Peter Randziak

Hello guys, The development team made a fix in the Banking & payment protection module 1301, which is as of now available on the pre-release update channel. Browser restart is required after the module update to apply the fix. Can you please check if it resolves the issue for you? Peter

Hello guys, I won't deny it that a new version should be available soon 🙂 (we should not announce new version availability until it is released, I burned my hand myself on this as I promised a release, which was later stopped as an issue was found... 😞 🙂 ) I will check it for sure, but I rather do not promise that it will be today... As I shouldn't disclose the release date, I assume I shouldn't be sharing much from the changelog too Naturally the detection capabilities were improved, multitenancy support was completed, further improvements and fixes are included. The changelog should be more rich this time 🙂 Peter

Hello @Nightowl, thank you for the submissions. Png files are encrypted blobs, they can't be executed without loader decrypting them. This is multicomponent malware, there is a chain of files used. Our detection brakes the chain, making the undetected component useless and that is our goal here. btw. the Vbs script is already detected. Peter

File rename does not change the file contents, but the scanner checks the real file type, based on the contents of the file. I passed the info provided to the research lab to check it further. Thank you guys, Peter

Hello @RichardW, yes we plan to release a fixed version. Generally we recommend to update to the latest version of ESET Protect 10.0 including ESET Bridge via All-in-one installer as the ESET Bridge replaces the Apache HTTP proxy component... Peter

Hello @Chris Jones - Boyd Company, our implementation is not using functionality affected by this vulnerability so it is safe to be used. The affected library will be replaced with the fixed version in the future releases. Peter

Hello @TvM, yes there are some indications that the release might happen before the April comes 😉 As we should not disclose the exact date of a release, until it is actually released please don't tell anyone Peter

Hello @Nightowl, thank you for a nice analysis 😉 I contacted the Detections team, the files e9262441ef8e401acce28d13100c63e90e3de2ffb0ec6763611eebdc1aa60dbd, 65327e1555994dacee595d5da9c9b98967d1ea91ccb20e8ae4195cd0372e05a0 and e7754d8e4c33b35b85d85554488069fe731190201fa9e42d1b53f38c843025a3 will be added to detection. Can you please provide us with files "mozilla.md5", "idea.mp3" and "tree.mp4" to check them further? Please send them to me in an encrypted archive via a private message, with the encryption password included 🙂 Peter

Hello guys, yes for sure I recommend to pass it to the local support, which can pass it to HQ support, if needed. Peter

Hello, The changes has been implemented and will be available in the future releases of the product i.e. the version 10. Peter

Hello Team, Banking & payment protection module 1300 is available on the pre-release update channel. If you encountered an issue with MS Edge can you please: 1. switch to pre-release updates, wait until the product downloads and applies the updates 2. reboot the machine (do not change the Secure all browsers option) and report back how it behaves 3. if the issue persists please provide us with: 1. Process monitor log with advanced output enabled 2. ESET SysInspector log output (taken while the problematic MS Edge is running) 3. Process dump of the main MS Edge process (if you not able to obtain it, send the logs without it. Note: Which is the main process can be identified via the Process explorer view) Please describe what the issue with MS Edge actually is (Browser crash, the page is completely blank, user is unable to browse, etc...), it seems there might be more of the issues based on the reports Thank you, Peter

Hello @TTN, the clients does not need a direct internet connectivity, but if you want to use the repository, it needs to be available for the endpoints either directly, or via a proxy. Ports and addresses required to use your ESET product with a third-party firewall are listed at https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall I recommend to use ESET Bridge as a proxy, which has the resources required allowed in it's configuration https://help.eset.com/ebe/1/en-US/index.html Peter

Hello @bart_c, I understand that for the advanced users, it might be a step back in terms of the ability to configure / fine-tune the product, but for standard users or even advanced ones it brings features for which there was quite high demand, like the apple silicon native version to name just one of many. On top of that one user mentioned that the new version improved significantly performance of the time machine backups, which is often reported by users as an issue... As I mentioned the version with the Advanced preferences available is to be release quote soon, so hopefully it will fit your needs and preferences... Peter

Hello @shicomm, the local support team in your country is one of the best around the globe, from my experience. The local support team however does not need to resolve the issue on their own, they may rise the ticket with the ESET HQ support team, which may rise it with the DevOps / Dev teams if needed... Hard to guess what might be the root cause, but we have seen a cases where the issue was "on the road" i.e. high packet loss on some hops. In some cases we were able to improve it by adjusting the routing. If you face the issue and it slows down your work, it should be addressed so I recommend to open the ticket to have it checked... Peter

Hello @DarrylRH, the research teams are still working on improving the detections for this threat, some of them are already in place. A script provided by Microsoft to scan Exchange messaging items is available at https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/ Peter

If the memory is freed i.e. it goes down after a while or after closing the applications, I assume it is fine. The ESET service needs to decrypt, scan the traffic and pass it to the applications, which might be resource intensive...

Hello @j-gray, an issue which caused that a particular folder was not excluded from scanning was fixed in the latest release. So I recommend to open a case to have the performance issues investigated properly. Peter

Hello, we would like troubleshoot it with you. At first please enable the Secure All Browsers option, perform further reboot (make sure it is a full reboot, not a shutdown and system start.) Please provide us with: 1. Process monitor log (with advanced output enabled) from the Edge browser start (with the Secure all browsers enabled) https://support.eset.com/en/kb6308-using-process-monitor-to-create-log-files 2. Output from ESET SYsInspector tool when the Edge is running 3. process dump from the main Edge process Once you have them, pack them into an archive, upload it to a safe location and send me the download details over a private message. Peter

can you please try to reboot the system to see if it resolves the issue? Peter

Hello @j-gray, sadly I do not have any specific info regarding it, for sure that is something worth checking. I recommend to start with getting a ESET PROTECT agent log with a debug verbosity to see what is being reported to the EI server... Peter

Hello @shicomm, sad to hear of such issues. To be able to assist you with it, we need to analyze the issue. Please collect following logs / data from a single session when you experience the slow-down. 1. HAR file from the session 2. Wireshark log 3. ESET Log Collector output from the computer 4. output from tracert -d msp.eset.com 5. If possible record a video too Once you have them, please open a ticket with your local ESET support and provide them with the logs to check and investigate, possibly with the ESET HQ support team. Peter

Hello @MartinPe, in the original post, the Detection names by ESET are listed https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ Peter

Hello, we detect malware regardless of the origin, but we have researchers in LATAM region as well, you can find interresting info about some of our researchers at https://www.welivesecurity.com/our-experts/ Peter

Hello, as of now we do not have any particular date set... Peter

Hello @NeilB, thank you for the feedback provided. The initial release comes with a features, which are essential for our users and we are aware of the demand for the additional features. When it comes to protection, key component is the Real-time file system protection so if a file is being executed, accessed or created it is scanned by the product to ensure the protection. A release with the Advanced preferences included is planned in upcoming weeks, it will improve the user experience for advanced users... Peter