filecoder.STOP. Decryption is not currently possible. I'm going to provide you with instructions how to generate and gather logs for further investigation.
-
It means that agent was not able to connect to epns.eset.com. The connection was probably blocked by a firewall. Also make sure that the client can connect to epns.eset.com directly in case you use a proxy server.
However, this error should be unrelated to activation issues and is probably a result of sending a wake-up call to the client.
-
Please contact the seller from whom you purchased your license. It could be that we have a different email address on files than the one you entered in the form. The seller should be able to assist you and provide you with your license email.
-
Antispam is provided only by mail transport protection.
-
3 hours ago, zamar27 said:
What's the difference btw OBJECTS and FILES in Real-time File System Protection? Why FILES are separated to Additional Threatsense Parameters? 😉
When referring to objects, we mean basically files, but we prefer using this general term since objects may also mean archives, processes, WMI, UEFI, streams, etc., ie. anything that can be scanned. As for the settings referring to newly created or modified files, it really concerns files only. We could use the general term "objects" as well but "files" sounds more natural to users.
-
Novice, please stop trolling and refrain from ranting. Stop blaming ESET without any proof that we failed to stop ransomware. Without forensic analysis it is impossible to make any conclusions! How do you know that the user had ESET password protected? What if it wasn't, an attacker remoted in via RDP because the OP didn't have RDP secured, paused protection and then ran the ransomware? We don't know yet what happened so we can't make any conclusions without a proof either.
And if you expect 100% malware protection and missing a threat as a big big fail, then show us antivirus with 100% detection that doesn't miss a single threat and we'll prove otherwise.
-
On 5/11/2019 at 2:01 AM, pcguy said:
I have installed Firefox release version and NOD32 still is complaining apparently every hour or so that the cert cannot be installed on some unknown browser somewhere on this computer.
Please carry on as follows:
- disable SSL filtering
- reboot the machine
- without launching any application, re-enable SSL filtering.Should the problem persist, start logging with Procmon and disable / re-enable SSL filtering, then stop logging and provide the generated log in a compressed form.
-
Didn't notice this inconsistency until now. Advanced heuristics always also means DNA detections.
-
Not sure what you mean. I've googled for LightShot and was able to open the website and download the application as well.
-
There are several topics that cover cloning of computers, for instance:
https://help.eset.com/esmc_admin/70/en-US/support_vdi.html
https://support.eset.com/kb6858/ (Supported settings in VDI environments using ESMC (7.x))
Is it physical machines or machines from a VDI pool that you deploy the master image on?
-
11 minutes ago, Navara said:
Description: Display last 5 log messags on hover on Eset's icon
This is not possible since there are several types of logs which would mean to display about 60 lines of text in the tooltip. Logs can be accessed quickly through the right-click context menu on the tray icon.
-
10 minutes ago, Navara said:
Description: Lower priority for maintenance tasks
Detail: Several times a day while playing game (DarkSouls 1 on Steam if it matters) game gets very laggy and drops to 1 frame per few seconds. When I explore task explorer for what's going on, it's ekrn.exe fully utilizing cpu.
Searching trough it's logs I find out it was regular database update. No defending my computer against ongoing attack, but just regular maintenance. Those should be run on lowest priority possible to not interfere with computer operation...
Applications running in full screen mode activate gamer mode by default in which neither updates nor scans are run. Updates have nothing to do with the log maintenance task.
-
A quote from https://en.wikipedia.org/wiki/Firefox_Send:
All files are encrypted before being uploaded and decrypted on the client after downloading. The encryption key is never sent to the server.
That means ESET scans only encrypted files, ie. it's impossible to detect anything there.
From the technical documentation (https://github.com/mozilla/send/blob/master/docs/encryption.md :
The secret key is appended to the share url as a #fragment and presented to the UI
That means the key only leaves the machine when the user transmits it manually, so there's no reliable way for us to get to it.
-
8 minutes ago, Calentor said:
Because of the entries in the HIPS log (see attachment)
That may not be the cause. If you trust the application, try what I advised above.
Mrs J Rennie
in ESET NOD32 Antivirus
Posted
Just to let you know, I was able to find a license registered to a different email than the one used for your previous license. It's XXXXXX.XXX5@gmail.com (most letters were replaced with X). I've entered it in the password retrieval form https://www.eset.com/int/support/lost-license/ so you should have received it to that email address.