Marcos

Administrators
  • Content count

    11,538
  • Joined

  • Last visited

  • Days Won

    509

Kudos

  1. neok liked a post in a topic by Marcos in Client PCs whit no internet connection   
    If the computers are completely offline (ie. connection to ESET's servers is not possible even via an http proxy with connections restricted to ESET's servers), activate them using an offline license file. For information how to generate an offline license file, please refer to https://help.eset.com/ela/en-US/downloading_offline_legacy_licenses.html.
    On a computer with Internet connection, use the Mirror tool to create a local mirror (https://help.eset.com/era_install/65/en-US/mirror_tool_linux.html?mirror_tool_windows.html). You can transfer its content to a computer that is accessible from the offline computers and point them to update either from a share or use a simple http server to provide the mirror content via http.
  2. Sekur Tima liked a post in a topic by Marcos in Domain is blacklisted by ESET as per Sucuri   
    It appears that the malware has been removed so the domain will be unblocked momentarily.
  3. Clark T liked a post in a topic by Marcos in Why ESET Internet Security don't have a Quick Scan?   
    There are 2 automatic startup scan tasks that would detect any malware in memory or autorun locations.
  4. Peter Randziak liked a post in a topic by Marcos in Eset causing Number Keys on keyboard to type wrong numbers   
    Did you restart the computer after upgrade to v11.1? I mean a true restart (e.g. by clicking "Restart computer" in ESET's gui), not a hybrid one via the Start menu. Try restarting the computer via "shutdown -r -t0" and let us know if the issue goes away. Does uninstalling v11.1 and installing it from scratch resolve the issue?
  5. camelia liked a post in a topic by Marcos in Command kevent::ctl failed   
    Are you able to reproduce the error? If so, how often does it occur?
  6. Peter Randziak liked a post in a topic by Marcos in Next-Gen   
    Next-gen is nothing new, it's rather a buzzword. I'd strongly recommend reading https://www.welivesecurity.com/2017/02/13/next-gen-security-software-myths-marketing/ to find out what is behind. If you want to read more about machine learning, read https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/. At https://www.eset.com/int/about/technology/ you can read about various technologies developed by ESET that work on different layers to protect your computer even if malware writers bypass a particular layer.
  7. Azure Phoenix liked a post in a topic by Marcos in Fileless Malware Detection   
    Yes, Advanced memory scanner scans memory upon execution to detect and block malware that somebody re-compiled and changed the enveloped to evade detection by traditional on-demand scanners. ESET is the first AV vendor that has integrated a UEFI scanner into AV products for both business and home users. As for fileless malware, ESET also scans the registry and WMI repository.
  8. autobotranger liked a post in a topic by Marcos in What is Eset Firewall Helper (ekrnEpfw) ?   
    It was added in v11.1. It's an auxiliary service for internal purposes.
  9. Azure Phoenix liked a post in a topic by Marcos in Disable "A potentially unsafe application" warnings from cmdline?   
    Since you have opted for detection of potentially unsafe applications - PUsA (detection is disabled by default), no wonder that a pot. unsafe application was detected. You can either disable PUsA detection completely (not recommended) or upon detection expand Advanced options, select "Exclude signature from detection" and select No action.
  10. Azure Phoenix liked a post in a topic by Marcos in Disable "A potentially unsafe application" warnings from cmdline?   
    Since you have opted for detection of potentially unsafe applications - PUsA (detection is disabled by default), no wonder that a pot. unsafe application was detected. You can either disable PUsA detection completely (not recommended) or upon detection expand Advanced options, select "Exclude signature from detection" and select No action.
  11. jantima43 liked a post in a topic by Marcos in ESET Support Turn Around Time   
    Please provide us with your ticket number so that we can check the status of the ticket with colleagues from our US branch ESET, LLC.
  12. clickit liked a post in a topic by Marcos in Cert error   
    After installing ERA Server, you can find the CA under Admin -> Certificates from where you can export the public key:

  13. Azure Phoenix liked a post in a topic by Marcos in Exclusions not Working !   
    The BAT file is not excluded. You have created exclusions for: G:\Software\*.*, C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll and G:\Software\Microsoft\Windows\Windows 10\Batch Files & Registry Tweaks\Clear Event Viewer Logs\Clear Event Viewer Logs.exe.
    However, the batch file was detected in C:\Users\Tommy\AppData\Local\Temp\932F.tmp\9330.tmp\9331.bat and this folder was not excluded (don't exclude it since temp folders are a typical location of where malware resides).
    It is in fact a potentially unsafe application because what the batch file does is that it clears system logs via wevtutil.exe. This is often done by attackers to clear traces after compromising a remote system, typically servers after conducting an RDP bruteforce attack.
    Detection of potentially unsafe applications is disabled by default. They cover legitimate applications and tools that can be misused in the wrong hands.  If you don't want this detection to be triggered at all, exclude the signature from detection, e.g. as follows:

