eitanc

Thank you Marcos. It is a general request that fit also other products, but I will post in the correct NOD32 forum section. Well, the FW feature you mentioned is nice but not covering all the products' relevant sections. Yes, URL is much more dynamic and hard for software to check due to anti-bot defenses at the sites.

Hello, I wish to ask that you will add a feature that will be in the form of a UI button at windows of lists of files and/or folders (like in NOD32 config, of SSL application rules, but for any other similar lists as well, in other products as well) - that will purge from that ESET config list (best after showing the user the deletion candidate and let the user approve the action) - any files and/or folders that do no longer exist on the file system, that are actually stale. Also consider adding a sub-feature to it - to run this operation automatically every X hours/days/etc. Also consider doing the same for URLs (e.g. stale will mean any server response which is not 200 OK for 3 times within 7 days) This will make the config tidier, and also prevent malicious files from impersonating as these stale object by taking there place on the file system and therefore take the benefits (mostly exclusions) or blocks driven from the ESET product config. Thank you.

I see now that the "Event" log section does log basic data about sample submitions like: " 26/09/2022 18:12:42;ESET Kernel;File 'file.extension' was sent to ESET Virus Lab for analysis.;SYSTEM " This is of submission from the NOD32 quarantine, but as I noted - this is very basic info. I expect the app to let me know it was submitted by username X, and from the source of NOD32 quarantine.

Hello, I wish to ask for a feature request for the feature of "HIPS > Advanced Setup > Notify when changes occur in startup applications" - it is a very important feature, so I wish to enable it, but there are some legit apps that change their startup mode frequently , I noticed it for Windows 10 BITS, happening very often, hence it will be great to add an "Exclusion" sub-section to this feature, for customers to select apps/services that startup changes for them will not trigger this notifications, base on either process name, file path, hash, registry object, or a combination of those. Thank you.

Hello, I wish to ask to enhance the automatic sample submission in the following ways: 1. By having an option to set the submission mode that it will ask users before submitting a sample, with showing the full path to the file. Sometimes users wish to review and approved or block files that are sent out of their computer, like, for example, files that the user it contains a private encryption/decryption key but does not have a know and/or set file name extension that fits NOD32's configuration, or just personal files 2. Add to the logging system, possibly in the "Events" section - any sample submissions to ESET, either manually from within NOD32, from the file system shell or from the NOD32 quarantine. We have the right to know which files were sent out of our computer. Data should include the full path of the file, date and the time of submission, hash value of the file (I guess based on SHA256), if the submission was approved manually - then log also the name of the user who approved the submission, and the reason for submission

Hi, Please enhance the time zone account settings for my.eset.com in the following ways: 1. Add more specific time zone location options for each +/- hour, say for UTC+2 "Jerusalem" is missing 2. Suggest / auto-set - the correct time zone to set based on the country the user selected 3. Add support to auto set time by Daytime saving time (DST) changes. Such changes are usually published months ahead, so you should be able to easily incorporate them into the portal Thanks.

Hi, I have "ESET Mobile Security" 64 bit, version 6.2.21.0-0 on Samsung Galaxy S20 with Android 11. The Anti Theft portal tries to set a security password I set - onto the phone, showing "Setting new Security password on the device" for a long time but ends with an error text of "Security password could not be set on the device." - and this is while the phone is connected to the internet (I tried both via local Wi-Fi and using the cellular network, but it made no difference) and running the general test from the portal works fine (taking IP address, location and images and sending them to the portal). Clicking the "try again" after fail doesn't work. Rebooting the phone and trying again didn't help. On the phone ESET gui the "Anti theft" feature states if is fully optimized and there are no issues to fix. What can I do?

Thanks. Better add this issue to be part of your QA tests.

