Arakasi

Do you get the same results using a different DNS ? Try OpenDNS and let us know results. 208.67.222.222 208.67.220.220 What about the ISP's DNS servers ?

hxxp://www.pandasecurity.com/mediacenter/panda-security/panda-security-antivirus-greater-detection-capalities/

You might have to use a gateway, or email client rule lists for the desired effect you may be looking for. You could block a domain, but then the foreign language spam could simply use another domain to come from. I wonder if this is a feature ESET could implement in the future. *Block all mail from specified foreign language based off subject line, sender, or body."

Good deal, thanks for reporting back. Win !

Staring at the hips log will make you crazy and paranoid. Those alerts look ok to me. It appears to be a Mbam driver, ESET driver, and TrustedInstaller being set as Automatic at startup. If you approve these changes, and HIPS is blocking. Try setting HIPS to learning mode for 1 logon. Then back to normal.

Well said. Maybe providing a secure download link would be a decent move for ESET to make for the linux version.

Hello, If you go into Tools > Scheduler, you should find the updates and be able to alter the events, follow-ups, actions to take if failed or success etc. I am not sure which one to edit, but you could also create a new one, with user logon, and if fails, have it run again as soon as possible. This may not solve the issue of update error, but may cause it to update again immediately after the failed attempted allowing time for your adapter to renew IP. I am not aware of any way to facilitate a delay in updates if it is already scheduled at the specified time or event trigger.

Hello, Can we get a Moderator to move this to the Endpoint section. According to my source here : hxxp://stackoverflow.com/questions/3452161/which-ports-does-xmpp-use You could create a blocking rule for tcp and udp on ports 5222, 5223, 5269, & 5298. This is the port XMPP uses for communication. This may have the effect you want where Google talk and Gmail instant messaging traffic do not complete and get blocked, however Gmail itself will still be fully functional as it will be using the standard mail ports for traffic. You could make the suggested rules in a temporary policy and deploy it to one workstation and test and see. Then edit your current policy and finalize the rule.

Ok rugk

Anything can be posted in General Section. https://forum.eset.com/topic/351-general-discussion-guidelines/

One of my favorite comedians. hxxp://edition.cnn.com/2014/08/11/showbiz/robin-williams-dead/index.html?hpt=hp_t1 https://www.youtube.com/watch?v=LSXMS8ABAAU

Case closed. Feel free to reference here if help is still needed.

Its alright. Cryptology gets waaaay more involved, then that simple string. You can even convert the text to ascii and then reverse the string followed by encrypting the converted string, followed by another reverse and then converted to hexadecimal. Deeep If you can find a blowfish decrypter online , the key or password to de-encrypt would be "Swex" Back on topic now.....

I don't always get e-mails back from the team, especially if multiple people submitted, they may just send one out to the first person that appears to them. Also, ESET keeps a strict evaluation of submissions to ensure the low false positives that ESET retains, some vendors don't evaluate or examine and just add based off other vendors, have seen this many times. ESET has a very nice malware research team and although they were not in haste for this particular variant, I would be interested in the origination of the file ? Was it on a download site, through a drive-by js on a bad web server? Submitted from a malware pack ? Bundled in legitimate software etc ? Is it in-the-wild ?

If they aren't checking into ERA properly, the policy won't be applied. In addition if you pushed out a config different than the policy you are applying, sometimes I have noticed the local settings will revert even after a policy update. Could you be more specific as to which settings are not changing / or updating ?? Any scheduler settings etc ?

You don't need a secure handshake with the servers to tell if it is genuine. Just compare the Hash of the installer once its downloaded against what everyone else is reporting. Use virustotal if you don't have a hash program. If the installer you have has a different hash, THEN you can raise your eyebrows and report back here.

Please follow Marcos instructions before mine, although in a hurry to get a fix we don't know how widespread the issue may be.

Try going to C:\Program Files\Eset\updfiles and deleted all the update files and then try to manually perform the update again. Or C:\ProgramData\ESET\%ProductName%\Updfiles In addition try switching to Pre-release updates and then back to normal again to see if it fixes the issue. I don't have this issue on multiple workstations so it appears to be isolated and locally.

On windows 7, local admin should be disabled by default. If it's not, using an admin privileged account open a command prompt with elevated privileges and disable it "net user administrator /active:no" I don't suspect AT should see it or consider it a security risk if disabled. I would definitely type "net user" alone and see how many and what accounts are listed. Just add a password directly from the command prompt using the same syntax I presented. "Net user ACCOUNT PASSWORD" Where account = the account name and password = the password you wish to add if it doesn't have one. Good luck.

Excellent response. This is why ESET is superior to other vendors.

A few suggestions i can make for VPN are 1 free and 1 fairly expensive. 1. https://www.vpnsecure.me/ - COST but it has 2048 bit keys. 2. https://openvpn.net/ - FREE

Great work & great professional response from Chad. I have spoken with Chad over the phone a few times, and his professionalism is as equal in person. Thanks for your help & support on behalf of the original poster.

92d7f27f0591648b0125df3e8cc907aa 921dd2f32e80446a989446c6e529a602 1c4b04c727128b0511217e67e7f84edd bca8dc519095997139e4e0267a02137f 1a4e7bc28521354d809439409902f631 Blowfish My swedish friend is the key !

Try checking the spam or junk folder in your mail.

I would just switch your firewall in Smart Security to interactive mode, and or learning mode and have it create the necessary ports for you.