Jump to content

Marcos

Administrators
  • Posts

    36,336
  • Joined

  • Last visited

  • Days Won

    1,445

Everything posted by Marcos

  1. 1, I assume you meant *.doc just as an example since document files often contain malicious macros nowadays and thus they should never be excluded from scanning. 2, As for the cleaning mode, I was not referring to your post but to the other complaint from another user. 3, As I wrote, neither vhd files nor the other formats you mentioned are scanned by real-time protection so basically you shouldn't need to exclude them. If there's a really good reason for excluding them, we would like to hear more details about the issues that occur when those files are not excluded.
  2. You should not use the Agent deployment task which is intended for deploying agent if not installed yet. To upgrade existing agent to the latest version, use the client task "Security Management Center component upgrade" which you can assign to a dynamic group with outdated agent version, using the Joined dynamic group trigger .
  3. Please raise a support ticket for your local customer care. I assume it could be that a policy is applied every few seconds or something like that so the issue will need to be investigated with the help from developers as well.
  4. This FP existed only for a short time and was already fixed at the time you reported it. It takes a few minutes for the product to get current lists from LiveGrid, hence it took little time until the issue was resolved on your machine.
  5. Please follow the instructions for submitting samples at https://support.eset.com/kb141. However, since it's a crack, generally I would not recommend running it regardless of what it does.
  6. Regarding the transfer of your license, simply uninstall ESET from the former machine and install it on the new one. During uninstall, deactivation will be performed and the license will be freed for activation on another machine.
  7. Are you able to log in to the AT portal from a pc o notebook alright?
  8. Hello, Please provide me with the case ID number so that I can check with ESET LLC what happened with the ticket. Regarding your questions: 1, It is very highly unlikely you would have malware that simulates keystrokes or mouse to change your ESET settings. Anyways, you can set a password to protect them, if you wish. I'd suggest exporting the config to xml files and comparing them to see if there are any differences. I assume it's just a gui glitch or whatever. 2, You can create a general block rule, put it on the top of the rules and then creating permissive rules for applications that you allow to communicate over the Internet.
  9. Since this is an English forum, we kindly ask you to post in English so that moderators and other users can understand and help you. Please follow the instructions at https://support.eset.com/unlockems/. Should you be unable to resolve the issue, please contact your local customer care.
  10. There was no issue according to the install log: MSI (c) (C0:D0) [09:13:37:668]: Product: ESET Endpoint Antivirus -- Installation completed successfully.
  11. The mirror feature for updating offline computers is available only in business products. Products for home users require Internet connection to update.
  12. Please provide especially install.log. It's mentioned in the KB, step 4: The install path will be inserted into the Run window. Type (space) /lvx* install.log at the end of the install path, and click OK.
  13. Provide a Procmon log that will be generated at time when a modification of the mentioned txt file occurs.
  14. EFSW is configured to update from ESET's update servers: Is the computer completely offline or it's connected to another computer with Internet connection that creates a mirror? If the latter, it'd be easier and safer (because of LiveGrid) to use an http proxy to update modules and lists from ESET's servers through the proxy.
  15. First of all, we kindly inform you that according to this forum rules this forum is not a channel for disputing detections. The application is correctly detected as potentially unwanted, ie. PUA detection is optional and it's at users' discretion whether they enable detection or not. Even with enabled PUA detection, users can easily exclude a particular PUA from detection if they want to. More information about PUA detection can be found at https://support.eset.com/kb2629. Having said that, we'll draw this topic to a close.
  16. Please provide an install log from a failed installation as per the instructions at https://support.eset.com/kb406.
  17. The only possibly related information are regarding the process mb_warband.exe which has read 2115 bytes of data from C:\Users\Sixxo\Documents\Mount&Blade Warband\rgl_config.txt. There was no write to this file logged. If you want us to analyze what happened, we must receive a correct Procmon log from time when a process modified that file.
  18. 1, You can turn on the filter to filter out non-threat related records, such as problems opening files. 2, This is possible in v12.1 which is currently available for testing within the Insider program. In order to see details about running scans, click "Open scan window" where you will see what threats have been found so far.
  19. I'm sorry but I don't get it. We'll definitely need a Procmon log from time when the mentioned value was changed in rlg_config.txt.
  20. Try reinstalling the agent on a client using current CA and the peer certificate. Should connections to the ESMC server be still refused, please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and the tracelog. You can post status.html here so that we can check the errors.
  21. You should have checked the value before stopping logging. If it was changed, then it must have happened when Procmon was not logging.
  22. Did rlg_config.txt actually contain the correct value before you started logging and the value was changed before you stopped logging?
  23. The Procmon log doesn't contain information about operations with rlg_config.txt.
  24. Yes. Do not run the game longer than necessary since Procmon will log a lot of data and the log will grow quickly. When done, save the log, compress it, upload it to a safe location (e.g. DropBox, OneDrive, etc.) and drop me a message with a download link along with the full path to the file was modified.
  25. Yes, I confirm it's a false positive. The IP address was blocked by a robot almost a day ago. It's been fixed, you can reboot the machine to enforce download of current url lists.
×
×
  • Create New...