Jump to content

Marcos

Administrators
  • Content Count

    16,776
  • Joined

  • Last visited

  • Days Won

    712

Kudos

  1. Upvote
    Marcos received kudos from Peter Randziak in Latest update causes eset_proxy to flip out   
    When esets_proxy is heavily utilizing the CPU, select esets_proxy on the CPU tab in Activity Monitor. From the menu choose Sample process and Save as. Please provide the file along with ESET Log Collector logs to customer care. You can also upload the files here.
  2. Upvote
    Marcos received kudos from pps in Email protection by client plugins is non-functional after update to 7.1.12006.0   
    Did you disable or modify any of the email protection or protocol filtering related settings ?
  3. Upvote
    Marcos received kudos from Peter Randziak in ekrn.exe launches firefox   
    Most likely it happens while attempting to import the ESET root certificate to the trusted root CA certificate store. We'll try to make a tiny change in the code to do it completely silently.
    You could temporarily disable this option for a test and see if the behavior is gone (don't forget to re-enable it):

  4. Upvote
    Marcos received kudos from EnjoyBoast in Virus not detected   
    As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected.
    This is how the detection would have looked like at that time:
    Log
    Scanned disks, folders and files: C:\test2\documento.exe
    C:\test2\documento.exe - Suspicious Object
    Number of scanned objects: 1
    Number of detections: 1
    And here is how ESET reacted with 2-month old modules:

    The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script...
    Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
    7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550;

    And the malicious process was terminated:

    AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.
  5. Upvote
    Marcos received kudos from EnjoyBoast in Virus not detected   
    The file is an activator. Should not be detected as malware but as a hacktool application at most. Those who detect it as malware are wrong. We're not going to detect it for now since we are antimalware and not anti-cracking sw.

     
  6. Upvote
    Marcos received kudos from EnjoyBoast in Virus not detected   
    Blacklisted more than 2 hours before you made the post (4:28 AM) round that time (2:20 AM) the detection was included in a streamed update:
    adelantado.dll - a variant of Win32/Injector.EHZT trojan

    Below is the evolution of detection. The start of the X axis is yesterday 20:06 CET, the end is today 5:44. Only detections at the start and end are known, the evolution in between is not. We can only tell that ESET has protected you since cca 2:20-2:30 AM, not taking into account features like AMS that might have detected it upon execution. On modern Windows systems (Windows 8.1, Windows 10), thanks to AMSI even users with outdated modules were protected as you can see in the test below.

  7. Upvote
    Marcos received kudos from EnjoyBoast in Virus not detected   
    Since you continue ranting and personally attacking moderators which is against the forum rules and ignore the proof above that ESET protected our users even with outdated modules unlike many other AV vendors, we'll have to take an action.
  8. Upvote
    Marcos received kudos from Rose in import and Export XML in ESET 8   
    To put it right, you can export and import cfg within gui in legacy versions but cfg files between v8 and v9+ are not compatible.
  9. Upvote
    Marcos received kudos from Rose in import and Export XML in ESET 8   
    It is not possible.
  10. Upvote
    Marcos gave kudos to Aryeh Goretsky in ESET and piracy   
    Hello,

    While ESET does not condone software piracy (or any other kind of piracy, for that matter)*, neither is ESET the software police.

    That said, it is important to keep in mind that peer-to-peer file sharing programs can be bundled with potentially unwanted applications, adware or even outright malware.  They can also introduce privacy issues, such as the leaking of sensitive or confidential information due to improper configuration, as well as security vulnerabilities which can be subject to exploitation by threat actors.  And, of course, there is also malware which may make use of peer-to-peer networks for various reasons, from spreading as a worm, for use as command-and-control infrastructure, exfiltration of stolen data, and so forth.

    Web sites involved in the facilitation of software piracy often have limited opportunities for revenue generation, as legitimate advertising networks, payment processors, e-commerce providers and other businesses may be unable or unwilling to do business with them for legal or other reasons.  As such, these web sites may turn to other means of funding continued operation, including the display of advertisements from less-than-reputable ad networks/brokers, which may introduce malicious advertisements (malvertising) using exploit kits to compromise a computer through the web browser, to other schemes, such as mining cryptocurrency in the web browser to generate revenue for the site operator.

    Another thing to consider is that many customers do not want programs which facilitate the theft of intellectual property on their computers and networks.  The reasons for this can range from the mundane (wanting to avoid legal liability) to concerns about more draconian actions:  In Russia, software piracy can be treated as a criminal matter by the Russian federal tax police, and having pirated software on computers can lead to the arrest and imprisonment of employees, harsh financial penalties the dissolution of a company and/or the forced transfer of a company's assets.  This happened to several non-profits who were accused of pirating Microsoft software in Russia.  To their credit, Microsoft quickly responded by providing the Russian non-profits with legal licenses for its software, and now makes its software free for use by non-profits in Russia in order to prevent this from happening again.  While that is an extreme kind of scenario, it does show how regimes can use software piracy as a pretext to shut down organizations of which they do not approve.

