Marcos
-
Posts
36,414 -
Joined
-
Last visited
-
Days Won
1,448
Posts posted by Marcos
-
-
@novicewe kindly ask you to stop trolling. You were already warned before and we won't tolerate such behavior any more. If you don't like ESET and think that Windows Defender is better for you, you have the right to use it instead of ESET.
-
I'm unable to download any fresh malware from there with web protection enabled. Even after disabling web protection new variants are detected as Suspicious object.
-
It could be that they were PUAs or some malware in an archive which were detected by v12 after PUA detection was enabled or a full disk scan / initial scan was run. Since v11 and v12 have the same detection capabilities, there's no reason why malware would not have been detected by v11 but would be detected with v12.
-
Try disabling scanning of archives. Since they may contains gigabytes of data that needs to be unpacked and scanned, it obviously takes a lot of time.
-
If you don't receive an email with your license after entering your registration email address at https://www.eset.com/int/support/lost-license/ within a few minutes, contact the partner from whom you purchased your license which is probably ESET UK in your case.
-
6 hours ago, Ferenc said:
Thanks for your reply, I know that users can buy the 3 year license, but I mean how many years can I extend my product, if for example I have a license till 2023, can I still extend it?
I don't think it's possible to purchase several renewals of the same license. Why would you do that? No one knows how the situation in IT and the AV industry will look like in 3 years.
-
Unfortunately you didn't mention if you use ESET Parental Control for Android or ESET Internet Security or ESET Smart Security Premium. Please provide a screen shot of the notification.
-
Since this is an English forum, we kindly ask you to post in English so that moderators and most of users can understand and be able to help you.
If cleaning the machine by running a full disk scan with cleaning from a SysRescue USB or CD doesn't render the system 100% working, consider reinstalling the OS.
For more information about ESET SysRescue, please read https://support.eset.com/kb3509/. -
7 minutes ago, itman said:
@khairulaizat92 - BTW the site is now again showing the malicious download page. Appears the hacker can modify the web site at will.
Hm, I don't see any download link there. The url that the malware was previously downloaded from seems to have been dead since Oct 19.
-
10 hours ago, khairulaizat92 said:
I see thanks for the verification. The malware start to be infecting customer from bitdefender producst 1 day earlier, but the sample arrive at our cegah ransomware malaysia fb group around the time i uploaded it to VT.
ESET has blocked the url with the malicious payload for 3 months already so even if it hadn't been blocked by LiveGrid, it would have been blocked because of the url being on blacklist.
Therefore it surprises me that another AV could not protect the user from it. -
ESET works alright even with Chrome v70. If you can reproduce the issue, you could try temporarily disabling advanced scanning of browser scripts and see if it makes a difference.
-
Is the agent service running? Does C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html show any issues? Are there any recent errors logged in the trace log?
-
In this case the issue doesn't appear to be related to the firewall. I was able to reproduce it and merely disabling SSL/TLS filtering helped. Switching the firewall to automatic mode didn't make any difference.
I'll report it to devs and provide them with logs. We'll keep you posted.
-
Do the clients connect directly to the Internet or though a proxy server? If they are behind a firewall, agent must be allowed access to the repository, activation and update servers (refer to https://support.eset.com/kb332).
You could also capture the network communication with Wireshark and check if agent actually receives a response from the repository server.
-
Are you having the issue only with that particular website or with any other website as well ?
-
It had been blocked by LiveGrid about 40 minutes before the sample was submitted to VT.
-
Actually my answer was not accurate since self-defense protects the AV itself as well as crucial system processes. However, an isolated scanner prevents potential (ie. not yet known) vulnerabilities in the AV itself from being exploited. This is crucial because AVs run with highest system privileges and exploiting vulnerabilities would give attackers highest privileges to do further malicious operations on a compromised system.
As I've read, the sandbox feature is disabled by default in Defender. This is understandable since it will likely have adverse effect on performance.
I'm also glad to inform you that we should add support for isolated scanning relatively soon as well, hopefully with negligible impact on performance which, however, takes a lot of time. -
ESET has leveraged self-defense for ages which is not the case of Defender so MS had to obviously had to eventually address the Achilles heel.
-
Please click the "untrusted certificate" link and provide a screen shot of the certificate details.
Endpoint v5 didn't have SSL/TLS scanning enabled by default. It was first enabled for browsers by default in Endpoint v7.
If you temporarily disable protocol filtering in the advanced setup, do you get a warning from the browser itself?
-
Since this is an English forum, we kindly ask you to post in English, otherwise moderators and most of other users will not understand and will not be able to help you.
Regarding the issue, please let us know what exactly you'd like to accomplish. If you have already created some firewall rules, gather logs with ELC and post the generated archive so that we can check the rules if they are correct.
-
4 minutes ago, itman said:
You stated you deleted all your Firefox firewall rules. Are you sure about that? Did you carefully check to ensure that no custom rules are interspersed with Eset default firewall rules?
There were only a few permissive rules in the exported cfg. Also if a particular communication had been blocked, it would have been logged in the firewall log. However, the firewall log was empty.
To me it sounded like the window with action selection didn't pop up for some reason so Firefox's communication was effectively blocked. However, this is yet to be answered by the OP.
-
The firewall log doesn't contain any records about blocked communication. It only shows that access to this forum was allowed.
Did you actually get a pop-up window with action selection in interactive mode? Did you reproduce the issue when advanced logging was enabled?
-
I'd suggest the following:
- in the advanced setup -> tools -> diagnostics, enable advanced antispam logging
- wait until you receive at least 2-3 undetected spam emails
- disable logging
- save each of the undetected spam emails in the eml or msg format
- gather logs with ELC
- post here: the archive generated by ELC + the eml/msg files -
The website was already unblocked. Next time please follow the instructions for reporting blocked urls to ESET from the KB https://support.eset.com/kb141/.
error in apache http proxy
in ESET PROTECT On-prem (Remote Management)
Posted
ERA v5 does not create a mirror for Endpoint v6.6/v7. It's a quite old product that doesn't support business v6 products and newer.
We strongly recommend using ESMC (ERA v7) without a mirror but utilizing http proxy to cache update files which will save a lot of traffic compared to mirror.