-
Posts
37,924 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
First of all, since this is an English forum we kindly ask you to post in English so that moderators and other users understand you and can respond accurately. As for your question, VPN is not a standard feature provided by antivirus programs. As I have seen, it's mainly provided as a stand-alone product approximately for the same price as antivirus itself. Currently there are no plans to sell a separate VPN solution.
-
After installing Endpoint on clients, it should be up and running alright after activation. If not and some errors are reported on the main screen, the best course of action would be to gather logs with ESET Log Collector and providing the generated zip file to customer care for analysis. You can also provide the archive to me and in case the cause of issues is obvious, I'd let you know how to fix it.
-
Virus keep coming back?
Marcos replied to Erwin - IT support groep's topic in Malware Finding and Cleaning
What version of MS do you use? Do you have all critical updates for MS Office installed? Please drop me a message with logs gathered by ESET Log Collector attached. -
This is most likely a different issue than the one discussed in this topic. At least I assume that no one of the above users sign outgoing email; at least it was not explicitly mentioned. Keeping scanning of sent email off is basically safe since any file you attach to an email is scanned by real-time protection with the exception of archives. We are currently in the process of revamping the plug-in and the new version will address several issues. There's a good chance it will fix also this one. The new plug-in should be included in Endpoint v7.1.
-
Remote uninstall of ESET Endpoint Antivirus
Marcos replied to gpalau's topic in ESET Endpoint Products
It shouldn't be possible to uninstall any AV software easily via scripting. Otherwise any malware or attacker could do that to disable protection first prior to performing other malicious actions. Since you mentioned that ERA Agent was installed, did you try uninstalling ESET via ERA ? -
Add MDM role to existing ERA appliance?
Marcos replied to johnnybon's topic in ESET PROTECT On-prem (Remote Management)
To my best knowledge this is not possible. It wouldn't make much sense anyways since both products are resource intensive with the rising number of devices and with the growing amount of data they have to send to ERAS. -
Re-check alerts manually?
Marcos replied to Erwin - IT support groep's topic in ESET PROTECT On-prem (Remote Management)
Please check details of the client and check when it connected to ERAS last time. If too long ago, try sending a wake-up task to enforce connection to ERAS. If that doesn't help, check the ERA Agent log status.html on the client for possible errors. -
Windows 10 Spring Creators Update and Nod32 AV
Marcos replied to autobotranger's topic in ESET NOD32 Antivirus
If you are using a 32-bit Windows 10, then it's a known issue which is being investigated by Microsoft. Rebooting the machine should fix it for a while. You can try disabling protected service and rebooting the machine which usually mitigates the issue. I'd recommend upgrading to 64-bit Windows 10, if possible. -
Do you have the latest version 11.1.54 installed? Does the problem persist after uninstalling EAV and installing the latest version from scratch using default settings? Does pausing real-time protection make a difference?
-
Unfortunately, the relevant log contained too little information for some reason. Try creating advanced logs again but wait at least 2-3 minutes after Windows starts before you disable advanced logging. It will be enough to provide just EPFW.etl from the C:\ProgramData\ESET\ESET Security\Diagnostics folder.
-
Windows 10 Spring Creators Update and Nod32 AV
Marcos replied to autobotranger's topic in ESET NOD32 Antivirus
Yes, we have reached out to Microsoft and provided them with all stuff they requested for investigation. Some other AV vendors been reporting more severe issues after upgrade to v1803 and Microsoft allegedly temporarily stopped providing the update to their users while the issue is being investigated. -
If you update through an http proxy, have you tried clearing the proxy cache? Could be related to this: https://forum.eset.com/topic/15573-verifyfilecontentsignature-failed-to-validate-pgp-signature-error-while-parsing/.
-
Does temporarily disconnecting the server from the network stop the malware from being created / detected ? Please gather logs with ESET Log Collector and provide me with the generated archive.
-
ESET Antivirus Protection is Nonfunctional - Win10 32bit
Marcos replied to jinlei801011's topic in ESET Endpoint Products
If they are getting an error "Scanner initialization failed", it's related to upgrade to Windows 10 April 2018 Update (v1803). We have published an alert for this: https://support.eset.com/alert6798/. Disabling Protected service in the HIPS setup and rebooting the machine might mitigate the error. Microsoft is looking into it, however, the result is uncertain at the moment. Wherever possible, I'd recommend upgrading Windows 10 x86 to x64 version. -
False positive for Process Hacker 3.0
Marcos replied to Descloix's topic in Malware Finding and Cleaning
It's the PH driver which needs to be excluded. That doesn't matter if you create an exclusion by detection name which we prefer to excluding a particular file completely. -
While running an in-depth scan, please create a dump of ekrn.exe via the advanced setup -> tools -> create (dump). When done, gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a message with a download link.
-
False positive for Process Hacker 3.0
Marcos replied to Descloix's topic in Malware Finding and Cleaning
The detection is correct. Process Hacker is not detected as malware but as a potentially unsafe application. This detection covers legitimate tools that can be misused in the wrong hands for malicious purposes. It is disabled by default and users enable it at their discretion. Tools like this have been seen to be misused by hackers for killing security solutions after breaching into networks which enabled them to run ransomware and subsequently extort money from the victim. If you want to use the tool while keeping detection of pot. unsafe application enabled, exclude it from detection. -
Please carry on as follows: - temporarily uninstall EAV and installing ESET Internet Security - enable advanced logging in the main gui -> Help and support -> Details for customer care - reboot the machine - disable logging - gather logs with ESET Log Collector and providing us with the generated archive - in the main gui -> help and support click Change product and select ESET NOD32 Antivirus after we find out the root cause of the issue.