tmuster2k

Would you recommend HIPS- Smart Mode to Home users with little technical knowledge?

Was there a previous AV on this computer? If so did you uninstall? If the previous AV was uninstalled make sure there are no left over filtering drivers on the NIC and no leftovers in windows\system32\drivers. BTW. Is the internet only came back after rebooting or does it come on immediately after disabling the firewall?

Hey Marcos. what are DNS TXT responses? Using a public DNS server a security concern for the customer?

The link below will show you how to edit the ip address for the ERA VA. hxxp://help.eset.com/era_deploy_va/62/en-US/manual_va_configuration.htm

Exactly what I needed, MartinK. Thanks again for your help.

Trying to run the ESET migration tool on a windows 2012 Server with ERA5 installed and get the message "The program cannot start because MSVCP100.dll is missing from your computer. Try re-installing the program to fix this problem". SFC /scannow now comes back clean and so does chkdsk on the filesystem. This system has never been compromised so I am not sure how this file could have been taken out. Thanks for any assistance, here.

Also have multiple customers with this same issue. All I can do ast this point is run a terminal command to kill the Web Proxy. Real time is their only protection. Hope this can be resolved soon. Does anyone know if previous builds will work or does this has to do with an updated module to Web Access Protection? I also saw this same issue come up a couple years back for the Home Version. Seems like once it gets resolved it comes back after an update.

----it sounds like you are in normal mode. Please try safe mode or even better is safe mode with command prompt. If the uninstaller still doesn't work just try removing all items manually.

Was that last response a rep for Kaspersky? Pretty lame. What you need to do is a full removal of ESET using the removal tool. go to: hxxp://support.eset.com/kb2289/?viewlocale=en_US for the steps. Make sure you click on the link for Windows 10 because you will need to uncheck the ESET driver from the NIC before running the tool. After running the tool and booting back to normal mode make sure these remnants still do not reside: 1. Go to registry editor. 2. HKEY_LOCAL_MACHINE>>Software>> ESET 3. HKEY_CURRENTY USER>>Software>> ESET 4. C:\program files >> ESET 5. C:\windows\system32\drivers>> look for : eamonm.sys, ehdrv.sys, epfw.sys, EpfwLWF.sys, epfwwfp.sys 6. Go to services and make sure that you have Base Filtering Engine present and started. If it does not exist then go to : hxxp://www.eset.com/int/download/utilities/detail/family/168/and run the tool to try and bring it back. If any of these items exist from above then delete. The removal tool in theory should remove remnants but I have seen multiple times where bits and parts are still left behind. After confirming all ESET remnants have been removed and Base Filtering Engine is present then install ESS again.

Interested about PF logging but I do not see it in 5.2 EES. I have Advanced Setup >> tools >> Diagnostics. Over to the right, I only see option for Dump type. (do not generate memory dump, minidump or complete memory dump. Was this option in a previous build?

You are likely running 32 bit OS. I don't believe they make this hotfix for 32 bit systems. You can go to : hxxp://support.eset.com/kb3668/ and follow the section in yellow starting with : f you are running ERA Server version 6.2.171.0 (Windows) or version 6.2.200.0 (Linux) and experiencing system freezing issues after the upgrade, follow the steps below for your system architecture: This should address the issue you are having. hxxp://support.eset.com/kb3668/

Hello Marcos. Earlier in this post Arkasi posted "Another prevention method is to encrypt your drives yourself, so any future encryption attempts will be failed. ESET offers this protection here: hxxp://www.eset.com/...liance/deslock/" I went over this with a malware specialist and he says this statement is not true and that even with DESLOCK , Cryptolocker can still encrypt your data. Can you confirm or deny this ? Yes, it can provided that the malware was run in the account of a user authorized to access the encrypted data. Thanks Marcos.

Hello Marcos. Earlier in this post Arkasi posted "Another prevention method is to encrypt your drives yourself, so any future encryption attempts will be failed. ESET offers this protection here: hxxp://www.eset.com/...liance/deslock/" I went over this with a malware specialist and he says this statement is not true and that even with DESLOCK , Cryptolocker can still encrypt your data. Can you confirm or deny this ?

I have heard of this happening in the US. If you really want to start fresh I would recommend: backing up your data and then doing low level format of your HDD. Reload the OS(do not restore an image) Do a full format and reload of the OS. Get a new email address. If you have been assigned a static ip from your provided , request a new one. If you have WI-FI at home, make sure you use WPA-2 and turn off SSID. MAC address filtering doesn't hurt either. If you have a smart phone, do a factory reset. When connecting from a public wi-fi hotspot use a VPN tunnel (you can fine these services online for minimal fee). I know this must suck. I wish the best for you. Best of luck

The upgrade over the top from 5 to 6 can cause issues as you are describing. I would download eset uninstall tool and run it in safe mode. After running the tool check hkey-local-machine-software-eset and same in hkey-current-user and delete eset in here as well. Del eset from program files if still in there. CCleaner will also clean many eset leftovers as well. Make sure ehdrv is not present in windows-system32-drivers. Push out from era console and u should be good to go.

So I assume this will coming in on a PCU update. Is it safe to say that a uninstall-reinstall will no be required to get the add-on to work?

Is there a way you can pull up every site that has been visited locally using ESET ENDPOINT SECURITY OR AV?

I have noticed very slow VSD download times and sometimes causing it to fail. If I go into the NIC properties and give it a public DNS like 8.8.8.8 the updates then go through much faster and updates completed. can someone provide an explanation of why changing DNS can improve on getting these updates to go through. This is not isolated to one ISP either.This has happened to multiple customers with different ISP's, wired and wireless, business and home environments.

What would be the best way to have computers who already have agents on them that was deployed from the windows server to connect to the OVA. Would I export and re-import the Agent CA authority? This system is also has different ip address and hostname so where would I modify that in the policy?

nobody has had to go through this process?

I have a customer who did have ERA6 installed on a windows server and now wants to move over to the OVA using VMWARE. What are the steps to migrate over the database over to the OVA so all the data will be intact when he launches the OVA? Is this even supported?

DISREGARD THIS POST. User is on Evaluation Copy of Windows 10 thus NO HIPS.

Customer recently upgrade to Windows 10 and after the upgrade HIPS was not working. Events show "Communication with driver failed. HIPS is inactive". I did a full uninstall including removal of all ESET remnants and disabled Malwarebytes Real time protection. BTW- All malwarebytes modules are enabled. SFC /scannow came about good. DId another install and same issue. I toggled HIPS OFF and ON and same issue. Pre-release updates did not resolve issue. Please advise of any further troubleshooting.

Is Interactive Mode a better option for troubleshooting this? If customer's system currently had Malware, Learning Mode would actually learn how to communicate with this threat and ESET would not detect? Like something deeper like a Root Kit, etc?

This sounds like the same issue myself and lionkng123 had in this topic: https://forum.eset.com/topic/5549-issues-with-eset-smart-security-8x-in-win-10/ I have mentioned some steps there on what to do after installation that worked for us, see if it helps you as well. Thanks for the info Planet. I went off your directions but using pre-release updates because it appears that some of the PR updates directly address BSOD issues as well. having customer stay with PR for a couple weeks and then switching back. You guys are awesome. Thanks again.