Aryeh Goretsky

ESET Moderators
  • Content count

  • Joined

  • Last visited

  • Days Won


Aryeh Goretsky last won the day on January 4

Aryeh Goretsky had the most liked content!

About Aryeh Goretsky

  • Rank

Contact Methods

  • Website URL

Profile Information

  • Gender

Recent Profile Visitors

994 profile views
  1. Hello, From the ESET NOD32 Antivirus Product Overview paper: Script-Based Attack Protection Detects attacks by malicious scripts that try to exploit Windows PowerShell Also detects malicious JavaScripts that can attack via your browser. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer and Microsoft Edge browsers are all supported Source: [PDF] This also applies to ESET Internet Security, ESET Smart Security and ESET Smart Security Premium v10. Regards, Aryeh Goretsky
  2. Hello, This is very odd. You should be getting a notice when it expires, but certainly not one per second. Can you please check to make sure the time and date are set correctly on your computer? Regards, Aryeh Goretsky
  3. Hello, Very odd. I just tested on a Lenovo ThinkPad X140e (subnote with AMD CPU/GPU and AMD HD Audio) which was reporting the exact same message and updating the driver solved it. Do you have any updates which are pending, not just for Windows 10 or device drivers, but third-party software? If so, perhaps they are acting as a blocker to preventing the updated device driver from finalizing the installation. Try rebooting the computer and see if you still get a report of an available Windows Update from your ESET software. Regards, Aryeh Goretsky
  4. Hello, I don't have an AMD system from me, but if it's anything like the laptop I'm on right now, try the following: Run Device Manager (filename: DEVMMGT.MSC). Double-click on Sound, video and game controllers entry to expand it. Right-click on the entry for AMD High Definition Audio Device and select Update driver software… from the context menu which pops up. Doing so should install the latest AMD HD Audio driver from the Windows Update Catalog onto your computer. If there's no entry for the AMD HD Audio device in the Sound, video and game controllers section, try checking the Audio inputs and outputs section, or any other multimedia-related section in the Device Manager. Regards, Aryeh Goretsky
  5. Hello, We do not have anything in beta test at the moment, as we just shipped V10 of our home user programs, and V6.5 of the programs for businesses. Public beta test cycles for new programs will start up later in the year. For more information, including a signup form, visit Regards, Aryeh Goretsky
  6. Hello, ESET's name for this threat actor is Sednit, and has released extensive reports on their activities over the past three years or so. Here are some of the articles: Sednit: A very digested read [2016-11-11] En Route with Sednit: Full Whitepaper [2016-10-27] En route with Sednit - Part 2: Observing the Comings and Goings [2016-10-25] Lifting the lid on Sednit: A closer look at the software it uses [2016-10-25] New ESET research paper puts Sednit under the microscope [2016-10-20] Sednit APT Group Meets Hacking Team [2015-07-10] Sednit Espionage Group Attacking Air-Gapped Networks [2014-11-11] Sednit espionage group now using custom exploit kit [2014-10-08] Back in BlackEnergy*: 2014 Targeted Attacks in Ukraine and Poland [2014-09-22] Miniduke still duking it out [2014-05-20] And here is a very partial listing from ESET's threat encyclopedia entries: Win32/SandaEva Win32/Sednit Win32/USBStealer Win32/Exploit.CVE-2014-1761 And here are some direct links to white papers mentioned in the above: En Route with Sednit - Part 1: Approaching the target [PDF] En Route with Sednit - Part 2: Observing the Comings and Goings [PDF] En Route with Sednit - Part 3: A Mysterious Downloader [PDF] En Route with Sednit: Full Whitepaper [PDF] (combines the three preceding reports into one ~140 page report) And here are some related links with additional IoCs and related research from ESET's GitHub account: ESET | Malware-IoC | Sednit Indicators of Compromise ESET | Malware-Research | Miniduke It would appear that some of the information in the GRIZZLY STEPPE report may have been borrowed from ESET's research, although it is hard to say since no security companies were mentioned in it. As a reminder, ESET identifies this threat actor as the Sednit group. ESET makes no claim as to their affiliation (or lack thereof) with any government, as attribution is a matter for governments and outside the scope of ESET's mission. Regards, Aryeh Goretsky
  7. Hello, If you can give ESET's office a call at +1 (866) 343-3738 during business hours, a customer service rep should be able to give you information on the license's history. Regards, Aryeh Goretsky
  8. Hello, You can use the form at to retrieve your license key. Regards, Aryeh Goretsky
  9. Hello, This can occur if you run third-party programs which offer to clean up the system, optimize it, remove un-needed files, etc. As it turns out, they can break things by removing files your system needs, like uninstaller for the older version of ESET Smart Security that was on your system. You can run the ESET Uninstall Tool to manually remove the old version of ESET Smart Security. When it is finished, go ahead and reboot and install the current version. The tool and instructions can be downloaded from Regards, Aryeh Goretsky
  10. Hello, This sounds like it might be a USB autorun worm of some kind that is modifying HTML and JS files on your system in order to include a link to a network-based copy of itself. If your copy of ESET's software didn't detect it, you may wish to send some copy of the infected file, as well as a few modified files to the virus per the instructions in ESET Knowledgebase Article #141, "How to submit a virus, website or potential false positive sample to ESET's lab." Regards, Aryeh Goretsky