    From time to time, ESET has talked about some of the malware using and abusing peer-to-peer networks, probably the most famous of which is the Conficker worm.  Some additional examples of malware which make use of peer-to-peer networks, can be found on ESET's VirusRadar site:
    MSIL/Antinny Python.Filecoder.P (ransomware targeting .torrent files) Win32/AutoRun.IRCBot.FE Win32/Skopvel Win32/TrojanDownloader.Agent.PUC Win64/GoBot2 Further information about risks, as well as mitigations, can be found on ESET's WeLiveSecurity blog:
    Limewire, free software and the for-fee membership BitTorrent family susceptible to DRDoS attacks Mac malware spread disguised as cracked versions of Angry Birds, Pixelmator and other top apps How black hats misuse the torrent ecosystem for fun and profit As previously stated, ESET is not the software police.  ESET does, however, have a stated goal of protecting its customers from threats, and those threats can come from many sources, including peer-to-peer file-sharing networks, applications and their associated web sites.

    Regards,

    Aryeh Goretsky

    *ESET holds no position on Talk Like a Pirate Day.
     
  11. Upvote
    Marcos received kudos from Aryeh Goretsky in Firewall suggestions   
    No since the priority of rules is determined by the order.
    Possibly. It's been on the wish list together with some similar improvements.
  12. Upvote
    Marcos received kudos from Aryeh Goretsky in ESET and piracy   
    In fact, we do not aim that combating piracy in general. That's not what an antivirus or security software is supposed to do in the first place. If administrators want to prevent illegal stuff from being used in their networks, they can use application control for instance to control what application users can run.
  13. Upvote
    Marcos received kudos from notimportant in Virus not detected   
    As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected.
    This is how the detection would have looked like at that time:
    Log
    Scanned disks, folders and files: C:\test2\documento.exe
    C:\test2\documento.exe - Suspicious Object
    Number of scanned objects: 1
    Number of detections: 1
    And here is how ESET reacted with 2-month old modules:

    The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script...
    Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
    7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550;

    And the malicious process was terminated:

    AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.
  14. Upvote
    Marcos received kudos from notimportant in Virus not detected   
    The file is an activator. Should not be detected as malware but as a hacktool application at most. Those who detect it as malware are wrong. We're not going to detect it for now since we are antimalware and not anti-cracking sw.

     
  15. Upvote
    Marcos received kudos from fabioquadros_ in Privacy with eset?   
    It concerns the customer improvement program that one can opt in for during installation or later in the setup:

     
    For more information, click the link that will open https://help.eset.com/eis/12/en-US/ceip.html:
    Customer Experience Improvement Program
    By joining the Customer Experience Improvement Program you provide ESET with anonymous information relating to the use of our products. More information on data processing is available in our Privacy Policy.
    Your consent
    Participation in the Program is voluntary and based on your consent. After joining in, the participation is passive, which means you don't need to take any further action. You may revoke your consent by changing the product settings at any time. Doing so will bar us from further processing of your anonymous data.
    You may revoke your consent by changing the product settings at any time:
    •Change the Customer Experience Improvement Program settings in ESET Windows home products
    What types of information do we collect?
    Data about interaction with the product
    This information tells us more about how our products are used. Thanks to this we know, for example, which functionalities are used often, what settings users modify or how much time they spend using the product.
    Data about devices
    We collect this information to understand where and what devices our products are used on. Typical examples are device model, country, version and name of the operating system.
    Error diagnostics data
    Information about error and crash situations is also collected. For example, what error has occurred and which actions led to it.
    Why do we collect this information?
    This anonymous information lets us improve our products for you, our user. It helps us to make them the most relevant, easy-to-use and faultless as possible.
    Who controls this information?
    ESET, spol. s r.o. is the sole controller of data collected in the Program. This information is not shared with third parties.
     
