Marcos
-
Posts
36,252 -
Joined
-
Last visited
-
Days Won
1,441
Posts posted by Marcos
-
-
It won't affect the functionality of reporting to ERA or update - Endpoint v5 will continue to report to ERA v5 that was activated using a license key file issued for the total number of endpoints you have and won't be affected by adding licenses to EBA. Also Endpoint v5 will continue to download updates just fine.
Advanced licensing mechanisms are supported as of Endpoint v6 / ERA v6. ERA v5 uses only a license key file and does not connect to licensing / activation EDF servers.
I would also add that even Endpoint v5 can be managed by ESMC so you could abandon ERA v5 as soon as all clients with Endpoint v5 start reporting to ESMC. All you'd need to do is deploy the ESMC agent on clients with Endpoint v5 and the agent will handle the communication with ESMC then. As a recommendation, start with only a few machines and continue with the others only if there are no issues.
-
It appears there's a clash between eOppMonitor.dll and SbieDll.dll. The issue is being investigated. For now we can't tell if we could do something about it or if it's Sandboxie that will need to fix something.
Disabling Banking and payment protection works as a workaround while keeping the browser protected from malware by Web access protection.
-
14 hours ago, hachondeoro said:
Ok, there is a bug. I am aware of it. But I think that if I click everytime on "Block access" and select "Remember for this application", it should remember it. But it doesn't! Is there a specific way to fix it, any workaround? Or do I just wait for the next update that might fix it?
Cheers
Everything has already been said and explained. It appears we will be able to fix this in v12 later this year.
-
My understanding is that Cisco has to release an update of Cisco Identity Services Engine to add recognition of Endpoint v7:
-
As suggested, contact Palo Alto Networks to resolve the false positive. Since it is their products that trigger the FP, we cannot influence the detection.
-
15 hours ago, itman said:
Files with the .xpi suffix are Firefox extensions. They are basically zipped files.
I overlooked the information that it was found in an xpi file. It's unlikely to be a false positive, however, @portman please submit the xpi file to ESET for further analysis to confirm the detection. For instructions, read https://support.eset.com/kb141.
-
There is a malicious js that ESET detects as JS/Agent.NYX and which caused blocking of the domain.
-
If you are sure that ESET is causing the issue, did you try temporarily uninstalling it so as not to blame the innocent?
-
58 minutes ago, Akshara said:
Can u help me .
this web page contains potentially dangerous content
how to solve the html/scrinject.b trojan First of all, we kindly ask you to not steal someone else's topic but instead create a new one next time. The Malware Finding and Cleaning forum is intended for queries like yours.
To answer your question, the website appears to have been compromised. An administrator should clean it and take measures to prevent further re-infection. -
I recall it's detected as a potentially unwanted application. Does temporarily pausing protection make a difference?
-
I would recommend contacting customer care and creating a support ticket so that the issue is properly tracked and investigated. They should provide you with a logging version of the Outlook plug-in and subsequently pass the logs to developers for perusal.
-
Leaving the users list empty in rule properties will cause the rule to be applied to all users.
-
Please gather all logs with ELC. The Detected threats log is empty.
The sample that was used to create a detection was dropped by an InnoSetup installer so it's likely it was installed with some programs on your machine.
You are right, ESET appears to be the only AV to detect it which is a good example of how well ESET protects users from threats that are missed also by AVs with 100% detection in tests. -
Please report incorrectly blocked websites as per https://support.eset.com/kb141. It's possible that the website was compromised in the past and has been cleaned in the mean time.
-
Please post the appropriate records from the Detected threats log.
-
9 hours ago, thisisme said:
However, when I press the button in the warning GUI to remember my answer (which would avoid the same process opening the same ESET GUI), it doesn't remember. That, to me, is what isn't working.
That would happen if a process accessed the web cam while the system is starting and the device control has not been fully initialized yet. The issue is being investigated and hope there could me more information available on this within the next few days. It also appears it has something to do with processes running in the local system account.
-
6 hours ago, MachiekO said:
Could it possible it is not locked down? Because the one we have, after you've click activate button it will ask for the name, mobile number and email address and the country you belong.
I'd suggest contacting your local customer care. After entering a license key no further user information is requested unless you activate a trial version.
-
Hello,
There's no attempt to run chromesetup.exe logged in the logs you have provided. Please provide ELC logs.
-
My fault, I actually meant logging severity.
-
53 minutes ago, MachiekO said:
Hello team eset, I just want to ask something, my client bough an eset anti-virus (philippines) and he want to activatr it to their country japan, the question is, could it be activated there? Thank you.
It depends. Some licenses may be locked down to a specific country.
-
This is beyond the scope of support here but you can find many guidelines on the Internet how to create one, e.g. at https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl, https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs and many others.
-
Changing the logging verbosity to warnings in rules that you want to have reported to ESMC when applied should do the trick.
-
Maybe a Procmon log with advanced logging enabled generated during an attempt to launch Chrome could shed more light.
I assume that temporarily uninstalling ESET wouldn't make any difference,would it?
-
Agent 6.x can communicate with ECMS, however, agent v7 cannot communicate with ERA.
After upgrading from ERA to ECMS, send an ECMS upgrade component task to machines to upgrade the agent.
Eset security and driver esay ?
in Malware Finding and Cleaning
Posted
Try uninstalling it the standard way via the Add and remove programs. By the way the uninstaller you've mentioned is just another PUA.