-
Posts
97 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Leonardo
-
-
Hello,
I have the same problem, PM license ending soon (2023.07.25 ???) even if my product license is ending 2024.09.01 ; I used the same email address for registring my license and for my password manager account.
-
-
21 hours ago, Marcos said:
Yes, it's safe. In 99,9% of cases you get the same modules both from the regular and pre-release update channel. Even in the enterprise environment we recommend updating from the pre-release update channel on a small subset of computers.
Thanks @Marcos for your explanations.
I have enabled pre-release update channel and will stay with it enabled.
-
12 minutes ago, itman said:
Eset will unblock a file after the "Maximum wait time for analysis result expires." The default value is 5 mins..
As far as if there is a risk associated with this, theoretically the answer is yes. To exploit this however would require an attacker to perform system modifications prior to the executable/script being dropped. One example would be creating a scheduled task to run every 6 mins. or so that in turn, runs the executable/script.
I had tweaked "30 minutes" for the maximum wait time, it is not possible to choose more time.
I think it is really dangerous without any clear notification saying "safe" or "unsafe" the situation remains ambiguous ; the most secure for the basic user who does not be careful is to block the file till the result of LiveGuard analysis.
-
4 minutes ago, itman said:
But you received an answer, not me after
5 minutes ago, itman said:Thanks @itman
But you received an aswwer (file safe); but I did not received any answer even after near 7 hours !
And what do you think about the dangerosity of unblocking a file (it is ESET SSP that unblock the file !) before the end of the analysis?
-
18 hours ago, Marcos said:
Please check if the issue with the delay in sending files to LiveGuard persists after switching to the pre-release channel in the advanced update setup.
Hello @Marcos
Thanks for the solution👍
But is it safe to run "pre-release" updates? I'm afraid about possible bugs on ESET pre-release ?
-
Hello @Marcos
I have another problem.
Yesterday a file was sent to LiveGuard at 23:22:56 and 25 minutes later at 23:47:40 the analysis was not finished, but the file was unblocked. I think that it is very dangerous ! And I did not receive any answer later to know if this file is safe or not ?!
-
On 4/27/2022 at 5:14 PM, Marcos said:
Do you have the latest version 15.1.12 installed? If not, try uninstalling the current version, download the installer from www.eset.com and install it. If you have the latest version. Try uninstalling and reinstalling it even if you have have the latest version and the issue persists after a reboot.
Hello @Marcos
Thanks for your solution👍
I just uninstalled and reinstalled ESSP and now Banking Protection works fine.
-
1 hour ago, itman said:
I am running Win 10 Pro x(64) 21H2 and FireFox 99.0.1 and having no issues with Eset B&PP. I also applied latest Win preview updates yesterday. Also my ESSP ver. is 15.1.12
This issue might be related to Firefox ESR.
Hello @itman
No the issue isn't related to Firefox 91.8.0esr because I tried at home on another PC with the same specs and the Banking Protection works fine.
-
17 minutes ago, Marcos said:
Do you have the latest version 15.1.12 installed? If not, try uninstalling the current version, download the installer from www.eset.com and install it. If you have the latest version. Try uninstalling and reinstalling it even if you have have the latest version and the issue persists after a reboot.
Thanks @Marcos
Yes I have the latest version installed ; I'll try to uninstall and reinstall ESSP later because it takes too much time.
-
53 minutes ago, itman said:
It is also noteworthy to review how ESSP performed in AVLab's recent Banking and Payment Protection test: https://avlab.pl/en/overview-of-techniques-and-attacks-in-windows-11/ . Some work needed by Eset in this area.
ESSP was neither the best nor the worst in this test 😉
-
-
9 minutes ago, itman said:
It's impossible to determine what went on from your posted logs screen shot since the dates are different.
Best to test using BAFS when you get back in town and then compare your results with my posted one. When you do retest, make sure you log on to MS BAFS web site and download a new wdtestfile.exe to test with.
Thanks @itman
I'll do this and let you know.
-
6 hours ago, itman said:
I'll save you some work.
For those not familiar with this download test, it is to test Microsoft Defender "block-at-first-sight" of a file download with subsequent upload and analysis by the Microsoft cloud.
