Marcos
-
Posts
36,332 -
Joined
-
Last visited
-
Days Won
1,445
Posts posted by Marcos
-
-
I doubt it's caused by ESET. The communication with Windows Update servers is not filtered and HIPS should not block operations in automatic mode without custom rules either. You can try temporarily renaming ESET drivers (e.g. after booting the system from a usb flash) but I don't think that would help.
-
Generally I'd recommend to avoid using more security applications together. If the other sw doesn't install a driver it might work with ESET. Otherwise the chance of clashes will increase.
-
Which of the following steps resolves the issue?
1, Pausing all protection modules
2, Pausing only real-time protection
3, Temporarily disabling automatic start of real-time protection followed by a reboot
4, Temporarily disabling HIPS followed by a reboot -
Please gather and provide ELC logs from the machine for perusal.
-
If you download eicar from http://www.eicar.org/download/eicar_com.zip and https://secure.eicar.org/eicar_com.zip, is it detected?
If not, please enable advanced protocol filtering and network protection logging under tools -> diagnostics, download eicar from the above links, disable logging and gather logs with ELC. Contact your local customer care so that the case is properly tracked and supply them with the generated archive.
-
2 minutes ago, cmit said:
Checked manually and found out one of our domain computers (Win 7 x64) does not have Google Chrome installed nor Firefox. Only Internet Explorer as the web browser.
This 'disable syncing' "solution" does not apply if no Chrome installed, right?If running a full disk scan with strict cleaning doesn't remove the PUA, please gather logs with ESET Log Collector and upload the generated archive here.
-
Please refer to https://support.eset.com/kb6551/. It is important to disable syncing of extensions to stop PUA extensions from being synced and detected again.
-
8 minutes ago, Thors69 said:
Thanks, but it's not a beta version, is it?
When will v12 be released?It's only a v11.2 hotfix. As for v12, there is currently no release date set.
-
I assume it was merely a scam website that you ran into and it didn't pose a threat otherwise. There are thousands of new scam urls with fake alerts being created on a daily basis so expecting an antivirus to detect and block every single one is unreal.
-
16 minutes ago, PStreicher said:
I am new to the forums and came here to report that eset missed some type of pop-up malware this morning. I came across this thread on top of the heap when entering this room. From what I read and this has now been months ago, is it safe to say that FeMaster has succumbed to 'Automatic' mode? It would seem to be a wise choice after all. I have never been one to entice doing it myself but I am sure this option was created for some specific situation in computing. Now, who to ask about that? I just got up so coffee must be had next! Cheers!
This is probably not related to the topic. Please create a new topic in the appropriate forum, specifically in Malware Finding and Cleaning if you want to discuss malware.
-
I'm not sure what you mean by that it goes to a new tab. If a website is blocked, its content is replaced with an alert. Maybe you could post a screen shot for clarification.
-
2 minutes ago, Thors69 said:
Is this the 2019 version?
It is version 11.2.63.0 which will be officially released next week. It's a v11.2 hotfix with a couple of reported bugs fixed. The naming like "2019" is used by marketers and probably refers to v12.0.
-
We would need to know the public IP address through which ESMC communicates. You can pm it to MichalJ.
-
You didn't mention what sw you use for backup. Would it be possible to try a different one to see if the same issue occurs?
At any rate, I'd suggest contacting customer care and providing them with a Procmon log from an issue replication as well as ELC logs gathered from that machine.
-
What about temporarily pausing only real-time protection?
-
Currently you can't avoid creating new rules or editing paths in existing rules but from a long-term perspective there should be a solution to this.
-
8 minutes ago, DirectC said:
when Internet Security is off I can finish my backup.
Do you mean that it works when real-time protection is paused? Because it is not possible to turn off protection unless you rename ekrn.exe in safe mode or uninstall ESET.
-
The config was ok. Please contact your local customer care to troubleshoot the issue further. To start off, provide them with logs gathered by ELC.
-
9 minutes ago, galaxy said:
If an infestation of a ransomware occurs that when it is noticed the data is restored
It is not possible. If we had to back up every file, e.g. when the user intentionally moves files to a password protected archive, the computer could become unuseable. Ransomware often encrypts media files and such files may be dozens of GBs in size. The rollback setting is in the advanced update setup.
-
1 minute ago, galaxy said:
I mean but for files
I'm sorry but I have no clue what you mean by rolling back files.
-
Please follow the instructions at https://support.eset.com/kb141 to request a website re-check. It appears that malware has been removed, the website was unblocked.
-
If possible, please continue as follows:
- temporarily uninstall EAV
- install ESET Internet Security 11.2.49 and activate a trial version
- under Help and support in the main gui, click Details for customer care and enable advanced logging
- reboot the machine
- stop logging
- collect logs with ESET Log Collector and post the generated archive here.There is probably a problem with registration to BFE, e.g. the Base Filtering Engine service might not be running.
After we get EIS work alright, you can uninstall EIS and install EAV which should then work alright. -
36 minutes ago, galaxy said:
Rollback still missing
It's been there for a couple of years already:
-
Please provide fresh ELC logs so that I can make sure the drivers are no longer loaded. Beforehand I'd suggest running the ESET Uninstall tool in safe mode and trying to install Endpoint v7 from scratch. Should the problem persist, also create a Procmon log from installation.
Ran into a serious malware issue
in Malware Finding and Cleaning
Posted
JS/ExoClick.A is not malware but a PUA detection (potentially unwanted application). It detects a specific ad provider which has been seen to deliver malware, PUAs, etc. through ads. It was detected and blocked by ESET, ie. the script wasn't executed at all.