    For privacy policy, read https://help.eset.com/eis/12/en-US/privacy_policy.html:
    ESET, spol. s r. o., having its registered office at Einsteinova 24, 851 01 Bratislava, Slovak Republic, registered in the Commercial Register administered by Bratislava I District Court, Section Sro, Entry No 3586/B, Business Registration Number: 31 333 535 as a Data Controller ("ESET" or "We") would like to be transparent when it comes to processing of personal data and privacy of our customers. To achieve this goal, We are publishing this Privacy Policy with the sole purpose of informing our customer ("End User" or "You") about following topics:
    •Processing of Personal Data,
    •Data Confidentiality,
    •Data Subject's Rights.
    Processing of Personal Data
    Services provided by ESET implemented in our product are provided under the terms of End User License Agreement ("EULA") but some of them might require specific attention. We would like to provide You with more details on data collection connected with provision of our services. We render various services described in the EULA and product documentation such as update/upgrade service, Livegrid®, protection against misuse of data, support, etc. To make it all work, We need to collect following information:
    •Update and other statistics covering information concerning installation process and your computer including platform on which our product is installed and information about the operations and functionality of our products such as operation system, hardware information, installation IDs, license IDs, IP address, MAC address, configuration settings of product.
    •One-way hashes related to infiltrations as part of ESET LiveGrid® Reputation System which improves the efficiency of our anti-malware solutions by comparing scanned files to a database of whitelisted and blacklisted items in the cloud.
    •Suspicious samples and metadata from the wild as part of ESET LiveGrid® Feedback System which enables ESET to react immediately to needs of our end users and keep us responsive to the latest threats providing. We are dependent on You sending us
    oinfiltrations such as potential samples of viruses and other malicious programs and suspicious; problematic, potentially unwanted or potentially unsafe objects such as executable files, email messages reported by You as spam or flagged by our product;
    oinformation about devices in local network such as type, vendor, model and/or name of device;
    oinformation concerning the use of internet such as IP address and geographic information, IP packets, URLs and ethernet frames;
    ocrash dump files and information contained.
    We do not desire to collect your data outside of this scope but sometimes it is impossible to prevent it. Accidentally collected data may be included in malware itself (collected without your knowledge or approval) or as part of filenames or URLs and We do not intend it to form part of our systems or process it for the purpose declared in this Privacy Policy.
    •Licensing information such as license ID and personal data such as name, surname, address, email address is required for billing purposes, license genuineness verification and provision of our services.
    •Contact information and data contained in your support requests may be required for service of support. Based on the channel You choose to contact us, We may collect your email address, phone number, license information, product details and description of your support case. You may be asked to provide us with other information to facilitate service of support.
    •Location data, screenshots, data about the configuration of your computer and data recorded by your computer's camera may be collected for Protection against misuse of Data function with retention period 3 months. The account on https://my.eset.com needs to be created, through which the function activates data collection in the event of computer theft. Collected data are stored on our servers or on the servers of our service providers.
    •Password manager data such as passwords and addresses are stored in an encrypted form only on your computer or other designated device. If You activate the synchronization service, the encrypted data are stored on our servers or on the servers of our service providers to ensure such service. Neither ESET nor the service provider have access to the encrypted data. Only You have the key to decrypt the data.
    Data Confidentiality
    ESET is a company operating worldwide via affiliated entities or partners as part of our distribution, service and support network. Information processed by ESET may be transferred to and from affiliated entities or partners for performance of the EULA such as provision of services or support or billing. Based on your location and service You choose to use, We might be required to transfer your data to a country with absence of adequacy decision by the European Commission. Even in this case, every transfer of information is subject to regulation of data protection legislation and takes place only if required. Privacy Shield mechanism, Standard Contractual Clauses, Binding Corporate Rules or another appropriate safeguard must be established without any exception.
    We are doing our best to prevent data from being stored longer than necessary while providing services under the EULA. Our retention period might be longer than the validity of your license just to give you time for easy and comfortable renewal. Minimized and pseudonymized statistics and other data from ESET LiveGrid® may be further processed for statistical purposes.
    ESET implements appropriate technical and organizational measures to ensure a level of security which is appropriate to potential risks. We are doing our best to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. However, in case of data breach resulting in a risk to your rights and freedoms, We are ready to notify supervisory authority as well as data subjects. As a data subject, You have a right to lodge a complaint with a supervisory authority.
    Data Subject's Rights
    ESET is subject to regulation of Slovak laws and We are bound by data protection legislation as part of European Union. You are entitled to following rights as a data subject:
    •right to request access to your personal data from ESET,
    •right to rectification of your personal data if inaccurate (You also have the right to have the incomplete personal data completed),
    •right to request erasure of your personal data,
    •right to request restriction of processing your personal data
    •right to object to processing as well as
    •right to data portability.
    If You would like to exercise your right as a data subject or You have a question or concern, send us a message at:
    ESET, spol. s r.o.
    Data Protection Officer
    Einsteinova 24
    85101 Bratislava
    Slovak Republic
    dpo@eset.sk
  16. Upvote
    Marcos received kudos from fabioquadros_ in ESET and piracy   
    I've checked the VT links but there were only hacktools and cracks scanned. I would say that there's much more malware downloaded from Dropbox or One Drive with download links spammed by email, however, that wouldn't justify blocking the services and no AV will ever do so.
  17. Upvote
    Marcos received kudos from Sammo in ESET v12.2.29 bug?   
    Try the newer version of EIS when available later this week or by the beginning of the following one.
  18. Upvote
    Marcos received kudos from BeanSlappers in Notifications have disappeared?   
    Notifications about module updates are disabled by default. You can enable them here:

