jdashn

this issue, and several others that are being pushed off until 2018/Version 7 (auto-resolve of 'handled' infections, etc) cost me a significant amount of time in day-to-day maintenance of an application that should not be this hands on. These issues have been 'on the radar' since just after the release of version 6. The time to manage this 'small' issues with ESET build up and have started to make managing ESET more difficult and time consuming that it was during our initial assessment of the product. If what is holding these advancements/improvements back is marketing or design or some other such nonsense, it is causing those who purchase licenses by the thousand, more than just minor headaches, and these solutions should be tested and released immediately. I do not like having to spend hours each week managing my virus scanning software licences just because an improvement is being held back. Please tell me that there is a technical reason for holding back it's release and not just 'we want it on this release schedule'.. this like this make it difficult for me to argue for ESET vs potentially less time consumptive solutions. Jdashn

@MichalJ I had thought I had seen a post stating that the next version of ERA was planned to be fully cloud based. This will not work for our org. due to the issues I had mentioned, as long as ESET does not plan on ONLY offering ERA in the cloud then we've got no concerns. Thanks! Jdashn

Looking at the AppEsteem site it looks like the issues with driver easy are the following: 1. The application scheduled tasks cannot be disabled using standard platform-provided methods. Scheduled tasks are still active even after disabling it using the software provided method. 2. The application fraudulently elevates its user trust level by displaying fake, unverifiable or expired endorsements. The app display "Gold Microsoft Partner" logo which is unable to be verified. 3. The application creates undisclosed scheduled tasks to perform actions without the user's knowledge and consent. 4. When running on a virtual machine, app does not report "out of date" for the same drivers/driver info that it reports out of date on a native hosted os. There is no mention of this variance in behavior in EULA or in the product If you go to the site linked by Marcos, and search for Driver Easy you'll even see picture evidence of some of these issues. i'm guessing that Driver Easy won't be able to clear up these issues without significant changes to their marketing and application, which will likely not happen anytime soon as most companies that do these sorts of things know full well they're being sketchy. I hope this helps!! Jdashn

Description: ERA Accessible without internet access. Detail: Would like to ensure that the newest versions of ERA will still allow a locally installed product that would not become unusable if internet access were lost. If our internet provider were having issues i would still like to be able to manage ESET products within our local network, receive threat notices, manage connected devices, etc.

I attached an old version of the uninstaller tool.. i have not tested it with modern versions of eset (6.4+), but we've had a lot of success using it. This old version did not always require safemode to use the uninstall feature, so we use it when we can't get the uninstall task to properly work. I'm sure there is a reason you can't get this version of the software anymore.. so please use it with caution, i can't promise it won't permanently hose your system or anything like that. ESET staff please feel free to delete this post if you'd prefer i not attach this version of the uninstaller tool. ESETUninstaller.zip

@DeltaSM There is an application provided by eset "Eset Uninstaller Tool" https://support.eset.com/kb2289/?locale=en_US it allows you to easily uninstall ESET without a password. Works in safe mode only IIRC. There was a previous version of the tool that worked quite well outside of safemode to remove eset installs (still works, we use it, but you can't find the download for it anymore). When it comes down to it, if someone is an admin (administrator group on a windows box) on a computer, they can do whatever they want, really. Only way to stop that is to show your devs how to do their job with-out admin rights on their login account, or a set of super strong policies that are enforced (and monitored) and a HR department prepared to fire folks for breaches of that policy (IE. you uninstall your Virus scanner we will fire you, and a script that checks for said software, reports violations). At least that's been my experience. Jdashn

I would guess if the users are admins on their box, they'd be able to startup the computer in safe mode, easily allowing them to run the uninstaller tool bypassing the password protection as well... if i'm not mistaken.

Are you saying that keyloggers of this type will be undetectable by eset? Seems like a big hole if that's the case.

I dont think that the websites comparing different AV software are unbiased, or show much difference in most of the software out there. I will say though that these forums or others should not serve as 'proof' that people are not getting infected while using ESET. I do not believe it would be appropriate or wise to post here were my company to be infected with something while ESET were installed. It would be far more appropriate and wise to contact support via phone or ticket, and it would never be mentioned here. I would assume the same would go for an Individual/personal license holder as well. Though maybe there is some benefit i'm not seeing? Jdashn

Might have missed this part of that article? Was updated today:

I feel that without a doubt this is not adware, and at the very best is a PUA and should be detected as such. If ESET can't detect it, i guess that's an issue.. but if it WONT, that's another story. I get the impression from: https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/ that the web mining is considered malicious. If the above linked post is the Blog posting you're referring to they mention using an adblocker, but only it seems if you do not have eset installed? Another interesting, but potentially useless point, when staff at my office contacted ESET regarding the software's ability to block adware and browser hijacks the reply was: But that's a sales team, always answering affirmative without speaking with anyone else. So, all this leaves me wondering if ESET is protecting me against websites that use my computers' (potentially overheating, using my electricity, etc) without my permission.

Any chance that it is possible to detect this using EAV?

