Aryeh Goretsky

Hello, Just to add to my colleague @Marcos's recommendation, you might want to consider backing up any important data from the laptop by making one or more copies of it, wiping the laptop, and loading an operating system that is still supported like Windows 10 or one of the various Linux distros out there. Here is a link to my blog post, "The Last Windows XP Security White Paper," which I wrote six years ago: https://www.welivesecurity.com/2018/03/27/last-windows-xp-security-white-paper/. It contains a link to a paper I wrote about securing Windows XP-based systems that comes out to about 49 pages when printed. Perhaps that will be of use to you. Regards, Aryeh Goretsky

Hello, ESET is a private business. It is not an agency of the Slovak Republic, or any other government for that matter. Since the unwarranted invasion of Ukraine and illegal annexation of Ukrainian territory by Russia, ESET has worked steadfastly to help its neighboring country, ranging from donating hundreds of thousands of euros to charities involved in relief efforts, to providing additional security software and services, which includes numerous investigations into and blocking of attacks on Ukraine's critical infrastructure. For more information on ESET's support of Ukraine, see the following: ESET Response Center - Ukrainian Crisis ESET WeLiveSecurity blog - #Ukraine tagged articles As you enjoy reading The Guardian, here is another, more recent article from their website you might find of interest: https://www.theguardian.com/world/2024/mar/30/slovakia-brain-drain-populist-leader-robert-fico. Please carefully read the entire article, especially the last sentence. Although my last name is Ukrainian, I am one of ESET's American employees. Like my Slovak colleagues, I have been working tirelessly to help Ukraine where I can, and I hope this answers your questions about ESET's commitment to Ukraine. Regards, Aryeh Goretsky

Hello, As my colleague @Marcos noted, enterprise versions of our software do have remote management capabilities. Could this be what you observed? Please share more information, such as the requested screenshots. Regards, Aryeh Goretsky

Hello, Just saw the mention. I will admit my PowerShell skills are pretty amateur, but since you are instantiating it from ESET PROTECT, I'm wondering if the "-command" argument is still needed. You might want to check with business support on this and see what they advise. Regards, Aryeh Goretsky

Hello, Did you post a message in ESET's forum by mistake? We make security software, not ERP software. Try visiting https://community.cdata.com/ for assistance with Snowflake, since that's the developer's support forum. Regards, Aryeh Goretsky

Hello, The holiday season is upon us, and 2024 is almost here. Before we step away from our desks to spend time with our friends and families, I wanted to wish every one of you a joyous holiday season and forthcoming new year. I think it is fair to say that in 2023, the world has faced some unparalleled computer security threats, and ESET has worked diligently to protect you from them. Whether you have used our software for decades, or are new to ESET, thank you for trusting us to protect you throughout 2023 and we look forward to providing you with the very best security into 2024 and beyond. Best wishes for the season, Aryeh Goretsky

Hello, Since the Lenovo forum thread specifies fully-qualified domain names, perhaps you could just add the following entries to your hosts file: 0.0.0.0 download.lenovo.com 0.0.0.0 filedownload.lenovo.com 0.0.0.0 cms.csw.lenovo.com 0.0.0.0 laapi.csw.lenovo.com 0.0.0.0 vantage.csw.lenovo.com I will point out this would block all access to these domains on the computer, not just for the Lenovo Commercial Vantage app. Regards, Aryeh Goretsky

Hello, By any chance do your own smartphones have a MAC address randomization feature turned on? Regards, Aryeh Goretsky

Hello, From looking at the image at https://www.eset.com/fileadmin/ESET/INT/Banners/Home/header1.jpg, it appears to be an artistic rendition of the layers of protection provided by the software. You would probably need to contact the marketing department for a more thorough answer, though. Regards, Aryeh Goretsky

Hello, I do not have any information about EOL dates to share (that sort of information can be found on the https://support-eol.eset.com/ web site), but I did want to share a resource with you. About five years ago I wrote a paper on how to securely maintain computers running Microsoft Windows XP after Microsoft had ended support for it. You can find the blog post about it here (the paper itself is linked to at the end of second paragraph). While the paper itself focuses on securing Windows XP, a lot of the advice, concepts, suggestions, and recommendations are applicable to other obsolete operating systems like Windows Vista, Windows 7, and so forth. It has been five years since Microsoft ended support for the latter, and hardware manufacturers have not been making compatible devices for a while, etc. I would presume at some point Microsoft's activation servers will go offline as well. The paper outlines some strategies about maintaining parts surpluses, rotating working hardware, maintaining proper network segmentation, all of which can help ensure that old computers remain running until they can be replaced by modern hardware and operating systems. As someone who personally loves playing with all sorts of vintage and retro computers and archaic operating systems, writing it was a way for me to help out other hobbyists with similar interests. Regards, Aryeh Goretsky

