MarcFL

Essential Home says it provides Anti-Phishing. But isn't that already included in NOD32? Thanks.

Thanks for the report. We're not in a position to restart our server yet. But I think we'll wait for Eset guidance as right now it's protected. I just noticed this red box update above: "To fix the issue, please reboot the server. Do not click Dismiss as it will merely hide the warning. If you want to make sure that everything works, you should be able to open the advanced setup with advanced settings. If the window is blank, reboot the machine. You can also make an additional detection test by downloading the Eicar test file from https://secure.eicar.org/eicar.com We continue to analyze the issue in the mean time. While updates are suspended, ESET will continue to download the so-called pico updates that are issued every few minutes. Also ESET LiveGrid and ESET LiveGuard will continue to protect your machine." We have not rebooted and advanced settings is not blank and Eset blocks Eicar...

Thanks Russell_t. How did you know that after a reboot the system wasn't protected?

This is on Server 2012 R2 with ESU. I clicked "Dismiss" on the error and the dashboard shows green. I then tested Eset by using this page and it blocked the Eicar test files : https://www.eicar.org/download-anti-malware-testfile/

RE: ESET Server Security for Microsoft Windows Server Immediately after the last automatic module / definition update that occurred a few minutes ago, this error occurred: 11/13/2023 15:49:28 PM - During execution of Kernel on the computer SERVER, the following event occurred: An error occurred during loading scanner modules. Malware protection will not work correctly.

Still happening this morning in Florida. Thanks. Name resolution for the name epns.eset.com timed out after none of the configured DNS servers responded. Ping: Ping request could not find host epns.eset.com Is It Down Checker: Down https://www.isitdownrightnow.com/epns.eset.com..html

Update: Please continue with the discussion in the existing topic on this subject:

epns.eset.com is offline Name resolution for the name epns.eset.com timed out after none of the configured DNS servers responded. Ping: Ping request could not find host epns.eset.com Is It Down Checker: Down https://www.isitdownrightnow.com/epns.eset.com..html

epns.eset.com is offline Name resolution for the name epns.eset.com timed out after none of the configured DNS servers responded. Ping: Ping request could not find host epns.eset.com Is It Down Checker: Down https://www.isitdownrightnow.com/epns.eset.com..html

I also sent foxnews a link to this forum. It appears that one of their advertises is misbehaving.

Thanks itman. I reported this to Foxnnews.com and eset support.

Visiting Foxnews.com is generating this alert: 1/6/2023 21:15:54 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2F&settings=true&recs=true&widgetJSId=AR_31&key=NANOWDGT01&version=201033&apv=false&sig=oi4385zg&format=html&rand=54536&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|0|1&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&srcUrl=https%3A%2F%2Fmoxie.foxnews.com%2Fgoogle-publisher%2Flatest.xml&scrW=2064&scrH=864&t=NjViYTAyNzNjNDE5YzUxMTljMWYwOGVmZjRjNDVhNmY=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=1373&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.foxnews.com%2F&chs=1 contains JS/Voluum.A potentially unwanted application. 1/6/2023 21:17:41 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP: %DETECTEDOBJECT% contains JS/Voluum.A potentially unwanted application. 1/6/2023 21:19:23 PM - Module %SCANNER% - Threat Alert triggered on computer RAY-WKSTATION-HP: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&settings=true&recs=true&widgetJSId=AR_32&key=NANOWDGT01&version=201033&apv=false&sig=whm1sfWm&format=html&rand=49678&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|207677|3&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&scrW=2064&scrH=864&t=NTljZjI3NThmYjQ1OTI1YTg4M2U0NjAyMWE1OWU5ZmM=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=10&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=404&darkMode=false&activeTab=false&ref=https%3A%2F%2Fwww.foxnews.com%2F&ogn=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&chs=1 contains JS/Voluum.A potentially unwanted application.

Question for Eset: Why THIS month of Win updates? Something must be different.

You can try starting the Eset service in Windows services and if not, rebooting the server which helped a user on Reddit. See: https://www.reddit.com/r/sysadmin/comments/zkmwww/patch_tuesday_megathread_20221213/j06ofmq/

Yes, it's prevalent - see Reddit below: ESET Server Security for Microsoft Windows Server does not start with after December Windows Updates released yesterday (12-13-22)

Thanks Marcos.

Hi, Why is this in startup and what does it do? I could not find any information in Eset documentation or in the forum. Thank You! ESET command line interface ecmds.exe

In the meantime, I'm blocking this URL with wildcards and hopefully it will be enough to stop the Roboform: *driverguide.com*

Correction - What I want to block without blocking the entire google.com domain or the gstatic.com domain owned by google. Note: Replace hxxp with http in several places in the URLs since this forum keeps changing it even with the code box. hxxp://www.google.com/s2/favicons?domain=hxxp://members.driverguide.com/ums/index.php which is forwarded to this URL: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=hxxp://members.driverguide.com/ums/index.php&size=16

Thanks itman. I might as well add the URLs to the Block list. Unfortunately, NOD32 is unable to block these types of URLs. I've tried and it doesn't work (Advanced Setup, Web Access Protection, URL Address Management, Address List, List of Blocked Addresses). If you can find a way, let me know Please 🙂 What I want to block without blocking the entire google.com domain or the gstatic.com domain owned by google. hxxp://www.google.com/s2/favicons?domain=hxxp://members.driverguide.com which is forwarded to this URL: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=hxxp://members.driverguide.com&size=16

I'm at a loss to find out why Roboform is doing this. I have carefully searched Roboform and can't find anything. I've looked for driverguide and favicons and didn't find anything. It's probably a bug. Allowing these URLs in NOD32 did NOT work: https://members.driverguide.com hxxp://members.driverguide.com https://www.driverguide.com hxxp://www.driverguide.com I am now trying: hxxp://www.google.com/s2/favicons?domain=hxxp://members.driverguide.com https://www.google.com/s2/favicons?domain=hxxp://members.driverguide.com

Thanks. So Allowed is the safer choice and should resolve my issue with the PUA URL warning.

Thanks Marcos. I don't understand the difference between these two: Address list type •Excluded from checking – No checking for malicious code will be performed for any address added to this list. •Allowed – If the Allow access only to HTTP addresses in the list of allowed addresses option is enabled and the list of blocked addresses contain * (match everything), user will be allowed to access addresses specified in this list only. The addresses in this list are allowed even if they also match by the list of blocked addresses. Also, I can't find this setting mentioned above: "Allow access only to HTTP addresses"

Everyday NOD32 is annoying me with this popup block and it's logged in filtered websites. This happens when I open Firefox the first time for the day. It only happens once a day. I checked Roboform and I have no link or saved credentials for hxxp://members.driverguide.com I used to, but it was deleted a long time ago. Before I configure an exception for this hash, I was wondering if anyone knows why this is happening. Thank You! Time;URL;Status;Detection;Application;User;IP address;Hash 4/15/2022 10:37:36 AM hxxp://www.google.com/s2/favicons?domain=hxxp://members.driverguide.com Blocked;PUA blacklist C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe; 142.250.64.132 D8C5ADCB1E302C1917DED2E3E058989FDE052CF8

Thanks itman. Didn't know the acronym B&PP (had to look it up). "Banking & Payment Protection" - which doesn't exist in NOD32.