AlSky
-
Posts
130 -
Joined
-
Last visited
Posts posted by AlSky
-
-
6 minutes ago, Marcos said:
You don't need to be concerned. C.lencr.org domain is used by Let's Encrypt certification authority that provides certificate revocation lists.
Good evening. I have the same problem, but I didn't even open Firefox, I just started the computer, I opened Telegram desktop and... voilà! Two messages saying that process C :\Windows\System32\svchost.exe; and the user NT AUTHORITY\Network service were attempting to access hxxp://x2.c.lencr.org and had been blocked. I closed everything, restarted the computer, without opening any program a new warning that ESET had blocked the process C :\Windows\System32\svchost.exe; and user NT AUTHORITY\Network service attempt and the user from accessing http ://x2.c.lencr.org. I don't know whether to worry or not. Why is my computer trying to connect to that web site? Is infected by any malware? According to virustotal.com this web site is used to load StealC and Lumma Infostealers.
-
7 minutes ago, Marcos said:
Hard to say what happened on their server and if it was intentional or not but they had a loader there that loaded a JS from a site blacklisted also by some other vendors (we block only specific urls): https://www.virustotal.com/gui/url/f86c70c97124114df3e40736c366af117537cfbab490e81fe7e7c68ee08574ad
Good evening. I have the same problem, but I didn't even open Firefox, I just started the computer, I opened Telegram desktop and... voilà! Two messages saying that process C :\Windows\System32\svchost.exe; and the user NT AUTHORITY\Network service were attempting to access hxxp://x2.c.lencr.org and had been blocked. I closed everything, restarted the computer, without opening any program a new warning that ESET had blocked the process C :\Windows\System32\svchost.exe; and user NT AUTHORITY\Network service attempt and the user from accessing http ://x2.c.lencr.org. I don't know whether to worry or not. Why is my computer trying to connect to that web site? Is infected by any malware? According to virustotal.com this web site is used to load StealC and Lumma Infostealers.
-
I have exactly the same problem since this night. I hope someone of the staff may explain this because I'm concerned about it.
-
5 hours ago, Marcos said:
Hard to say, probably smart optimization, the number of CPU cores and the type of scanned files has an effect on that.
Does it happen if you disable also archives and SFX archives?
Hi, Marcos. Thank you so much for answering.
What are the archives and SFX archives? English isn't my mother language. Can you post a screenshot of which I must disable in the scan to do the it?
Thanks.
-
9 hours ago, Marcos said:
1, Regarding scanning of the files in the root of the C drive while scanning the c:\users folder, I assume this is due to multi-thread scanning introduced in v17.1.
2, As an administrator, many more objects are scanned compared to a scan under a normal user.
3, "when the number of files it says are scanned just stops, although you can see that it is still scanning files. "
This is a normal behavior when scanning objects like the registry, WMI or larger archives.Adding information, I couldn't edit the previous message.
Thank you so much for answering, Marcos.
Two questions.
Why in the result of smart scan do the files hiberfil.sys, pagefile.sys and swapfile.sys continue to be showed at the end, but in the result of deep scan are shown in the middle of it?
Why do ESET spend almost three more hours scanning files even if it does not show an increase in the number of scanned files? As you can see in screenshots 5 and 6. 40 minutes and the number of files scanned was the same. So three hours like that, apparently analyzing something without showing an increase in the number of files analyzed. It's never happened to me before something like this. It could stop a few minutes (three, four minutes), but never three hours in which it apparently is scanning something but shows no increase in scanned files. This happens too if I disable the Home Sectors/UEFI and WMI Database sectors so they can't be scanned.
Thanks a lot. Best regards.
-
Hello to you all. I am writing here on the occasion of new problems with the on demand deep scan. Updated the ESET product to version 17.1.9.0 and then to version 17.1.11.0, the deep scan mode shows the hiberfil.sys, pagefile.sys and swapfile.sys sectors in the middle of the analysis result (see screenshot 1), when previously it was normal to show them at the end (see screenshot 2). In Smart Mode Analysis keeps displaying them at the end (see screenshot 3).