Hello, Please see https://forum.eset.com/topic/38251-sysrescue-do-not-update-their-database-anymore/#comment-173468 Regards, Aryeh Goretsky

Hello, See Regards, Aryeh Goretsky

Hello, Consumer versions of the ESET's software are offered to small businesses with low seat counts because it is unlikely a business with 1-10 PCs has a full-time IT staff to manage an ESET PROTECT server. For that matter, they may not even have an Active Directory/Entra domain and WSUS servers; the entire network may consist of just a workgroup of PCs running Home or Pro editions of Windows, with one PC or a NAS providing file and print services. In this type of small office/home office environment where there is no dedicated information technology (or information security) staff, the operating system updates are handled by Microsoft. Handing control of this over to Microsoft ensures those PCs are running supported versions of Windows with the latest security patches. In other words, security is managed in the same way as for home users. Larger organizations have full time staff to manage PCs, and also make decisions about which versions of Windows at what patch level, and when those machines will receive updates. The editions of Windows they run are for the enterprise, and the organization has a robust management infrastructure in place to support that. In other words, they are making very careful decisions about risk, and managing their security to mitigate risk based on those decisions. That's the environment for which ESET's endpoint programs are intended. From the program code perspective, there's nothing that technically prevents a consumer version of ESET's software from running in a business environment or a business version of ESET's software from running in a home environment. Now, there may be licensing requirements that differ, but that is because programs are intended for use in the appropriate market segment. Enterprise management features are not going to be roadmapped for added to consumer versions. Now that your comment in the Future Changes to NOD32 thread has been answered, and your reply here in this thread has been replied to, I am going to redirect you back to your own thread on the matter. Any further discussion of this matter in this thread will be removed. Regards, Aryeh Goretsky

Hello, As I believe my colleague Marcos noted, this is already available in the business versions of the software. If you need that functionality for your organization, I would suggest reaching out to your local ESET office, distributor, or VAR, and see if you can migrate from a home to a business version. Regards, Aryeh Goretsky

Hello, Just to add to my colleague @Marcos's reply, the detection technology that ESET provides to VirusTotal is not exactly the same as what is generally available to customers. While I am unable to go into specifics because they get into some confidential discussions as well as details of our proprietary technologies, I will point out that ESET has partnered with VirusTotal for many years, dating back to when our NOD32 engine was often more recognized than our company name of ESET. That probably has more to do with why VirusTotal's reports say "ESET NOD32" in them for our detections. That was many years ago, and since then ESET is a lot more well-known and has added many products to its portfolio, such as ESET Smart Security Premium, ESET Endpoint Security, ESET LiveGuard, ESET Inspector, ESET PROTECT, and so forth. I can definitely reach out to ESET's marketing and public relations people to see about the possibility of getting the name changed to something else for branding reasons. Regards, Aryeh Goretsky

