Jump to content

Marcos

Administrators
  • Content Count

    15,802
  • Joined

  • Last visited

  • Days Won

    682

Kudos

  1. Upvote
    Marcos received kudos from InternetPerson004 in HOW TO DISABLE RENEWAL REMINDER?!   
    You can disable these notifications in the Application statuses setup:

  2. Upvote
    Marcos received kudos from Kairostasis in What exactly is TrojanDownloader.Agent.THG?   
    It's a javascript code that downloads payload from another website. An administrator has probably already cleaned the website from malware; at least I'm unable to reproduce the detection. Or I don't match conditions (e.g. country) for the malware to be injected into viewed web pages.
  3. Upvote
    Marcos received kudos from Sérgio Fonseca in Eset Endpoint security 7.1.2053 Filtering mode not working   
    First of all, ESET's firewall doesn't block any programs, only HIPS can. The firewall controls the network communication. By default, in automatic mode all outbound communication is allowed and all non-initiated inbound communication is blocked.
    Please continue as follows:
    - switch logging verbosity to diagnostic
    - enable advanced network protection logging under tools -> diagnostics
    - reboot the machine
    - reproduce the issue
    - stop logging
    - collect logs with ESET Log Collector and upload the generated archive here
    - provide information about the remote IP address whose communication with this machine was blocked.
     
  4. Upvote
    Marcos received kudos from Smack'as in Eset file Security (real-time file system protection)   
    Some software used to recommend disabling AV for no reason. The only problem could occur if the software or its part was detected; I can't think of any other reason why it shouldn't install with real-time protection enabled.
    Real-time protection should never be disabled; even in very specific cases it's preferred to use safe exclusions to disabling protection completely.
  5. Upvote
    Marcos received kudos from ALvahN in ransomware attack   
    ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker.
    Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.
  6. Upvote
    Marcos received kudos from Rp4000 in Server Not Found   
    First of all, try uninstalling ESET and installing it from scratch, e.g. in case proxy or update settings were altered.
    If that doesn't help, continue as follows:
    - enable advanced logging under Help and support -> Details for customer care
    - run update manually
    - stop logging
    - collect logs with ESET Log Collector and submit the generated archive.
  7. Upvote
    Marcos received kudos from MartinK in no files in qurantine   
    He has asked to cancel his account here. But yes, it's not normal that a user of a trial license would request a response within 1-2 hours 24x7 that is granted to VIP customers at an extra fee. Moreover, the problems with LiveGrid authentication suggesting an invalid username/password being used was highly suspicious too.
  8. Upvote
    Marcos received kudos from L0ckJaw in no files in qurantine   
    He has asked to cancel his account here. But yes, it's not normal that a user of a trial license would request a response within 1-2 hours 24x7 that is granted to VIP customers at an extra fee. Moreover, the problems with LiveGrid authentication suggesting an invalid username/password being used was highly suspicious too.
  9. Upvote
    Marcos received kudos from L0ckJaw in Eset updates   
    Modules are stored in "C:\Program Files\ESET\ESET Security\Modules" by default.
  10. Upvote
    Marcos received kudos from TomasP in ransomware attack   
    ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker.
    Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.
  11. Upvote
    Marcos received kudos from L0ckJaw in ransomware attack   
    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
    - the detection for the ransomware was added at least 2 months before the incident
    - password protection of ESET's settings was not enabled
    - detection of potentially unsafe applications was disabled

    We also found out that:
    1, A brute-force RDP attack was performed:
    - Administrator had 22 377 failed login attempts
    - ADMINISTRATOR had 5 438 failed login attempts
    - ADMINISTRADOR had 1 102 failed login attempts
    - ADMIN had 710 failed login attempts
    2, There was a suspicious RDP connection from a foreign country
    3, A local user GhostUser has been created recently
    4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
    5, Event logs have been recently cleared.