Since last fall there was also a problem with in-depth analysis affecting the Home Sectors/UEFI and WMI Database sectors, I proceeded to delete Cache enable and Pre-Release Update to force update again from there. I did a deep scan as an administrator excluding those sectors. I watched several things. First, the ESET product has scanned more than three million files, when in normal mode (not as an administrator) it usually does not exceed one million. I expected some difference, but not so bulky. And let’s remember that has not also analyzed the Start Sectors/UEFI and WMI Database.
Second, the analysis shows, once again, that hiberfil.sys, pagefile.sys and swapfile.sys keep appearing in the middle of the analysis result, while it seems to start again to scan. You can also see in the capture the number of objects analyzed, more than three million, almost triple the usual under normal scan (not as administrator) and is not finished (Screenshot 4).
There comes a time (more or less around 30 minutes after the start of the scan) when the number of files it says are scanned just stops, although you can see that it is still scanning files. At 20:06, 3,026,327 files analyzed (screenshot 5). At 20:46, 3,026,327 files analyzed (screenshot 6). That is, the same number as before, but you can see that the name of the file it’s scanning in each screenshot is different, that still runs as if you was actually scanning files. And it seems that it’s doing so because in Open Scan Window you see that some files are still being added to the scan list, files that cannot be opened [4] because they are in use. I mean, analyzing, it looks like it's analyzing. If the ESET product is repeating the scan of one or more sectors or if it is doing it now messy or both, I do not know. Only at the end of the scan, more than three hours after, shows the total number of files scanned: 3,172,570 (screenshot 7). It took three hours to scan from 3,026,327 to 3,172,570 files. I did the same enabling scan of Start Sectors/UEFI and WMI Database and it’s the same.
Is there a problem with deep scan again?
-
It seems the problem is finally solved.
-
On 11/21/2023 at 3:53 PM, Marcos said:
Cleaner 1245 is currently on the pre-release update channel. We'll continue with the release once the Antivirus and antispyware module 1605.2 with a workaround for the issue has been received by all users.
Hi, Marcos. I regret to report that after having automatically updated my ESET product to version 1245 of the disinfection module today, the problem with the depth-scan seems to have disappeared, but a new problem appears with the smart scan: it lasts now the same as the depth-scan (about three hours) and analyzes basically the same number of files (more than a million). I know because after testing if the problem had been fixed with the depth-scan I also performed a smart analysis. Before, the smart scan lasted just over fifty minutes and analyzed about half a million files. It is as if when selecting the smart scan the ESET product performs a depth-scan instead of the requested. And yes, I'm sure that first selected a depth-scan and after it a smart scan.
Best regards.
-
On 11/24/2023 at 7:58 PM, peteyt said:
I believe this is available if you enable pre release updates for now
Thanks, I got it finally.
-
7 hours ago, simplicissimus said:
You are right.
Thanks for the clarification and let's hope the issue will be fixed soon.
-
5 hours ago, simplicissimus said:
My mistake ... sorry ... I meant to say:
Much more important than the release of version 17 is that the problem with the deep scan will finally be solved after more than a month!
... I was probably already asleep when I wrote that the issue has been solved.
Ah, so you talk in future, you mean it will be fixed, but it hasn't been solved yet, right?
-
3 minutes ago, Marcos said:
Cleaner 1245 is currently on the pre-release update channel. We'll continue with the release once the Antivirus and antispyware module 1605.2 with a workaround for the issue has been received by all users.
Thanks. So it means that the users that we still have the version 1244 we need the version 1245 to the depth-scan problem gets fixed, right? The user who says in this thread that the problem is fixed must have installed version 1245 from the pre-release channel. Right?
Best regards.
-
On 11/20/2023 at 3:43 PM, Marcos said:
Automatic update to v17 on the regular update channel should be resumed in 1-2 days.
Thank you very much. Is it true that the problem with depth scan is solved? But the the version of the module of disinfection is yet the 1244, not updated to 1245.
Best regards.
-
21 hours ago, simplicissimus said:
Much more important than the release of version 17 is that the problem with the deep scan has finally been solved after more than a month!
Has it been fixed? I still have the version 1244 of the module of disinfection. Was not it necessary to hope that they should release the version 1245?
-
On 11/19/2023 at 9:56 AM, Marcos said:
We'll need to release the Antivirus and antispyware module 1605.2 to all users first (most likely within a week) and then we'll continue with the release of the Cleaner module 1245.
Thank you, Marcos. The version 17 of ESET product isn't released openly yet in my area (Spain). Will it take much more time?