  14. Peter Randziak liked a post in a topic by Marcos in ESET CS - 484 connections - privacy issues?   
    That is most likely because every http connection goes through esets_proxy.
  15. Peter Randziak liked a post in a topic by Marcos in Linux BASH man command crashes error 3dba0000   
    The problem here is with seccomp sandbox which has never been supported by pac and which limits the allowed syscalls for a whole process. We use such syscall and the OS kills the process then. There is no workaround but recompiling the kernel with seccomp disabled.
    To prevent this from happening, we'll have to detect that seccomp is used by a protected process and behave accordingly. This detection will be added soon and will be included most likely in version 4.0.89.
  16. Peter Randziak liked a post in a topic by Marcos in Very dissatisfied with Eset   
    It's an rtf document with a NSIS/Injector inside. Among those 10/59 detections were none from a popular AV with a concrete detection name; all were generic detections. It is a fact that no AV detects 100% of all threats; what matters is the reaction time of vendors when a malware is not detected heuristically / generically without update. There have been numerous cases when ESET was the only vendor to detect certain new threats. The detection will be added in the next update as DOC/TrojanDropper.Agent.EN and the dll inside as Win32/Injector.DYKG.
    As of Endpoint v7, you will be able to take advantage of the new technology ESET Dynamic Threat Defense which will allow for running any suspicious files in ESET's sandbox and apply also machine learning in order to asses the dangerousness of a file. The client will then be informed about the result and block or allow the file accordingly.
  17. JamesR liked a post in a topic by Marcos in Latest ESET products not detecting apt tools   
    Unfortunately without a proof we cannot comment on it. Of course, no antivirus detects 100% of all threats, especially when it comes to scripts. And blocking all powershell scripts just because they could be misused is not a good solution either.
  18. Peter Randziak liked a post in a topic by Marcos in ESET NOD32 for Linux Desktop version 4.0.87.0 crashes browsers and applications   
    We have prepared a new version 4.0.88 which addresses the issue. It hasn't been thoroughly tested by QA yet but we've installed it on Ubuntu 18.04 x64 and didn't notice any issues with browsers. It will undergo QA testing soon and then will be released for the public.
    In the mean time, you can download a 64-bit installer from here.
  19. Peter Randziak liked a post in a topic by Marcos in Multiple problems with Ubuntu version 18.04 LTS using unity or gnome   
    We have prepared a new version 4.0.88 which addresses the issue. It hasn't been thoroughly tested by QA yet but we've installed it on Ubuntu 18.04 x64 and didn't notice any issues with browsers. It will undergo QA testing soon and then will be released for the public.
    In the mean time, you can download an EAV for Linux Desktop 64-bit installer from here. 32-bit installers as well as EAV Business Edition 4.0.88 will be available after they pass QA tests.
  20. jalil liked a post in a topic by Marcos in notifications problem   
    Drag and move it wherever you want the notifications to pop up.
  21. Peter Randziak liked a post in a topic by Marcos in ESET NOD32 for Linux Desktop version 4.0.87.0 crashes browsers and applications   
    We have prepared a new version 4.0.88 which addresses the issue. It hasn't been thoroughly tested by QA yet but we've installed it on Ubuntu 18.04 x64 and didn't notice any issues with browsers. It will undergo QA testing soon and then will be released for the public.
    In the mean time, you can download a 64-bit installer from here.
  22. Peter Randziak liked a post in a topic by Marcos in Mirror not functional   
    EFSW 6.5 doesn't create mirror files for Endpoint 6.6. This will be first supported in EFSW v7. We strongly recommend using HTTP Proxy instead of a mirror to save bandwidth and to ensure that only files that are really needed by clients are downloaded.
    If you need to use a mirror, use the command line Mirror tool or create it using Endpoint 6.6.
  23. Peter Randziak liked a post in a topic by Marcos in Multiple problems with Ubuntu version 18.04 LTS using unity or gnome   
    Developers have reproduced the issue and are working on finding the root cause with highest priority. We'll keep you updated.
  24. Peter Randziak liked a post in a topic by Marcos in Very dissatisfied with Eset   
    It's an rtf document with a NSIS/Injector inside. Among those 10/59 detections were none from a popular AV with a concrete detection name; all were generic detections. It is a fact that no AV detects 100% of all threats; what matters is the reaction time of vendors when a malware is not detected heuristically / generically without update. There have been numerous cases when ESET was the only vendor to detect certain new threats. The detection will be added in the next update as DOC/TrojanDropper.Agent.EN and the dll inside as Win32/Injector.DYKG.
    As of Endpoint v7, you will be able to take advantage of the new technology ESET Dynamic Threat Defense which will allow for running any suspicious files in ESET's sandbox and apply also machine learning in order to asses the dangerousness of a file. The client will then be informed about the result and block or allow the file accordingly.
  25. Peter Randziak liked a post in a topic by Marcos in What Does Eset Do With Suspicious Files?   
    I'd say very soon. It will require a special license for activation since it will be provided as an extra paid service.