  11. Hello, This occurs when notification level for Windows Updates in your copy of ESET NOD32 Antivirus is set to Optional Updates, correct? Various hardware manufacturers (motherboard, network card/PHY, modem, sound card, video card, etc.) have been submitting updated versions of their device drivers to Microsoft’s Update Catalog as soon as they complete WHCK testing and get their WHQL certification. This is something Microsoft has been requesting those manufacturers do for a while, because it ensures that computers will always get the latest device drivers available when they do their checks for Windows updates. Basically, it’s similar to what Microsoft’s doing with Windows 10, where it wants all computers to have the latest Windows version installed. In this case, though, it's not just patches and updates from Microsoft, but device drivers from third-parties as well. Some manufacturers, like Intel, update their drivers more frequently in the Microsoft Update Catalog than they do for the device drivers they release to the public for download from their support web sites. Of course, there are manufacturers who do the opposite as well, releasing device drivers to the public as they become available but only uploading them to Windows Update Catalog once a year (or maybe even just once at all), like Creative Labs. Both approaches have their pro's and cons, but it can get a little messy sometimes if version checks don't work well, or if a new device driver gets installed which only has partial support for older hardware. Anyways, ESET's check for missing updates does a system call that pulls data about the update status from the Windows Update Catalog, which is why these are showing up in the ESET user interface. The problem with doing this via a system call, though, is that while that device drivers are published to the Windows Update Catalog, they won’t always show up as packages published or released for download via Windows Update (the program you run under Windows). They can still get installed, but you have to do so manually through the Device Manager, which does get its driver updates though the catalog. Here’s how to do that, step-by-step: Open Device Manager (filename: DEVMGMT.MSC). Select View | Show Hidden Devices from the menu bar at the top. Navigate through each tree of items until you find the respective listings for each device. The Intel Watchdog Timer will be under System Devices as "Motherboard resources" and the Samsung hardware may be under Network Adapters or Universal Serial Bus Controllers. When you come to one of the devices, right-click on it, and select Update Driver Software from the context menu which pops up. This will cause Device Manager to request the updated drivers directly from the Windows Catalog of drivers, bypassing the Windows Update universal app. When all is finished and down, you'll have the latest drivers installed. In some cases, a reboot may be required to allow the newer driver to load. By the way, unlike previous versions of Windows, where you could launch Windows Update by creating a shortcut to run WUAPP.EXE, Windows 10 no longer includes that program since it's now a part of the Preferences universal app. You can create a shortcut to launch Windows Update, though, by creating a shortcut with a target of ms-settings:windowsupdate (which, for some reason, is case-sensitive) or if that doesn't work, by using a target of CONTROL.EXE /name Microsoft.WindowsUpdate (which is not case-sensitive, as far as I can tell). Regards, Aryeh Goretsky
  12. Hello, As part of our ongoing desire to provide you with the best and most secure experience possible, on December 15, 2016, the ESET Security Forum will be upgrading to a new version of its forum software. This change will largely be transparent for most users, and should have no impact on your ability to log in, search for answers, or ask questions. A couple of changes, however, may affect some users: Usernames will no longer be shown on messages. Only the Display Name will appear. BBCode is being deprecated in favor of new HTML-based WYSIWYG editor. The Friends system is being dropped due to lack of usage. There may be some other small changes in the forum's look and feel, but these will largely be cosmetic in nature. We will be updating the forum's online help to match these new experiences. If you have any questions, please feel free to ask them, below. Regards, Aryeh Goretsky
  13. Hello, There are plans to release a new version of ESET SysRescue, however, I don't have a timeframe for when it will be available yet. Regards, Aryeh Goretsky
  14. Hello, Can you send me a private message with your username (portion of license that begins with EAV-##########), sales order number (if purchased online) or email address used when registering the software? Regards, Aryeh Goretsky
  15. Hello, The errors on the hibernation file and virtual memory paging file occur because those files are held open exclusively by the operating system kernel and cannot be accessed. The errors on the MBR likely occurred because a card reader was plugged in somewhere (could even be part of a USB printer or scanner) and its card slots were enumerated by the operating system and assigned drive letters. However, without having any kind of media plugged into them, attempting to scan them triggers a "MBR cannot be read" error, which is what is expressed in the scanning log for them. Regards, Aryeh Goretsky