Thanks in advance.
-
2 hours ago, Marcos said:
V17 has been released worldwide, however, automatic update is currently available only for those who update from the pre-release update channel, however, you can also upgrade to it using the installer from the website.
The issue you are referring to was caused by the fact that upgrade was initially allowed only on systems without Azure Code Signing support. This was fixed and if you attempted to update from the pre-release update channel now, older versions on non-ACS enabled systems would not upgrade to v17.
While we're still working on resolving an issue with a subscription validation notification in gui that affects some users who have upgraded, it can be fixed by deactivating the product from ESET HOME and re-activating it. Once this has been fixed on the backend, we'll enable staggered product updates to v17 again.
Hello and thank you for the answer.Do you know when the automatic update will be available?
Best regards.
-
14 hours ago, Marcos said:
It's possible. Please switch to the pre-release update channel in the advanced update setup and see if the issue is gone.
Hello and thank you for answering. I do not find in my ESET product the option to download pre-released products. In Spain, version 17 has not yet been released, I still have the 16. Anyway, there seems to be some problems after the installation of version 17, right? For example:
And I have seen in the forum some stuff with Firefox.
Best regards.
-
Hello. In the last three weeks I have suffered sporadically something similar, only happens in the Firefox browser, not in Microsoft Office in any of its programs (neither Word, nor Outlook, nor Excel, nor PowwrPoint...) nor any program in which you can write in. I thought my keyboard was failing, although it would be weird if only failed in Firefox, but seeing this already raises my doubts as to whether I have the same problem. Is it possible?
Best regards.
-
8 hours ago, Marcos said:
We are anticipating an update of the Antivirus and antispyware module before we start releasing the Cleaner module 1245.
Hello and thanks. Is this update the version 17 of the ESET product?
Thanks.
-
19 hours ago, peteyt said:
Updates often get rolled out in batches. This avoids people all downloading something and then an undiscovered bug appears.
You can also change your settings to allow pre release updates to get these early. Eset prefers users to enable this option as often fixes to issues are included so they need more users on it to confirm if the fixes work, any more issues etc.
Hello. Does anyone know if the 1245 version has been released yet? According to ESET Spain technical support, its development was suffering from some problems (and I don't want to install something that could be problematic), but it was supposed to be released already and does not appear to me as available. That is why I would like to know if it has already been officially released for all users or I should worry that maybe there is some other problem with my ESET product that prevents the update of the module.
Thanks.
-
9 hours ago, Marcos said:
Cleaner module 1245 is already available on the pre-release update channel.
Hello and thank you for the answer.
ESET Spain technical support has told me that the update will be released for all users in open way tomorrow or the next Thursday. Is it true?
Best regards.
-
15 hours ago, itman said:
Not so according to Eset publication;
Hello and thanks. Is expected the disinfection module 1245, that should fix the problems with the depth-scan, to be released soon? It will be automatic or it will be necessary to do some settings in the ESET product?
Thanks in advance.
-
4 hours ago, Marcos said:
You can now switch to the pre-release update channel in the advanced update setup and see if the new Cleaner module resolved the issue.
Hello, Marcos. Do you mean the version 17 of the ESET product? According to the Spanish tech support (I wrote them last Friday about this issue thinking my ESET product was corrupted and only the weekend I wrote in this forum) they confirm there is a problem with the disinfection module 1244 but they say the version 17 will be released only in 2024.
Thank you in advance.
-
2 hours ago, Marcos said:
This issue will be fixed via an automatic module update within 1-2 weeks. As a workaround, please unselect the registry in scan target selection.
Thank you so much for answering. Apparently most users who have had problems were after installing version 16.2.15.0. However, I installed it and was able to scan depth without problems on October 3. The problem came up when I tried a new scan this month.
I'm waiting for the update to fix this. When it appears, please let us know so we can check if the problem is fixed.
Thank you in advance.
False Positive?
in Malware Finding and Cleaning
Posted
Interesting what happened to me. I tried to edit my previous post so that the url was not visible as a link and, accidentally, I clicked on it. ESET didn't detect anything, but Firefox did, blocked the attempt to download a file from that link and gave me two options, complete the download or delete the file without ending the download (in the folder "My downloads" a 0-bit file had appeared). How is that possible? Did it really download something to my computer from that link?