Thanks, what is the ETA for this version? As we are now at 6.1.13

Try to disable the Eset feature of "Call Filter". See my post - https://forum.eset.com/topic/26732-nasty-bug-on-eset-mobile-security-ringtone-is-actually-silent-if-call-filter-is-enabled/

Hi, When using "Eset Mobile Security", at least for version 6.1.13.0-0 (currently the latest) on Android 11, on Samsung S20 - if the feature of "Call Filter" is enabled - incoming calls will make no sound, as if the phone was set to "Silent", even if if all the other phone settings are set to make you hear a sound (a valid ringtone sound file was selected, the sound volume is high enough, "do not disturb" is disabled and so on). Disabling this feature make the ringtone heard again for incoming calls. You know how many hours I needed to burn to find this?! how many apps I needed to uninstall and re-install until I found it was YOUR product??!!!

Hi, Please add an option to enable/disable an exception - meaning we will be able to add it *once* to the list and then either enable or disable it per need. Today we need to add it or delete it, which is not convenient. This way it will be part of the config - just either active or not, ready for re-use if needed, when needed. Thanks.

Last time, https://forum.eset.com/topic/24728-release-13215-before-official-announcement/, I was told that the correct place for timely changelog data is not at this forum, but at the download page, https://www.eset.com/us/home/antivirus/download/. Well, now, at version 13.2.18.0, you can download it but there is no change log data for it. Not so professional.

Guys, really... So others are worse, so what? strive for better. It is not so hard to publish BEFORE, to coordinate it. You are used to low standards. Push for better.

Are you serious?! you tell me to which "correct" place I should go to find the changelog?! I just do a fast googling of "nod32 changelog" which brings me to this forum - which always has at the top any changelog for a new version. Why should you force me to go to the download page (when the app itself do the download...) to find the changelog at the time of distribution?? A simple text paragraph that Eset can post in a few minutes anywhere on any of its sites and even 1 day before the actual release?? what is the problem stating "In the near day we will release a new version of ... with these changes..."? Did you even thought about adding the changelog text or a link to it - to the binary announcement at the client software? Think what is best for the customer! This is SO unprofessional! What is wrong with you people? get your stuff together!

Positive. I got the upgrade push message toward the end of yesterday and applied it but didn't restart until today. see attached screenshots. You are not correlated internally, but customers see the outcome in their reality. please sync yourselves.

A day after is not shortly. It is not acceptable that a client will have an upgrade prompt at the software - but a changelog post will not be available. it is a very simple and fair practice. I think Eset can achieve this.

Hello, Yesterday NOD32 urged me to upgrade to 13.2.15, but there was no official mention of this new version here. Only a few hours ago you published here such an announcement post... This is a bad way of work - before I upgrade, I wish to know what is changed. Please, in the future - do not release the binaries to be updated at clients before you have a public matching post with details about the new version. Thank you.

Cool, so you should add this info to the mentioned KB article

Hi, I am in a situation where a PC with Internet Security installation is blocked in the home Wi-Fi network, due to "Arp Cache Poisoning" attack, probably because of endpoint moving between hot spots, so it is not a real attack. Looking for a solution I came across this solution of yours - https://support.eset.com/en/arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows, but it is too general. In today attack options, it is possible that another PC in the local network will be compromised, hence launch attacks against others in the same network, so disabling detection of attacks coming from others in the same LAN is too permissive. Please add an option to exclude IP/IPs/Subnet for specific attacks. This will give us a more granular control over what is excluded and leave more space to detect other attacks. Thanks.

OK, and if it fails - is this issue is logged somewhere I can find it?

Yep, only one instance of ekrn.exe is running.

Nope itman, this happens, surely and explicitly - every few hours. I opened a support case for this at Eset Israel and sent them my perfmon output files.

Thanks TomasP and Marcos. Well... this brings "heart attack" to the user... not nice. Don't do it this way. Really, find a way to do it "under the hood". Also, please add a public support KB for this behaviour, to let folks know what is happening here. Also, it will be nice to add a matching log record to the Eset app log for each such operation, so you will be able to show customers a (date-time) match between this feature's action to what the customer have seen on the GUI and found in the windows event log. Thanks!

I am running now procmon to capture only events where the process name is "ekrn.exe" and the path includes "firefox.exe". We'll see what we catch.