-
Posts
36,115 -
Joined
-
Last visited
-
Days Won
1,439
Everything posted by Marcos
-
Please name only those that do not have support in browser add-ons which is quite trivial to implement. We do the filtering deeper at the Windows Filtering Platform level which gives us the possibility to be browser-independent and filter the http(s) communication of any application, not just browsers' communication.
-
Open/Show ESET Status Interface after Installation
Marcos replied to HSW's topic in ESET Endpoint Products
It's not clear what you mean by "ESET status interface". Is it the Protection status window in the gui? -
Unfortunately files encrypted by GandCrab 5.0.4 cannot be decrypted. If you are an ESET user and had ESET installed at the time the files got encrypted, we can try to investigate what happened and what led to the infection.
-
The middle screen shot shows results from a context scan that was run on Nov 19 with the version of the detection engine 18404 which was installed at that time. The last screen shot shows two different modules: the detection engine and the Rapid response module. They obviously must be of different versions.
-
Unfortunately, uninstalling Endpoint and installing it from scratch is the only viable solution besides editing a specific registry value in safe mode. The issue doesn't occur on systems that had HIPS enabled before upgrade.
-
unable to uninstall era agent
Marcos replied to petersonal's topic in ESET PROTECT On-prem (Remote Management)
Remote admin tools have an option to re-establish connection after booting to safe mode where you could run the ESET Uninstall tool to remove the era agent completely. Wouldn't that be an option? Then you could install the latest version of the ESMC agent from scratch. -
ESET EndPoint AV 6.6 on Win 2016 RDS Server
Marcos replied to Jackie Vosloo's topic in ESET Endpoint Products
After installing ESET, Windows should turn off Windows Defender as soon as ESET registers in the Security Center. Please make sure that Windows Defender is not running when ESET is installed. -
Did you have HIPS enabled in Endpoint v5? Are all machines affected? Does uninstalling EPv7 on one machine and installing it from scratch resolve the issue?
-
Please make sure that you have proxy server set up correctly in the advanced setup -> tools -> proxy server. If that's not an issue, check https://support.eset.com/kb332/ for a list of addresses and ports that need to be allowed on a firewall in order for Endpoint to work properly.
-
It is not possible to log all files scanned by real-time protection. It would generate huge logs and have a big performance impact. The option you mentioned is for logging all files that are scanned in self-extracting archives.
-
What do you mean by "still updating up to this moment" ? Did the update end with an error? If so, disable logging, gather logs with ESET Log Collector and provide me with the generated archive.
-
Irratic Off-Line Scan Behavior
Marcos replied to itman's topic in ESET Internet Security & ESET Smart Security Premium
Not sure what you meant by "continuous scanning option", there's no such setting in ESET's products. If modules were updated between the scans, the scan cache would have been reset so more files would be scanned the next time. You could perform scans with elcs.exe which doesn't take advantage of the local cache and therefore should always scan the same number of files. -
WPS Office - Missing in Installed application
Marcos replied to Justin's topic in ESET PROTECT On-prem (Remote Management)
Not really. That setting enables reporting of non-ESET applications that are installed for all users. There is currently no option to report applications installed only for specific user accounts. -
License renewed, clients failing to activate
Marcos replied to davey's topic in ESET Endpoint Products
I've noticed that the driver C:\Windows\system32\drivers\MBAMSwissArmy.sys is loaded. Try uninstalling MBAM for a while and see if it makes a difference. -
License renewed, clients failing to activate
Marcos replied to davey's topic in ESET Endpoint Products
It's weird but there was no communication with ESET's activation servers nor the appropriate DNS request logged. Please generate fresh logs, now also with "advanced licensing logging" selected. Also temporarily change logging verbosity to Diagnostic. Before activation, please close any network-aware application (browsers, email client, etc.) so that the log contains only related network communication. After enabling advanced logging, click Help and support -> Change license -> Enter a license key. If activation fails with an error, disable logging, change the logging verbosity back to Informative and gather fresh logs with ELC. -
You can enable advanced update engine logging in the advanced setup -> tools -> diagnostics and then run update. Next disable logging, gather logs with ESET Log Collector and provide me with the generated archive. Unfortunately you don't have ESET Internet Security installed which can also log network communication during update due to the Network protection module that it has but the update log should be enough to start off.
-
License renewed, clients failing to activate
Marcos replied to davey's topic in ESET Endpoint Products
Endpoint communicates with activation servers even if no or expired license is installed. Please provide a Wireshark pcap log from an activation attempt. Alternatively you can enable advanced network protection logging in the advanced Endpoint setup -> Tools -> Diagnostics, try to activate the product, then disable logging and gather logs with ESET Log Collector. When done, upload the log(s) here. -
To make sure that correct update servers are used, uninstall ESET, download the installer from www.eset.com and install it. Afterwards activate it (either with a paid license key or activate a trial version) and it should update instantly. Also make sure that the machine is connected directly and not through a proxy server.