-
Posts
38,079 -
Joined
-
Last visited
-
Days Won
1,510
Everything posted by Marcos
-
AIO deployment and SmartScreen
Marcos replied to ShaneDT's topic in ESET PROTECT On-prem (Remote Management)
It was discussed here: https://forum.eset.com/topic/16714-all-in-one-deployment-in-windows-10-not-working/. It appears that SmartScreen needs to be disabled first, e.g. via a domain policy. -
The domain was not blocked but the IP address was. It will be removed from blacklist momentarily.
-
Please contact ESET UK: https://www.eset.com/uk/about/contact/
-
ESET Endpoint and server products can be managed via ERA/ESMC or RMM (support for RMM must be explicitly enabled and configured in the security product).
-
Outlook not synchronising after deploying EES
Marcos replied to ShaneDT's topic in ESET PROTECT On-prem (Remote Management)
After installing ESET, the plug-in adds a special flag to all messages in the inbox folder (not subfolders) which may take some time if there are thousands of messages. Had the user been using an older version of Endpoint with integration to Outlook enabled prior to installing Endpoint v7? -
Outlook not synchronising after deploying EES
Marcos replied to ShaneDT's topic in ESET PROTECT On-prem (Remote Management)
Couldn't it be that there are thousands of emails directly in the inbox folder? At any rate, I'd suggest contacting customer care since diagnostic logs from the Outlook plug-in will be needed for further troubleshooting. -
The application was found in UEFI. According to https://en.wikipedia.org/wiki/LoJack_for_Laptops, it drops its files to system folders after purchasing a license. I'd like to emphasize that the application is not detected by default. Detection of potentially unsafe applications is disabled after installation. If there's no new update for your UEFI firmware without the application included, you can exclude the application from detection by its detection name so that it's no longer reported during scans.
-
Hello, Since this is English forum, we kindly ask you to post in English so that the others can understand and be able to help you. If you install an incorrect language version, simply uninstall it and install a correct language version from scratch. There won't be any problem with activation of your license. During uninstall, the product is properly de-activated also on ESET's servers. You can check your license usage via the License manager at my.eset.com.
-
Please check your personal messages for instructions how to carry on.
-
Glad to hear that I was unable to reproduce the detection at that time but it could have been due to limitation to a specific browser or user's location, otherwise the malicious code wasn't injected.
-
That may happen if you remove the original msi installer from c:\windows\installer, e.g. while cleaning up disk space. In such case uninstalling ESET in safe mode with the Uninstall tool should do the trick: https://support.eset.com/kb2289/.
-
Separate PUA settings / scan
Marcos replied to ShaneDT's topic in ESET PROTECT On-prem (Remote Management)
It is possible to run ecls via a "run command" task but since it logs only to a text log that is not transferred to ESMC, that's probably not what you want. In my opinion, it's safer to have PUAs cleaned automatically and restore / exclude a particular one if really needed than letting a user run it for some time and only then evaluate whether it's ok to use it or not. -
Separate PUA settings / scan
Marcos replied to ShaneDT's topic in ESET PROTECT On-prem (Remote Management)
There is only a global settings for PUAs. What you could do is run a scan with the command line scanner ecls.exe and disable PUA detection using the appropriate switch. Moreover, PUAs are cleaned automatically in a managed environment. However, you can restore particular PUAs from quarantine via ESMC and exclude them from detection, if needed. -
i would like to delete the program!
Marcos replied to want to delete program!'s topic in ESET NOD32 Antivirus
Please let us know if you want to keep your forum account. If so, please pick a new nickname since the current one is not appropriate. Feel free to drop me a private message. -
ER 6.5 VA to ESMC 7.0 in-place-upgrade
Marcos replied to Christian Stück's topic in ESET PROTECT On-prem (Remote Management)
Currently the ERA component upgrade task upgrades only agents on clients to v7. Since v7 agent cannot communicate with ERA v6.X server, do not upgrade it until you have upgraded ERA to ESMC. Within a few weeks (probably in less than a month) it will be possible to upgrade ERA to ESMC via the task as well. -
Windows 10 flickering screen conflict with Eset Nod 32
Marcos replied to Pollewolf's topic in ESET NOD32 Antivirus
I for one can't imagine how installing ESET could cause screen flickering. Could you please shot a short video to demonstrate the issue? Do you have a regular build of Windows 10 installed or you are using an Insider Preview build? Have you tried uninstalling ESET and installing the latest version 11.2.63 from scratch with default settings? Please gather logs with ESET Log Collector and post the generated archive here. -
i would like to delete the program!
Marcos replied to want to delete program!'s topic in ESET NOD32 Antivirus
If uninstallation via the Start menu or through Add and remove programs doesn't work (e.g. if the original msi file has been deleted from c:\windows\installer in the mean time), use the Uninstall tool in safe mode. Also we would like to hear about the reasons why you are removing ESET. Is it just temporary or you've been having an issue that you couldn't resolve? If possible, change your nickname to a more appropriate one or we can do it for you if you would like to stay a member of our forum and would like to post here in the future. -
Have you carried out a forensic analysis of the case that you have come up with a conclusion that it was ESET's fail? Are you positive the ransomware was not run from an unprotected device and didn't encrypt files in remote shares due to incorrect privileges set on the server? I'm sure you didn't so please refrain from making any conclusions and trolling. Just moments ago I received a case from our partner : "We have a government customer using K and got infected with krab ransomware. We installed EFWS on the server and the Filecoder was able to detect with our product we have an opportunity with this customer for 1.8K units." I, for one, do not blame that AV for letting the ransomware infect the machine. Obviously there was a bruteforce RDP attack performed and if the AV didn't have settings protected, the attacker could have disabled it.
-
False positive or real? Mcbuilder.exe
Marcos replied to Salenai's topic in Malware Finding and Cleaning
If you view the file mcbuilder.exe, it most likely doesn't start with "MZ" and it's size is smaller than 64kB. Could you confirm? Files should not have the EXE extension unless they are PE executables. In this case it's scanned by heuristics because it treats it as an executable but in fact it is not an executable.