Peter Randziak

Hello guys, I'm not aware of esets services restart need as upon modules update, the esets daemon (in which the deadlock causing the freeze occurred) is reloaded. Regards, P.R.

Hello @itman , thank you for sharing, I will have that checked even I assume that the guys responsible are already aware of it. Regards, P.R. Tracking note: ESSW-3502

Hello Satoshi, to generate core files the command: gcore <pid> can be used. I'm afraid that without them we won't be able to find the root cause of the issue. Once you will have the core files, do not hesitate to contact me so I will have it checked with a priority. Regards, P.R.

Hello, glad you resolved it so quickly. Hopefully everything will go now as expected. Regards, P.R.

Hello @o.barkov , the license with 3AA-6P5-TGM public license ID is issued for ESET Endpoint Antivirus + File Security, which explains why it does not work on ESET Endpoint Security product. So you should deploy ESET Endpoint Antivirus or upgrade your license to have ESET Endpoint Security covered. Regards, P.R.

Hello @Satoshi, this if the first issue occurrence with DB module 1095, I'm aware of. Can you please send me the ticket ID so we can check it with a priority? We need core files of esets processes from the frozen state to be able to analyze the issue. Regards, P.R.

Hello @m4v3r1ck , good, thank you. Please let us know how it went. We (ESET Slovakia) do not have such offer so it was a bit strange for us, but your ESET (Netherlands) should be able to clear this for sure. Regards, P.R.

Hello @o.barkov , can you share your public license ID so we can check for which product is your license issued? Regards, P.R.

Hello @m4v3r1ck , when it comes to the update issues the low RAM or high memory fragmentation might be the culprit as the updater needs quite a big solid memory allocation to verify, merge and apply the updates. System reboot should probably resolve it temporarily (based on how heavily you use the system i.e. how long will it take to have low memory or high memory fragmentation). We would be able to check it based on logs which Marcos requested, for the high memory fragmentation we would need process dump from ekrn.exe after the error occures. When it comes to the ESSP trial period it seems pretty normal, that once the period expires and you decide not to use the premium features, will be removed,... Regards, P.R.

Hello @cutting_edgetech we are currently distributing Antivirus and antispyware module version 1533.2 ) which should address the issues with too aggressive detection of LiveGrid servers not accessible. Can you please update and check if the issue persists? Regards. P.R.

Hello guys, thank you for sharing this research I posted our statement on this in the other thread https://forum.eset.com/topic/14038-process-doppelgänging-new-malware-evasion-technique/?do=findComment&comment=70032 Regards, P.R.

Hello guys, thank you for sharing this research. Our statement current statement on this topic is following: "Recently, ESET was informed about the findings published at: https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attack-works-on-all-windows-versions/ The report describes that in very specific cases an evasion technique might exist that allows malware to avoid scanning by one of ESET’s scanning layers. The evasion in question applies to security products of all vendors since it is an underlying issue in the operating system itself, rather than being a product-specific problem that causes it. We need to stress, that to achieve this, a malicious dropper would already have to be deployed on the system. It is also important to note that ESET's multi-layered technology is already prepared for such cases. This means that when an attacker manages to avoid one layer, another layer can step in and detect the attack: e.g., if the malware in question were to attempt the encryption of files, ESET Ransomware Shield would step in; if the malware would try to act across an ESET protected network, our ESET Network Protection module would activate, etc. We will consider communicating further steps as soon as complete information about the attack scenario is published. Protecting our customers is always our top priority and we greatly value the commitment to responsible disclosure and the collaborative nature of the IT security industry." Note: our technology team is still analyzing the technical details. Regards, P.R.

Hello guys, today at around 10:30 CEST we have released the Database module 1095, containing fix for the reported issues. Thank you once again for your support and help with resolving of this issue. In case it happens again with the Database module 1095, do not hesitate to contact us with the core files of all esets running processes. So far we haven't received any reports of issue reoccurrence with the fixed Database module. Regards, P.R.

Hello guys, Ransomware Shield is a behavioral protection feature utilizing data from the ESET LiveGrid reputation system. Regards, P.R.

Hello guys, thank you for your support and willingness to help. So far still no negative feedback, we test the module internally, should get to pre-release update channel tomorrow and to release during the next week, if no issues will be reported. Regards, P.R.

Hello @CircleSquare, yes exactly, you need to replace the em022_32.dat located at /var/opt/eset/esets/lib/ with the one provided (version 1095). We have few deployments already using it, but so far no feedback, which might be promising. Regards, P.R.

Hello @miro, we do not offer this as an official solution, just as a quick fix for those who are willing to try it and can try it. The fix will be distributed via standard channel once confirmed and properly tested. When it comes to the compensation you can contact your reseller as this his in his competences. Regards, P.R.

Hello guys, We have an update from the development team. They were able to fix two issues in the Database module ( fixed version is 1095), but they are not 100% sure, if it will solve all the issues reported, so please take this as a first attempt to fix it. If you are willing to try it, stop the esets daemon rename the em022_32.dat (to fox example em022_32.backup) and place there the em022_32.dat version 1095, make sure to keep permissions of the original em022_32.dat to prevent further issues and that start the esets daemon back. The testing module is available at http://ftp.nod.sk/~randziak/Database_module_1095.7z - packed with 7zip, no encryption. In case of any feedback please let us know. Thank you, P.R.

Hello @OrionCR, you can send me your e-mail address, which you used for the trial license via private message to check. Regards, P.R.

Currently we do not know why it started to manifest just recently. The database module updates are being distributed along with Detection engine, Rapid response, Advanced antispam and many other modules.

Hello guys, we are working on the issue with a high priority. So far it seems that the freeze occurs in Database module (last release was in August) utilized by the Anti-spam engine and it seems, that the particular issue was there before as well. The mystery remains why it started to manifest just recently. The developer reproduced the freeze and works on fixing it. We are sorry for the inconvenience caused. Kind Regards, P.R.

Thank you guys for your positive words, much appreciated.

Hello Chercm, great, thank you for the confirmation, in case of any further issues do not hesitate to contact us again. Regards, P.R.

Hello @chercm , can you please try it with version 6.5.532.0 available at http://ftp.nod.sk/~mego/6.5.532.0/ and let us know if it helped? Regards, P.R.

Hello Matt, yes sure, there is URL address management under the Web access protection, please remember to use asterisks "*" before and after the domain, which you would like to manage. Regards, P.R.