-
Posts
38,079 -
Joined
-
Last visited
-
Days Won
1,510
Everything posted by Marcos
-
Excluding URL and using Chrome causes Win 10 to crash
Marcos replied to FRiC's topic in ESET Endpoint Products
Please provide: - step-by-step instructions to reproduce it - logs collected by ESET Log Collector -
Hello, 1, If you perform a factory (hard) reset of a mobile phone, you lose all data stored in the internal memory. On the other hand, backing up all data also brings a risk of including possible malware that might be on the phone. I would say that backing up only multimedia files and documents that you recognize (ie. without installed applications) should be relatively safe . 2, What you can do for better protection: use a phone from a trusted maker, install applications only from Google Play, install applications that you really need and have a good rating from a lot of users, use an antivirus and keep it up to date. 3, Whitelisting objects (apps in this case) is far more difficult than blacklisting malicious ones and it's basically impossible. If you ran into a 100% legit application not recognized by the AV maker, it would be blocked. It is beyond any AV maker to analyze all applications (be it in GP store or the others), determine whether an application is benign to permit it and to keep pace with new applications being added every day. 4, Most of detections (also called DNA smart detections) are nowadays based on a dynamic analysis of malware that is performed by advanced heuristics in an isolated virtual environment upon scanning a file. 5, V7 server products support ESET Dynamic Threat Defense (EDTD). In case of a mail server, with EDTD enabled suspicious files (attachments) are first sent to ESET's EDTD server for analysis. In an EDTD sandbox, the sample is run and evaluated by various mechanisms, including the Augur machine learning system that leverages neural networks. You can choose what type of files can be submitted as well as the retention period (e.g. files can be removed from EDTD servers immediately after analysis). Based on the result, such email is either delivered to the addressee if the attachment was evaluated as clean or it's blocked on the mail server. For more information about Augur, refer to https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/. For a list of techniques developed and leveraged by ESET products, please read https://www.eset.com/int/about/technology/.
-
Upgrading ESET management agent 7 issue
Marcos replied to Justin's topic in ESET PROTECT On-prem (Remote Management)
This is a known issue. Please refer to https://forum.eset.com/topic/16476-after-upgrade-agent-to-v7-old-agent-is-also-visible/?do=findComment&comment=81383. -
V7 Agent does not connect to Server
Marcos replied to tomha's topic in ESET PROTECT On-prem (Remote Management)
What error is listed in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or trace.log? If possible, post them here. I assume you have already upgraded ERA Server v6 to ESMC, haven't you? In case you still had ERA v6 installed, Agent v7 would be unable to communicate with it. -
JS/CoinMiner.AH application potentiellement indésirable
Marcos replied to Descloix's topic in Malware Finding and Cleaning
Try performing a factory reset of your router and install the latest version of firmware. What brand / model of the router do you use? Is the threat detected on every device connected through the router? Should the problem persist, change the router for another brand if you can. Should the problem persist, there's a change that the CoinMiner script is already injected at your ISP. -
This is the place where you define file exclusions. They are applied to all scanners, including real-time protection: I wonder if you could provide some examples of exclusions you need to create and why. Basically the product should work alright without any exclusions defined. Each exclusion creates a potential security hole so we encourage users not to exclude anything unless inevitable. If exclusions need to be used, we'd like to hear about real use cases since we'd prefer to find another solution than using exclusions.
-
Also it appears there is already a newer Insider Preview build 17751 in the fast ring. Let's see if installing it resolves the issue. In the mean time I'll check with QA engineers if they are aware of any incompatibility issues with recent IP builds.
-
Chrome crash
Marcos replied to NOD's topic in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
It doesn't mean that ESET is the culprit. Please read https://www.bleepingcomputer.com/news/google/google-chrome-showing-alerts-about-incompatible-applications/. -
Chrome crash
Marcos replied to NOD's topic in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
I'm not able to reproduce it. A detection is triggered but Chrome doesn't crash. Perhaps knowing the exact version of Chrome, operating system, ESET product and version of installed ESET modules along with step-by-step instructions would help us reproduce it: -
About "JS/Adware.Agent.AA application"
Marcos replied to chrrykrio85's topic in Malware Finding and Cleaning
This has been already discussed in another topic. The problem is with ExoClick ads that are used on the website. One of the images was removed. Posting sexually explicit images is strictly prohibited in our forum To prevent duplicate topics, we'll draw this one to a close. -
Please report incorrect website blocks to ESET as per https://support.eset.com/kb141/.
-
In this case it's probably a local infection because of the wscript.exe process. Please gather logs with ELC on that machine and provide me with the generated archive.
-
If you have an opportunity to try a router of a different brand, please do so and let us know if the issue goes away. I'd also suggest trying SysRescue and the browser included with it to see if the alert is still triggered to rule out a local system infection.
-
AdwCleaner detects also benign stuff / leftovers that are not normally subject to detection. Without getting and analyzing what it detected it's impossible to tell if that stuff was supposed to be detected or whether it was a false positive by AdwCleaner. Moreover, AdwCleaner is not an antivirus and works differently than AVs. Let's stay on topic, don't turn this topic into a A vs B discussion and keep polite tone.
-
ESET' service' (ekrn) failed to start.
Marcos replied to Ali Akbar's topic in ESET Endpoint Products
You have a rootkit in the system. In safe mode, delete the files c:\windows\system32\drivers\winmon.sys and c:\windows\system32\drivers\winmonfs.sys. If necessary, boot from a clean medium (e.g. ESET SysRescue) first. -
This is dangerous and not recommended to do since you won't be protected when opening malicious websites or downloading malware. Please enabled advanced protocol filtering logging and advanced network protection logging in the setup under Tools -> Diagnostics, reproduce the issue. When done, disable logging, gather logs with ELC and provide me with the generated archive.
-
Protecting you from malicious websites and scripts is not a serious mistake but something that a security product is supposed to do and expected to do. The fact that you opened the website with Web protection disabled which subsequently caused the browser to crash is not ESET's fault. We cannot prevent users from deliberately pausing protection and subsequently opening websites containing malicious or otherwise dangerous stuff.