  19. Upvote
    Marcos received kudos from heyyahblah in 12.2.29.0 bug...   
    We are aware of it; it was actually an issue that we tried to work around in v12.2.29 but it caused other issues resulting from WSC not responding in a timely manner. Most likely it will be reported to and discussed with Microsoft's developers since the process of registration to WSC is handled by Windows itself and it's beyond any 3rd party sw vendor.
    There should be a newer version available soon that will have the workaround reverted which may affect timing and the notification may go away.
  20. Upvote
    Marcos received kudos from peteyt in ESET and piracy   
    I've checked the VT links but there were only hacktools and cracks scanned. I would say that there's much more malware downloaded from Dropbox or One Drive with download links spammed by email, however, that wouldn't justify blocking the services and no AV will ever do so.
  21. Upvote
    Marcos received kudos from fabioquadros_ in ESET failed to protect against a Ransomware   
    Not true, it takes VT some time to update. Plus VT doesn't take into account when a particular file was blacklisted in LiveGrid which happened hours ago.
    ECLS Command-line scanner, version 7.0.2097.0, (C) 1992-2018 ESET, spol. s r.o.
    Module loader, version 1018.1 (20190709), build 1054
    Module perseus, version 1554.1 (20190731), build 2050
    Module scanner, version 20053 (20190920), build 42838
    Module archiver, version 1291 (20190823), build 1305
    Module advheur, version 1193 (20190626), build 1175
    Module cleaner, version 1195 (20190610), build 1293
    name="70e50d0eae76044b3c022cdb423bd47e525a8891", threat="Win32/Filecoder.NXW trojan"
     
  22. Upvote
    Marcos received kudos from ECELeader in Anti-phising and ssl/tls filtering not working in Firefox Developer Edition   
    I have no problem here:

    If you check information about the certificate used on this forum, do you see ESET there?

     
    As for SSL filtering, it is important to keep it enabled since more and more malware is downloaded via https and the number of malicious websites utilizing SSL is growing as well. Also the fact that browsers are starting to report http connections as unsecure, bad guys have a good motivation to move to https as well.
    By coincidence last week I attended a presentation by an ethical hacker who attempted to attack a machine utilizing Meterpreter. He failed once thanks to SSL filtering employed by ESET. When he managed to bypass it, the payload was detected and blocked upon injection by Advanced Memory Scanner.
  23. Upvote
    Marcos received kudos from Bolin Xia in My own website shows in backlist by ESET, pls help   
    First of all, this forum is not meant to be a channel for disputing detections or url blocks. Please refer to How do I report a false positive or whitelist my software with ESET? in the FAQ section on the right-hand side of this forum.
    Secondly, your website was compromised and still contains javascript malware detected by ESET as JS/Spy.Agent.P.
  24. Upvote
    Marcos received kudos from fabioquadros_ in update from 12.2.23 to 12.2.29   
    The problem with periodic scan seems to be caused by timing; v12.2.29 was waiting for a response from WSC and since it takes time for the Security Center service to start (looks like a bug in Win), the system didn't know about ESET and WD was started. When we eventually received a response from WSC and registered, WD reset its settings, including periodic scanning. We've made a change so that we won't wait for WSC to respond and will register immediately. We'll also implement an alternate way how to remove obsolete providers from WSC since the functionality is not supported by Windows as of RS6.
    A newer version with all the above mentioned changes should be available soon.
  25. Upvote
    Marcos received kudos from Pete12 in update from 12.2.23 to 12.2.29   
    The problem with periodic scan seems to be caused by timing; v12.2.29 was waiting for a response from WSC and since it takes time for the Security Center service to start (looks like a bug in Win), the system didn't know about ESET and WD was started. When we eventually received a response from WSC and registered, WD reset its settings, including periodic scanning. We've made a change so that we won't wait for WSC to respond and will register immediately. We'll also implement an alternate way how to remove obsolete providers from WSC since the functionality is not supported by Windows as of RS6.
    A newer version with all the above mentioned changes should be available soon.
×
×
  • Create New...