Marcos
-
Posts
36,236 -
Joined
-
Last visited
-
Days Won
1,441
Posts posted by Marcos
-
-
If uninstallation via the Start menu or through Add and remove programs doesn't work (e.g. if the original msi file has been deleted from c:\windows\installer in the mean time), use the Uninstall tool in safe mode.
Also we would like to hear about the reasons why you are removing ESET. Is it just temporary or you've been having an issue that you couldn't resolve? If possible, change your nickname to a more appropriate one or we can do it for you if you would like to stay a member of our forum and would like to post here in the future.
-
1 minute ago, novice said:
The "troll" just notice another ransomware fail, FYI:
Have you carried out a forensic analysis of the case that you have come up with a conclusion that it was ESET's fail? Are you positive the ransomware was not run from an unprotected device and didn't encrypt files in remote shares due to incorrect privileges set on the server? I'm sure you didn't so please refrain from making any conclusions and trolling.
Just moments ago I received a case from our partner : "We have a government customer using K and got infected with krab ransomware. We installed EFWS on the server and the Filecoder was able to detect with our product we have an opportunity with this customer for 1.8K units." I, for one, do not blame that AV for letting the ransomware infect the machine. Obviously there was a bruteforce RDP attack performed and if the AV didn't have settings protected, the attacker could have disabled it.
-
If you view the file mcbuilder.exe, it most likely doesn't start with "MZ" and it's size is smaller than 64kB. Could you confirm? Files should not have the EXE extension unless they are PE executables. In this case it's scanned by heuristics because it treats it as an executable but in fact it is not an executable.
-
Please provide:
- ELC logs from the server
- a handful of encrypted files (ideally Office documents not containing sensitive data)
- payment instructions (the ransomware note dropped by ransomware)
- information about what folders contain encrypted files
- logs from the tool that I'll provide you with via a personal message momentarily.
Compress all stuff into a single archive and upload it to our ftp server as per the instructions I'm gonna send you. -
Please elaborate more on what issues you are having. What do you mean by "messages about it not scanning"? Would it be possible to temporarily install English version 11.2.63 and post a screen shot from it for clarification?
Also elaborate more on "it slows down or stops me opening programmes". What programs? What operating system do you have? Do you have the latest version of ESET 11.2.63 already installed? Do you have also another security software installed?
-
Please provide ELC logs with also quarantined files selected prior to gathering them. I'd need to check the exact file that was detected.
-
Please provide your public license ID.
-
This issue cannot be addressed by a module update. A fix will be included in the next hotfix build.
-
If it's detected on ESET's website, it's unlikely to be FB. It could be your router that might have been hacked and is injecting a malicious script into downloaded web pages.
Please gather ELC with also "quarantined files" selected and post the generated archive here.
-
Try running a full disk scan with smart optimization enabled and scanning of archives and email files disabled. How long does the scan take? Do subsequent scans take less time?
-
The detection is correct. The only way how to 100% resolve the issue is by upgrading UEFI to a version that doesn't contain Computrace, if available. Other than that, you have 2 options:
1, disable detection of potentially unsafe applications (not recommended, especially on servers and machines that might be a target of RDP attacks)
2, exclude the application from detection by its detection name as per https://support.eset.com/kb6519. -
8 hours ago, matador86 said:
I have windows 10 64 bit and all the KIS 2017 notifications show up in the windows 10 action center which is annoying.
This is ESET's forum. If your post is not related to ESET in any way, please remove it. If it is, create a new topic with a description of the issue that you are having and concerns ESET.
-
I'd add that you should check the IP address of the mail server from which the email was originally sent.
-
The website still contains phishing pages. After you've cleaned it completely, please follow the instructions at https://support.eset.com/kb141 and ask for a review.
-
Inappropriate posts were hidden. To prevent bashing and ranting, we'll draw this topic to a close.
-
11 minutes ago, itman said:
If your not satisfied with Eset's performance in this particular AV lab test series, you should then use one of the products tested that meets your detection "tolerance" criteria.
I completely agree. If ESET has been continually letting one down and allow his or her computer to get infected or have a noticeable impact on performance, I'd expect the person would have already changed the AV. If one stays with an AV it means that it fully (or mostly) fulfills his or her expectations.
-
It is a known issue that will be fixed via a module update.
Nevertheless, protocol filtering should be kept enabled as long as a computer has connection to the Internet. Disabling it will expose the machine to Internet-borne threats that may slip through other protection modules.
-
If only domain users log in on the machines, you could create a dynamic group for computers with no domain user logged in:
Then you could assign a specific policy for that dynamic group that would block all network communication by the firewall (I'd suggest creating some exceptions, e.g. for ekrn.exe so that updates can continue to be downloaded).
The only issue with this solution that I can think of is the fact that membership in dynamic groups is evaluated in 20 or 30 minute intervals. As a result, if a user logs in it might take several minutes until the network connection is restored.
-
Personally I recommend installing newer versions from scratch, especially if one has encountered issues lately. This is to rule out the possibility that issues were caused by ESET misconfiguration (e.g. if the user created customer HIPS or firewall rules that blocked certain operations).
If you have plenty of time, uninstall Endpoint v5 and install Endpoint v7 from scratch. Basically you shouldn't need to configure anything else after installation. If you were short on time, you could install EPv7 on top of EPv5 or EPv6.
-
A fix for this bug has been targeted for v12.0.
-
It appears that you have correctly reported it to samples[at]eset.com a few moments ago and you have already received a response. This forum is not a channel for reporting blocked sites. A correct procedure for submitting samples and reporting url blocks is available at https://support.eset.com/kb141/.
-
If you have activated a trial version of ESET or purchased a license and entered the license key but it still doesn't work, please gather logs with ELC and provide me with the generated archive.
-
I'd suggest uninstalling the agent via GPO and deploying it again using new certificates.
-
You can create a SysRescue USB on a machine with Internet connection and use it to scan an offline computer.
Windows 10 flickering screen conflict with Eset Nod 32
in ESET NOD32 Antivirus
Posted
I for one can't imagine how installing ESET could cause screen flickering. Could you please shot a short video to demonstrate the issue?
Do you have a regular build of Windows 10 installed or you are using an Insider Preview build? Have you tried uninstalling ESET and installing the latest version 11.2.63 from scratch with default settings?
Please gather logs with ESET Log Collector and post the generated archive here.