    This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
  12. Upvote
    Marcos received kudos from itman in ransomware attack   
    ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker.
    Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.
  13. Upvote
    Marcos received kudos from Rami in ransomware attack   
    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
    - the detection for the ransomware was added at least 2 months before the incident
    - password protection of ESET's settings was not enabled
    - detection of potentially unsafe applications was disabled

    We also found out that:
    1, A brute-force RDP attack was performed:
    - Administrator had 22 377 failed login attempts
    - ADMINISTRATOR had 5 438 failed login attempts
    - ADMINISTRADOR had 1 102 failed login attempts
    - ADMIN had 710 failed login attempts
    2, There was a suspicious RDP connection from a foreign country
    3, A local user GhostUser has been created recently
    4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
    5, Event logs have been recently cleared.

    This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
  14. Upvote
    Marcos received kudos from notimportant in ransomware attack   
    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
    - the detection for the ransomware was added at least 2 months before the incident
    - password protection of ESET's settings was not enabled
    - detection of potentially unsafe applications was disabled

    We also found out that:
    1, A brute-force RDP attack was performed:
    - Administrator had 22 377 failed login attempts
    - ADMINISTRATOR had 5 438 failed login attempts
    - ADMINISTRADOR had 1 102 failed login attempts
    - ADMIN had 710 failed login attempts
    2, There was a suspicious RDP connection from a foreign country
    3, A local user GhostUser has been created recently
    4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
    5, Event logs have been recently cleared.

    This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
  15. Upvote
    Marcos received kudos from TomFace in ransomware attack   
    ESET didn't fail to protect the user. This is proved by the fact that ESET had recognized the ransomware for a long time before the user got infected which means that ESET must have been paused or otherwise deactivated by an attacker.
    Because of continual trolling despite giving numerous warnings and complaints from other users, we'll ban Novice as of now.
  16. Upvote
    Marcos received kudos from chrlshlmn in ransomware attack   
    This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.
  17. Upvote
    Marcos received kudos from BeanSlappers in BSOD caused by uninstall of Internet Security   
    Starting Windows in safe mode is not possible only if the Device Control driver edevmon.sys has been removed from the disk without being correctly unregistered from a filter chain.
    A solution is to boot from another medium (e.g. SysRescue) and copy edevmon.sys from another machine with the same OS and ESET installed to C:\Windows\System32\drivers.
  18. Upvote
    Marcos received kudos from G1nemesis in Secure data authenticating error   
    Please provide your public license ID.
  19. Upvote
    Marcos received kudos from TomFace in ransomware attack   
    This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.
  20. Upvote
    Marcos received kudos from TomasP in ransomware attack   
    This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.
  21. Upvote
    Marcos received kudos from Aryeh Goretsky in ransomware attack   
    This is the last warning to Novice. Further to complaints from other users that we've received about your ranting, we kindly ask you to stop this. Either give us a proof that there is an antivirus that can detect 100% of threats without updates and without any false positives and at the same time it can protect users even if they unwittingly allow an attacker to do anything on their machines under an admin account or stop trolling and ranting. We are open to serious communication but trolling is not tolerated and will never be neither here nor in any other forums. Otherwise we will need to take the appropriate action.
  22. Upvote
    Marcos received kudos from BeanSlappers in 5 device license   
    Yes becase my.eset.com doesn't know anything about your devices since you haven't associated them with your license which is done during activation.
  23. Upvote
    Marcos received kudos from MichalJ in Notification when user disables Endpoint Security modules   
    There is a default dynamic group Problematic computers which is defined as:

    That said, any machines that have a protection feature disabled will fall into this dynamic group.
    Then in Notifications enable this one which you can customize, if needed:


  24. Upvote
    Marcos received kudos from 100 in ESET issue with Sandboxie - Persistent holding of registry keys   
    No. We will start distributing a newer version of the cleaner module 1198 with another fix most likely within the next week.
  25. Upvote
    Marcos received kudos from camelia in EIS New Scanner Option Feature?   
    I always recommend turning it on and exclude any such application by the detection name if it begins to be detected then and is intentionally used for legitimate purposes by the user. PUsA also cover tools that can be used by attackers to stop or uninstall AV in case of a breach via RDP for instance.
×
×
  • Create New...