-
Posts
37,948 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
INFECTED Computer Cleaned THANK YOU ESET!
Marcos replied to DeanAbiePepler's topic in General Discussion
It could be that they were PUAs or some malware in an archive which were detected by v12 after PUA detection was enabled or a full disk scan / initial scan was run. Since v11 and v12 have the same detection capabilities, there's no reason why malware would not have been detected by v11 but would be detected with v12. -
Try disabling scanning of archives. Since they may contains gigabytes of data that needs to be unpacked and scanned, it obviously takes a lot of time.
-
Unfortunately you didn't mention if you use ESET Parental Control for Android or ESET Internet Security or ESET Smart Security Premium. Please provide a screen shot of the notification.
-
Malware o virus rebelde (Malware or naughty virus)
Marcos replied to José Cuenca's topic in Malware Finding and Cleaning
Since this is an English forum, we kindly ask you to post in English so that moderators and most of users can understand and be able to help you. If cleaning the machine by running a full disk scan with cleaning from a SysRescue USB or CD doesn't render the system 100% working, consider reinstalling the OS. For more information about ESET SysRescue, please read https://support.eset.com/kb3509/. -
Hm, I don't see any download link there. The url that the malware was previously downloaded from seems to have been dead since Oct 19.
-
ESET has blocked the url with the malicious payload for 3 months already so even if it hadn't been blocked by LiveGrid, it would have been blocked because of the url being on blacklist. Therefore it surprises me that another AV could not protect the user from it.
-
Chrome Warning to remove Eset Endpoint Antivirus
Marcos replied to zhopkins's topic in General Discussion
ESET works alright even with Chrome v70. If you can reproduce the issue, you could try temporarily disabling advanced scanning of browser scripts and see if it makes a difference. -
Remote Admin shows PC as unmanaged but Eset is installed
Marcos replied to winstonsmith84's topic in ESET Endpoint Products
Is the agent service running? Does C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html show any issues? Are there any recent errors logged in the trace log? -
Do the clients connect directly to the Internet or though a proxy server? If they are behind a firewall, agent must be allowed access to the repository, activation and update servers (refer to https://support.eset.com/kb332). You could also capture the network communication with Wireshark and check if agent actually receives a response from the repository server.
-
It had been blocked by LiveGrid about 40 minutes before the sample was submitted to VT.
-
Actually my answer was not accurate since self-defense protects the AV itself as well as crucial system processes. However, an isolated scanner prevents potential (ie. not yet known) vulnerabilities in the AV itself from being exploited. This is crucial because AVs run with highest system privileges and exploiting vulnerabilities would give attackers highest privileges to do further malicious operations on a compromised system. As I've read, the sandbox feature is disabled by default in Defender. This is understandable since it will likely have adverse effect on performance. I'm also glad to inform you that we should add support for isolated scanning relatively soon as well, hopefully with negligible impact on performance which, however, takes a lot of time.
-
Please click the "untrusted certificate" link and provide a screen shot of the certificate details. Endpoint v5 didn't have SSL/TLS scanning enabled by default. It was first enabled for browsers by default in Endpoint v7. If you temporarily disable protocol filtering in the advanced setup, do you get a warning from the browser itself?
-
Since this is an English forum, we kindly ask you to post in English, otherwise moderators and most of other users will not understand and will not be able to help you. Regarding the issue, please let us know what exactly you'd like to accomplish. If you have already created some firewall rules, gather logs with ELC and post the generated archive so that we can check the rules if they are correct.
-
There were only a few permissive rules in the exported cfg. Also if a particular communication had been blocked, it would have been logged in the firewall log. However, the firewall log was empty. To me it sounded like the window with action selection didn't pop up for some reason so Firefox's communication was effectively blocked. However, this is yet to be answered by the OP.
-
I'd suggest the following: - in the advanced setup -> tools -> diagnostics, enable advanced antispam logging - wait until you receive at least 2-3 undetected spam emails - disable logging - save each of the undetected spam emails in the eml or msg format - gather logs with ELC - post here: the archive generated by ELC + the eml/msg files
-
The website was already unblocked. Next time please follow the instructions for reporting blocked urls to ESET from the KB https://support.eset.com/kb141/.
-
Not sure what program renders files malformed. I'd remove any other security software and run a full disk to remove the malformed files.
-
Please carry on as follows: - delete all ESET firewall rules - make sure that the firewall is set to automatic mode - in the main gui -> help and support -> details for customer care, enable advanced logging - reproduce the issue - disable advanced logging - gather logs with ELC. Finally post the archive generated by ELC here.