-
Posts
38,079 -
Joined
-
Last visited
-
Days Won
1,510
Everything posted by Marcos
-
Secondary Ip address showing up in ERA 7
Marcos replied to Amity_Support's topic in ESET Endpoint Products
If there is some news about a newer service release, we will communicate it here as well as via other standard channels. -
We too have a decryptor for very old versions of Crysis but newer versions are not decryptable.
-
Who is using Endpoint v7 now, and what is your experience?
Marcos replied to Mike's topic in ESET Endpoint Products
Is this new to EPv7 and the issue didn't manifest with EP6.6? I assume this behavior must have been for ages. -
Who is using Endpoint v7 now, and what is your experience?
Marcos replied to Mike's topic in ESET Endpoint Products
Please provide links to some new issues related to Endpoint v7. -
In case of Filecoder.Crysis decryption is not possible. However, you can provide me with ELC logs to review your configuration and logs and to make sure that your ESET product is configured properly. If using RDP, we strongly recommend using it only internally. For connections from outside, use VPN or at least use 2FA to prevent attackers from getting to the machine, disabling AV and running ransomware.
-
Who is using Endpoint v7 now, and what is your experience?
Marcos replied to Mike's topic in ESET Endpoint Products
I'd say most users would vote for 1. Honestly, hardly recall any new issue that was reported with regard to Endpoint v7. -
Please gather logs with ELC and provide me with the generated archive. I'd better check and make sure that you have the latest drivers properly installed. Should the issue occur again in the future, a Procmon log from upgrade will be needed.
-
I'd recommend migrating from ELA to EBA (eba.eset.com), adding licenses to EBA, removing them from ESMC and adding the EBA account to ESMC instead: In EBA you should see a list of devices on which a license has been used for activation: Should there be any inconsistency between EBA and ESMC, click Synchronize licenses. If that doesn't make any difference, please post screen shots from EBA and ESMC so that we can see what discrepancy you mean.
-
Unfortunately without any further information, especially about the process and IP address that the process was communicating with and logs it's impossible to tell what happened. It might not have been necessarily malware. Should you observe a suspicious behavior, gather logs with ESET Log Collector for perusal.
-
False positive or real? Mcbuilder.exe
Marcos replied to Salenai's topic in Malware Finding and Cleaning
No, it was the old heuristics for DOS files that triggered the detection. Disabling it should not negatively affect detection of current threats. -
Export Exclusion list?
Marcos replied to Campbell IT's topic in ESET PROTECT On-prem (Remote Management)
You'd need to create a policy with only exclusions defined and then export it. However, since exclusions generally create a security hole giving malware a chance to run from excluded folders, we would like to hear more about your use case and reasons why you need to use exclusions at all. -
Do you use a 3rd party plug-in for the ESMC server, e.g. ConnectWise?
-
False positive or real? Mcbuilder.exe
Marcos replied to Salenai's topic in Malware Finding and Cleaning
It is ok to report possible false positives or give constructive feedback even from trial users. This is not a problem at all. Currently we don't know yet if we will whitelist the detected file. In the first place, a non-executable file with the exe extension should not exist on a disk. In my opinion. renaming the file's extension should not cause any issues and would solve the problem with detection. -
I don't understand. First one needs a PIN or draw a pattern to get into your phone. Then another PIN or fingerprint is required to get into the Parental Control setup. It is not clear what another security key you would like to use. Last but not least, do not post in this FAQ forum but in the appropriate forum pertaining to the product.
-
Please clarify what you mean by save: " When I enter the above address into the Protected website section of BPP and Save it, ESET changes all the capital letters to small letters and deletes the #signon off the end leaving". If I copy & paste the url into a secure browser, it's pasted the same way it appears in a standard browser: I see that you have v11.2.49 installed. Try installing the latest one 11.2.63 just in case.
-
Unable to access Friends list on Steam after updating
Marcos replied to Ben Kiefer's topic in Malware Finding and Cleaning
The website was unblocked several hours ago. You should be able to access it alright now. -
The website was unblocked several hours ago. You should be able to access it alright now.
-
The website was unblocked several hours ago. You should be able to access it alright now.
-
The json file can be downloaded without ESET blocking the download.
-
For now we don't need any logs. If you update modules and open the website in question, is it still blocked? I assume it was an IP address blocked that was removed from blacklist a couple of hours ago. Hence I asked if the problem still persisted.
-
Was the screen shot taken right now? I asked if the problem still persisted, ie. if the url was blocked a few minutes ago or if it still is being blocked.
-
Are you sure it's still blocked?
-
Please provide a screen shot of the alert that you are getting, ideally a complete record (whole row) from the appropriate ESET log.
-
Eset Remote administration upgrade issue
Marcos replied to Manikandan R's topic in ESET Endpoint Products
Please check the last connection time in the Overview pane and make sure the agent has been reporting to the ESMC server alright. If Endpoint is installed, you should see "Actual" in the status column.