Jump to content

Marcos

Administrators
  • Posts

    35,860
  • Joined

  • Last visited

  • Days Won

    1,428

Everything posted by Marcos

  1. This is a known clash between CloudStrike and Deep Behavioral Monitor. While the issue is investigated, you can: Add cmd.exe, Powershell.exe, DllHost.exe, rundll32 to the Deep Behavioral Monitor exclusion list or Temporary disable Deep Behavioral Monitor or Try the latest version of modules from the pre-release update channel. If it makes no difference, resort to 1, 2 or 4. or Disable Crowdstrike
  2. Hard to tell without checking the file itself. If you can save it to a disk from a particular email in the mailbox, you can send it to me.
  3. What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?View the full article
  4. Sure. Please drop me a personal message with the link enclosed.
  5. Since it's the latest, please raise a support ticket for further troubleshooting of the issue.
  6. For now I'd recommend temporarily disabling the appropriate application status so that the error is not reported in gui. We suspect the issue occurs on machines where the system start is slower and takes longer. We will improve the behavior of AMSI provider handling in the next versions of Endpoint to prevent the error on such systems.
  7. Please raise a support ticket for further investigation of the issue. Log collected with the log collector as per https://support.eset.com/en/kb3404 will be likely requested by the technical support.
  8. Please post information about the version of your ESET PROTECT server (Help -> About).
  9. We've recently added support for new versions of some packers so it's possible that now we unpack and scan more. Please let us know how long a scan with disabled archives / SFX archives takes. Should it still scan too many files, they could create a Procmon log with a filter for file events, the ekrn.exe process and enable dropping of filtered events to keep the log as small as possible. Prior to running Procmon, please have them disable Protected service in the HIPS setup and reboot the machine. After running a scan and saving the log, re-enable it and reboot the machine again.
  10. GUID can be found in the appropriate application key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall as mentioned above.
  11. As long as you have ESET Endpoint Security installed, you can create a new network connection profile with the activator "Encryption key" set to None. I named it "Insecure wifi": Then create a new firewall profile that will block all network communication by putting a general blocking rule above the built-in rules with the Profile set to "Insecure wifi":
  12. The website was not blacklisted and I can open it in a browser without getting any alert.
  13. It is a license for 200 PCs managed by ESET PROTECT. If you are saying that you have just downloaded ESET PROTECT, you are most likely not an administrator who manages computers in your company network. Normally it should be administrators who take care of keeping the software up to date but if you have administrator rights, you can download the Endpoint installer from https://www.eset.com/int/business/download/ and install it.
  14. Uninstallation in safe mode using the ESET Uninstall tool should work. If it doesn't for whatever reason, please raise a support ticket.
  15. I've checked ESET PROTECT and it uses the very same default policy. Other policies must have been selected from the list of built-in policies and assigned to groups or clients. It is possible that the audit log contains information about changes in policy assignments.
  16. Did you try excluding 127.0.0.1 and ::1 in the WAP setup?
  17. Apparently two letters in your email address are swapped. Please contact ESET or distributor who sold you the license so that they amend your license email address on files.
  18. I suspect there is a bug which causes this particular (and maybe also other trusted sites) not to be scanned regardless of the settings. I've asked our testers to re-test it and possibly file a bug for developers: Tested with ESET Endpoint Antivirus 10.2.2.0 on Ubuntu 20.04 LTS and Firefox. No problem with Chrome 122.0.621.111 either. The website is not scanned by ESET and opens alright:
  19. Is it possible to activate the troublesome instances of ESET Server Security v11 manually by entering your license key under Help and support -> Change license? Please enable advanced licensing logging in the advanced setup -> Tools -> Diagnostics and try to activate ESET. If that fails, disable logging and collect logs with ESET Log Collector. If the logs don't shed more light, I'd kindly ask you to raise a support ticket for help with further troubleshooting.
  20. I assume that the default auto-update policy was unassigned from the All group and then a new auto-update policy was created by an administrator and assigned to "All" like in my test case (I didn't unassign the default policy, hence there are two): Also the lable "Product not installed" is a known visual bug which occurs when you manually add a common features policy. The default auto-update policy displays "Actual" in the Status column.
  21. Please follow the instructions in my previous post and provide the requested logs as well.
  22. Please provide logs collected with ESET Log Collector from the machine. Nevertheless, if you can reproduce the issue please report it to technical support to find out if it's a bug or misconfiguration of notifications. The "User" field may be empty especially if the detection occurred if no user was logged on.
  23. The only policy applied by default is the auto-update policy. Here is a screenshot taken from a freshly deployed virtual appliance:
×
×
  • Create New...