Peter Randziak

ESET Moderators
  • Content count

    1,299
  • Joined

  • Last visited

  • Days Won

    47

Peter Randziak last won the day on December 15

Peter Randziak had the most liked content!

4 Followers

About Peter Randziak

  • Rank
    N/A

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

3,864 profile views
  1. esets_daemon freeze

    Hello Satoshi, to generate core files the command: gcore <pid> can be used. I'm afraid that without them we won't be able to find the root cause of the issue. Once you will have the core files, do not hesitate to contact me so I will have it checked with a priority. Regards, P.R.
  2. ESET Endpoint Security 6.6.2064.1 activation fail

    Hello, glad you resolved it so quickly. Hopefully everything will go now as expected. Regards, P.R.
  3. ESET Endpoint Security 6.6.2064.1 activation fail

    Hello @o.barkov , the license with 3AA-6P5-TGM public license ID is issued for ESET Endpoint Antivirus + File Security, which explains why it does not work on ESET Endpoint Security product. So you should deploy ESET Endpoint Antivirus or upgrade your license to have ESET Endpoint Security covered. Regards, P.R.
  4. esets_daemon freeze

    Hello @Satoshi, this if the first issue occurrence with DB module 1095, I'm aware of. Can you please send me the ticket ID so we can check it with a priority? We need core files of esets processes from the frozen state to be able to analyze the issue. Regards, P.R.
  5. Hello @m4v3r1ck , good, thank you. Please let us know how it went. We (ESET Slovakia) do not have such offer so it was a bit strange for us, but your ESET (Netherlands) should be able to clear this for sure. Regards, P.R.
  6. ESET Endpoint Security 6.6.2064.1 activation fail

    Hello @o.barkov , can you share your public license ID so we can check for which product is your license issued? Regards, P.R.
  7. Hello @m4v3r1ck , when it comes to the update issues the low RAM or high memory fragmentation might be the culprit as the updater needs quite a big solid memory allocation to verify, merge and apply the updates. System reboot should probably resolve it temporarily (based on how heavily you use the system i.e. how long will it take to have low memory or high memory fragmentation). We would be able to check it based on logs which Marcos requested, for the high memory fragmentation we would need process dump from ekrn.exe after the error occures. When it comes to the ESSP trial period it seems pretty normal, that once the period expires and you decide not to use the premium features, will be removed,... Regards, P.R.
  8. Hello @cutting_edgetech we are currently distributing Antivirus and antispyware module version 1533.2 ) which should address the issues with too aggressive detection of LiveGrid servers not accessible. Can you please update and check if the issue persists? Regards. P.R.
  9. bypass

    Hello guys, thank you for sharing this research I posted our statement on this in the other thread https://forum.eset.com/topic/14038-process-doppelgänging-new-malware-evasion-technique/?do=findComment&comment=70032 Regards, P.R.
  10. Process Doppelgänging: New Malware Evasion Technique

    Hello guys, thank you for sharing this research. Our statement current statement on this topic is following: "Recently, ESET was informed about the findings published at: https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attack-works-on-all-windows-versions/ The report describes that in very specific cases an evasion technique might exist that allows malware to avoid scanning by one of ESET’s scanning layers. The evasion in question applies to security products of all vendors since it is an underlying issue in the operating system itself, rather than being a product-specific problem that causes it. We need to stress, that to achieve this, a malicious dropper would already have to be deployed on the system. It is also important to note that ESET's multi-layered technology is already prepared for such cases. This means that when an attacker manages to avoid one layer, another layer can step in and detect the attack: e.g., if the malware in question were to attempt the encryption of files, ESET Ransomware Shield would step in; if the malware would try to act across an ESET protected network, our ESET Network Protection module would activate, etc. We will consider communicating further steps as soon as complete information about the attack scenario is published. Protecting our customers is always our top priority and we greatly value the commitment to responsible disclosure and the collaborative nature of the IT security industry." Note: our technology team is still analyzing the technical details. Regards, P.R.
  11. esets_daemon freeze

    Hello guys, today at around 10:30 CEST we have released the Database module 1095, containing fix for the reported issues. Thank you once again for your support and help with resolving of this issue. In case it happens again with the Database module 1095, do not hesitate to contact us with the core files of all esets running processes. So far we haven't received any reports of issue reoccurrence with the fixed Database module. Regards, P.R.
  12. Hello guys, Ransomware Shield is a behavioral protection feature utilizing data from the ESET LiveGrid reputation system. Regards, P.R.
  13. esets_daemon freeze

    Hello guys, thank you for your support and willingness to help. So far still no negative feedback, we test the module internally, should get to pre-release update channel tomorrow and to release during the next week, if no issues will be reported. Regards, P.R.
  14. esets_daemon freeze

    Hello @CircleSquare, yes exactly, you need to replace the em022_32.dat located at /var/opt/eset/esets/lib/ with the one provided (version 1095). We have few deployments already using it, but so far no feedback, which might be promising. Regards, P.R.
  15. esets_daemon freeze

    Hello @miro, we do not offer this as an official solution, just as a quick fix for those who are willing to try it and can try it. The fix will be distributed via standard channel once confirmed and properly tested. When it comes to the compensation you can contact your reseller as this his in his competences. Regards, P.R.