Sorry for the offence, it wasn't to say anything about the grammar, native language, or anything of the sort, just the phrase 'Empty Threat Log', which is a phrase I would have used myself were I to be having the same issue (not sure how else one WOULD describe it)--. Really it was more of a comment on how my brain works, and hoping someone might read it and be able to assist the OP (was bumping a 1 month old unanswered post), didn't even think for a moment someone might take it to mean I was commenting on someone's grammar. I'm very sorry. I do apologize for any offence and would be more than happy to have my posts on this thread totally removed if any was taken by anyone reading it, as none was meant. Kinda catching me off guard here as I'm having difficulty reading it as you are, but I can understand how someone might be sensitive to things i'm oblivious to due to culture or previous experiences.

itman, and whomever may be curious: it appears that ESET does already detect this threat as Filecoder.AESNI.B according to support ticket raised. Makes sense as they're using the same encoder, just odd that the detection would work for both the ones identified in may and the new ones in june. Honestly just glad I can provide an actual answer to those who've asked me. Jdashn

Sorry to bump, being pressured to find an answer to this. Am I asking in the wrong area, Should this be a support ticket? Thanks a ton!! Jdashn

I am so sorry, i wish i could help with this, but i dont really use a mac. I just can't help but say that every time i see this post on the forums here i think about an "Empty-Threat Log" instead of an "Empty Threat-Log" ... My "Empty-Threat Log is filled with entries like "If you don't stop hitting your sister i'm going to turn this car around" and "If you leave the toilet seat up one more time i'll divorce you" " Again, i'm so sorry i'm unable to assist. Jdashn

itman, definitely a corporate user, SOREBRECT uses PSEXEC to spread, we've got that covered as an org - as well as some pretty strict rules, and prohibitions on Admin access for all but a few, along with a few other items that stop this particular threat in a few other spots in it's attack cycle... but people fail, unfortunately the regulations on my industry do not allow for failure. Multiple layers! Thanks for the link, i've read that article, and a few others as well. this write-up (especially the Technical Details) is particularly helpful: https://www.symantec.com/security_response/writeup.jsp?docid=2017-061913-4515-99&tabid=2 My question was specifically if ESET can detect and protect against this kind of threat (or even this threat specifically if a few of our other procedures and systems fail). Does ESET not detect the malicious code injection into a trusted process (where it injects it's code into svchost.exe, then encrypts files, deletes logs, adds registry keys, etc)? Even a dictionary/hash based detection? Thanks! Jdashn

Out of curiousity does ESET protect against SOREBRECT and other fileless code-injection threats by default? Or is there some seperate HIPS rule i'd have to setup in order to ensure that our org is protected against these sorts of threats. Thanks, Jdashn

@FailedExpermient I would certainly contact support, refrence this ticket. The tech I spoke with told me that he'd never seen another user that had the same issue that I ended up having. That said, I was able to find the 'Eset Install Fixer' by searching for just that. hxxp://support.eset.com/kb3544/?viewlocale=en_US I'd honestly make sure that it's the same issue, contact support, get it REALLY figured out before trying out the tool.. I'm not sure, but it could cause more harm than good if not used properly! I totally hope this helps though! Jdashn

If i'm not mistaken the Forum team generaly does not create support tickets for users. Just trying to be helpful, and at least assist you in finding the answers you're looking for. Other things i've found helpful in getting support: Direct a message at the person you're looking to contact @Marcos use the 1 to 1 messaging here or use the link i've sent you above I hope that helps get your issue into the hands of the individuals who can solve your issue. Jdashn

All i know is that Applocker (setup via GPO) at our organization has saved us more times than eset (though i'm confident eset would have caught the infection after install) by preventing the running of executable files within the users profile folders (with some exceptions). It took some setup, and exceptions need to be made for certain software, but we've not had a major infection since it's implementation. I suspect if you keep scripts and exe's from running it's hard for them to escalate privileges Then again i'm not going to give up my AV.

I'd guess it's not an issue well suited to Forum based support, have you submitted your question to Home user support? https://www.eset.com/us/support/contact/s3/?seg=business#/home-support/other/general-tech-question If so what did they say? Jdashn

For those who were wondering i was able to come to a solution to my issue with the assistance of ESET Support, after a few calls, and some log collecting the great team at ESET were able to find a solution to my Upgrade issue using their Install Repair tool. Have an awesome day! Jdashn

Sounds to me like you are scanning the 'drive' that the nas is presenting to your windows machine, which likely does not include the NAS OS. I understand this might be difficult due to what the OS chooses to allow you to share. One way to be sure you know where the infection is coming from would be to check your router at home, you should be able to list all devices connected (check manufacturer instructions) which will help you be sure there isn't a pesky laptop sitting under a bed connected to wifi.. or a neighbor with evil intent.. If nothing is showing up there that you've not scanned all drives for... then (as suggested previously) you should turn off FTP on your NAS device. The infection you have spreads via FTP, if you turn off the FTP service on your NAS device the only way it can infect it's self is via it's self.. if you can narrow it down to definitely being on the device, but cannot allow ESET to scan the OS.. you need to contact the Manufacturer of your NAS device to find out how to allow you to scan it with a virus scanner. The scr files you're finding are not the infection it's self, but rather a sign of the infection (like a fever is not an illness just the sign of one), cleaning those will not clean the infection -- you need to find the source. it's accessing your NAS via FTP using default passwords.. either internally (the nas OS) or externally (a different computer with access to the files). jdashn

Sorry for the delay in my reply, There very well may be some issues with many of these machines with previous installs. Most of the machines started their ESET life with 5.X then were upgraded to 6.2, then 6.3 then 6.4. I've tried the restarts in between and before and after, no luck, but we are using device control. The uninstall task in ERA is one that should uninstall 'all versions'. There is an uninstall procedure that i've gotten to work, it unfortunately utilizes an out-dated version of the EsetUninstaller.Bat file (7.0.7.0) that does not uninstall the Agent, and supports the /nosafemode flag... combine this a few times as a 'run a command' task, with restart tasks interspersed and it works great.. but i can't imagine that this is a good thing (especially with the uninstaller tool being so out of date, at least a year old). Though, after it allows for an error free install of ESET 6.5. Jdashn