Marcos

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.2.23.0 have been released and are available to download. Changelog: Version 12.2.23.0 Changed: Installation on Windows XP is not possible Added: Drag and Drop support for quarantine Added: Trusted Devices feature (ESET Password Manager) Added: Two-Factor Authentication with Google Authenticator (ESET Password Manager) Added: iOS Face ID Authentication (ESET Password Manager) Added: Secure sharing of login information (ESET Password Manager) Added: Cryptocurrency wallets (Banking and Payment Protection) Added: Option “Disable Keyboard protection” (Banking and Payment Protection) Added: HTTP2 support (Banking and Payment Protection) Added: Advanced scanner logging for diagnostic purposes Improved: In-browser alerts and notifications of Web Access Protection and Parental Control Fixed: Stealing focus from active window under certain circumstances Fixed: Various functional and localization bugs * greyed out are features not included in ESET NOD32 Antivirus Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.2.23.0 have been released and are available to download. Changelog: Version 12.2.23.0 Changed: Installation on Windows XP is not possible Added: Drag and Drop support for quarantine Added: Trusted Devices feature (ESET Password Manager) Added: Two-Factor Authentication with Google Authenticator (ESET Password Manager) Added: iOS Face ID Authentication (ESET Password Manager) Added: Secure sharing of login information (ESET Password Manager) Added: Cryptocurrency wallets (Banking and Payment Protection) Added: Option “Disable Keyboard protection” (Banking and Payment Protection) Added: HTTP2 support (Banking and Payment Protection) Added: Advanced scanner logging for diagnostic purposes Improved: In-browser alerts and notifications of Web Access Protection and Parental Control Fixed: Stealing focus from active window under certain circumstances Fixed: Various functional and localization bugs Upgrade to Latest Version Upgrade my ESET Windows home product to the latest version Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support. Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

This value is set by the operating system and 3rd party vendors have no reason to change OS settings that are controlled by the OS itself. By default, the value FeatureBits doesn't exist. We do not inject eamsi.dll whatsoever. If a particular process utilizes AMSI, the OS is responsible for loading the said dll into it. No. The said certificate is intended to sign ELAM drivers only. Microsoft doesn't sign 3rd party dlls.

Most likely this is what happened: - an attacker logged in with administrator privileges (stole an admin password, guessed it or brute-forced it) via RDP - ESET was not password protected so they paused or removed the AV - the attacker ran a ransomware to encrypt files - the attacker re-enabled AV protection. First of all, make sure that RDP is properly secured and a lockout policy is set to prevent brute-force attacks. For improved security, use 2FA. If you don't need RDP, disable it. To improve AV self-defense, set a password to prevent unauthorized users from disabling or uninstalling the AV. Also we recommend enabling detection of potentially unsafe applications so that hackers cannot use legitimate tools to circumvent protection. I'd suggest the following steps: - collect logs with ESET Log Collector - put a handful of encrypted files (ideally Office documents) along with the ransomware note (payment instructions) into an archive - submit both archives to samples[at]eset.com and wait for further instructions.

https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware Every AV company must not rely on machine learning itself. We use a combination of different approaches, including AI and ML, as also mentioned at https://www.eset.com/int/about/technology/. Related documents and articles: https://www.eset.com/blog/enterprise/is-the-ai-hype-muddling-the-meaning-of-machine-learning/ https://cdn1.esetstatic.com/ESET/BLOG/Whitepapers/2018/ESET_AI_hype.pdf https://www.welivesecurity.com/wp-content/uploads/2019/02/ESET_MACHINE_LEARNING_ERA.pdf

Do you have the repository set to AUTOSELECT so that installers are downloaded from the closest CDN server? Do you use a firewall or proxy that might possibly disrupt the communication or corrupt downloaded files?

Now try re-enabling HIPS (don't forget to rename Drivers_bak back to Drivers) but disable: - Advanced Memory Scanner - Self-defense Let us know if the problem returns or if it works without issues. If the issue doesn't occur, try enabling self-defense and test it for a while. Then re-enable AMS and make another test.

I have the same but cannot reproduce it. As long as the secure browser opens, it's secure. The green frame and logo is just an indication that you're browsing securely. I'd suggest opening a support ticket with your local customer care for further troubleshooting of the issue.

Please read this before you post reads: Do not report blocked websites After cleaning a website from malware and taking measures to prevent further re-infection, request a re-check as per the instructions in the FAQ. This forum does not serve as a channel for requesting website re-check or disputing blocks or detections. Having said that, we'll draw this topic to a close.

In the list of installed applications you see if a particular application can be uninstalled remotely:

Is the software you attempted to uninstall installed in the Program files folder and appears in the list of installed programs in the Control Center?

We are very sorry for the delayed announcement. It is our goal to post announcements on time with the release of new product versions so that you have all information about the releases at your disposal on time. We can assure you that we're working on improvements in this field to prevent this from happening in the future.

Just to make sure, do you have reporting of non-ESET applications enabled via an agent's policy?

This cannot be true because when SSL filtering or the whole protocol filtering is disabled, the SSL (https) communication bypasses ESET completely so there's no chance we would intervene in it in any way. You can test the behavior when a self-signed untrusted certificate is used here: https://self-signed.badssl.com/ You should be asked by the browser if you want to continue to the website.

There's nothing to fix on our part. SystemRequirementsLab is PUA and therefore the url is blocked as PUA. PUA detection is optional. The question is why Catalyst accesses the PUA url but that's not a question for us but for the maker of Catalyst. If you are ok with giving information about your IP address and country to the PUA vendor, you can add the blocked address to the list of allowed addresses so that it's not blocked.

The membership in dynamic groups is evaluated by agent on clients. Therefore agent must first connect to the ESMC server to receive information about dynamic groups. Then it evaluates the membership in DG and sends this information to the ESMC server the next time it connects to the server.

This is what happened: 1, You use another free AV with its real-time protection active and you ran a scan with ESET Online Scanner to see if ESET finds a threat missed by your AV that could be still on your machine. 2, Upon running ESET Online Scanner, you opted for detection of potentially unsafe applications which cover legitimate tools that could be misused in the wrong hands and some toolbars too. This detection is disabled in ESET's products by default. 3, The free version of your AV is known to be distributed with a toolbar that ESET detected during the scan. 4, The toolbar was detected in your AV's folder so it could be that the AV protected it from being removed by EOS.

That Google toolbar has been detected by ESET for a long time as a potentially unsafe application. This type of detection is disabled by default which is probably why it wasn't detected by ESET when you ran a scan in the past.

Cleaner module 1197 was put on pre-release servers on Monday. Today it's been released to several millions of users with regular update channel with the rest to follow soon.

I'm afraid I don't understand what the issue is. I take it you have Romanian version of Endpoint installed. When a new version is available, you create a software install task, select the appropriate product in Romanian and send the task to clients. Is the issue that the Romanian language changes to a different one after upgrade?

ESET asks you whether you want to enable the cloud LiveGrid feedback system and detection of potentially unwanted applications during installation. Under no circumstances ESET spies on you. For ESET's privacy policy, please visit https://help.eset.com/eav/12/en-US/privacy_policy.html.

Are you referring to self-defense of ESET Parental Control for Android?

That is not possible, however, we plan to start releasing automatic program updates for Endpoint soon.

I'd suggest creating a support ticket with your local customer care and ideally providing them with the application and step by step instructions how to reproduce the issue. Otherwise it will be necessary to narrow it down to a particular protection module or setting and then troubleshoot the issue further.

If it's your own program, does any of the following make a difference? - pausing web protection - disabling protocol filtering in the advanced setup. Does the program communicate via http or https?