Upon file download by Firefox, Eset LiveGuard detected it and submitted it to the Eset cloud:
Time;Component;Event;User
4/19/2022 9:12:55 AM;ESET Kernel;File 'Sj2-Kz7u.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEMTime;Hash;File;Size;Category;Reason;Sent to;User
4/19/2022 9:12:55 AM;09C513ABE0F1B48029E8EBE288EBE530DEE8E5FE;C:\Users\xxxxxx\Downloads\Sj2-Kz7u.exe.part;5716;Executable;Automatic;ESET LiveGuard;xxxxxxxxxSince this download was an executable, Eset blocked file access upon file creation until Eset cloud scanning was completed:
Blocked file access was further confirmed when I tried to access the file while Eset cloud analysis was underway:
Time;Component;Event;User
4/19/2022 9:16:14 AM;ESET Kernel;ESET LiveGuard is analyzing the file to ensure it's safe to use. We will notify you in a few minutes.Unblock the file (not recommended)Change setup;xxxxxxxxxUpon completion of Eset cloud scanning, a safe verdict was rendered by LiveGuard and access to the file was unlocked:
Time;Component;Event;User
4/19/2022 9:17:49 AM;ESET Kernel;ESET LiveGuard has analyzed a file. It is safe to use.;xxxxxxxxxxPertaining to Eset log entries created in this transaction, all were Event log entries except for one Sent log entry.
-EDIT- I forgot to mention that although 29 vendors at VirusTotal detect this file malicious, Kaspersky's detection is the most accurate, "Not-a-virus:HEUR:RiskTool.Win32.TestFile.gen."
When the file is created by the Microsoft download site, it in turn creates a sig. for it only used by the MD cloud. In other words, this is a MD "block-at-first-sight" functionality test only. This is further confirmed by the file not being detected by Microsoft at VirusTotal.
Thanks @itman for your help.
But It is not normal that the event did not appear on "files sent" logs on my ESSP. Is my remark right ?
-
18 minutes ago, Marcos said:
If you are able to reproduce the situation when files are temporarily blocked by LiveGuard but are not listed in the Sent files log, I could provide you with a logging module to get more info about what's going on.
Thanks @Marcos
At the momen I'm in vacation but I will try next week with BAFS test https://demo.wd.microsoft.com/Page/BAFS
-
-
Hello,
Just tried the tool and LiveGuard analysed the application when I launched it 👍
-
-
On 4/11/2022 at 12:03 PM, Leonardo said:
Hello @Marcos
As you asked, I have attached ESET Log Collector logs.
I know that you are very busy but did you have yet watched my essp_logs ?
-
5 hours ago, itman said:
Since I realize many are following this thread, I will post an update on LiveGuard script processing.
After a long and arduous off-forum session with @Marcos, the following has been resolved. LiveGuard will not process suspicious scripts until actual execution of the script is performed. Again when a script is downloaded, LiveGuard will not be invoked.
Additionally when the script is being processed by LiveGuard, script access is "locked" but this status will not be shown via Win Explorer Content Menu examination.
Thank you very much for your works and the explanations you give at other ESET users 👍
-
On 4/11/2022 at 12:03 PM, Leonardo said:
Hello @Marcos
As you asked, I have attached ESET Log Collector logs.
But still the same problem; the event appears in "events" logfiles but not in "sent files" logfiles.
-
16 hours ago, Leonardo said:
Hello @Marcos
Just tested on my home desktop and it works☺️ Tomorrow I'll test on my office desktop (the one with the "problem" I previously exposed).
For me it also works at office.
-
1 hour ago, Marcos said:
You can download it from https://we.tl/t-kGTJmoyalk
It will be unique on your machine so it should be blocked and submitted:
Hello @Marcos
Just tested on my home desktop and it works☺️ Tomorrow I'll test on my office desktop (the one with the "problem" I previously exposed).
-
On 4/9/2022 at 4:18 PM, Marcos said:
This file was sent to LiveGrid, ie. access to it was not blocked. It could be that the file is either trusted or has already been submitted to LiveGuard before and was evaluated as clean. ESET Log Collector logs could shed more light.
Hello @Marcos
As you asked, I have attached ESET Log Collector logs.
ESET Pasword Manager - keeps saying license expired even if its not
in ESET Internet Security & ESET Smart Security Premium
Posted
Hello,
I solved my problem; the trick is I had not created my password account on "myESET".