Hello, Deleting the data in the partition table about the size and locations of the drives, and/or formatting those drives will remove anything that was stored in them. However… the master boot record (also known as a disk boot record, partition boot record, etc.) contains a few hundred bytes of program code before the partition table begins. That may or may not be cleared or overwritten when you delete all of the partitions on a drive. As such, I always recommend wiping the first sectors at beginning of a drive prior to installing an operating system in order to erase any code that might be present at the beginning of the drive. Here are some instructions on how to do this from a Windows installation USB /DVD/CD: How to wipe a drive using Windows installation media Formatting and even repartitioning a drive under Windows does not erase its MBR (Master Boot Record), which can be infected and replaced by bootkits. Here are instructions to erase a drive, step-by-step, so that it can be re-used. Create a new Windows Installation DVD/USB flash drive on a known-good system. Go to the problematic computer, power it up, and configure it to boot first from its DVD or USB in its BIOS/UEFI firmware and then turn it turn it off. If the computer has multiple drives inside of it, and you only wish to erase one of them, open the computer up and disconnect the power or data cables from the other drives (you do not need to disconnect both, although you can if you want to). Plug the USB flash drive into the computer and power up to have it boot directly from the USB flash drive (or insert the DVD and let the computer boot from it). Once the computer finishes booting, it should be at a Windows installation screen. Do not agree to any prompts, copyright licenses, or click on any buttons. Press the Shift + F10 keys together to open a Command Prompt. Run DISKPART to start DiskPart, the command-line disk partitioning utility. The command line prompt will change from a drive letter to DISKPART>. At the DISKPART> prompt, type LIST DISK to get the numbers of all drives in the system. Make a note of the number assigned to the infected drive. At the DISKPART> prompt, type SEL DISK n where n is the number of the infected drive--it is usually 0 or 1 but it could be something else. At the DISKPART> prompt, type CLEAN and this will erase the MBR code from the beginning of the drive. *WARNING:* After performing the clean operation, the drive now be blank/erased, and everything on it will be gone (all files, etc.). It may still be recoverable by specialist data recovery services, though. If you are planning on selling the drive and do not want the data to be recoverable, issue a CLEAN ALL command, instead. Note that you should ONLY DO THIS IF YOU DO NOT WANT TO BE ABLE TO RECOVER ANY DATA. If you are just reinstalling (regardless of whether you're dealing with malware) then just use CLEAN, if you are selling or donating the drive and do not want the data to be recoverable use CLEAN ALL. The drive is now clean. You can now exit the DiskPart program and continue with your Windows installation. Source: instructions I wrote for the r/24hoursupport wiki on Reddit at https://old.reddit.com/r/24hoursupport/wiki/index#wiki_how_to_wipe_a_drive_using_windows_installation_media Now admittedly, malware such as computer viruses and bootkits that infect an MBR are extraordinarily rare these days: Malware authors usually do not have to dig so deeply into a drive's internal structure to accomplish what they want. However, since this process takes less than a minute with practice it is an easy step to add to any reinstallation of the operating system. Regards, Aryeh Goretsky

Hello, Please share the log file entries. Open the ESET user interface and select Tools → Log files to view the detection entries. Then right-click on each one and select Copy from the context menu that pops up. You can then paste these into your reply to this message. Regards, Aryeh Goretsky

Hello, In addition to what my colleague @Marcos noted, you may also want to review ESET Knowledgebase Article # 2882, How to configure ESET Windows home products to automatically scan removable media devices. Regards, Aryeh Goretsky

Hello, I would not say your Windows password is irrelevant. If you are logging in to a domain-joined machine, or using your Microsoft account (email) to log in, than an attacker being able to obtain your password could lead to the account being compromised, theft of your data, theft from other accounts, and so forth. As far as MAC addresses go, they are pretty useless to an attacker in most scenarios as it is not going to give them any information they can use for user-centric attacks. It may be more useful for some kinds of network attack planning. In any case, MAC addresses are not usually available to other devices outside of your local network, so someone who is halfway around the world having it, or even just across town, is not going to be able to do too much with it. Regards, Aryeh Goretsky

Hello, I have just heard that it has been fixed. Regards, Aryeh Goretsky

Hello, ESET will notify Dr. Web, but it is going to be up to them to implement a fix in their detection logic. Regards, Aryeh Goretsky

Hello, Just saw this. Enabling the options there will cause those objects to be scan when they are accessed. So, it would not be a continuous scan, but rather when any attempt to access the Boot Sector or UEFI, or accessing a file that has been runtime-packed. Regards, Aryeh Goretsky

Hello, It is my understanding that this is a regional promotion offered by ESET's North American office for its Canadian and United States-based customers. There are some U.S.-based retailers that are participating, too: Micro Center and Newegg. ESET's various offices and distributors around the world perform promotions specific to their regions all the time for various holidays. You can always your local office or distributor when they perform theirs, or if they can match the promo from another region (this does not mean that they will automatically do this, just that it doesn't hurt to ask). Regards, Aryeh Goretsky

Hello, The only version of ESET SysRescue Live available for download in v1.2.22.0. Here are the direct download links for that version: ISO for burning to a CD/DVD: https://download.eset.com/com/eset/tools/recovery/rescue_cd/latest/eset_sysrescue_live_enu.iso IMG for writing to a USB flash drive: https://download.eset.com/com/eset/tools/recovery/rescue_cd/latest/eset_sysrescue_live_enu.img Either image can be written to the appropriate media using standard tools. Regards, Aryeh Goretsky

[Although my colleague @Marcos has locked the thread, I am unlocking to just add this reply because I didn't see the reply notifications. Then locking back up. ^AG] Hello, I just saw and read through the new posts since my last reply, and having read through everything at once I wanted to clarify something I observed. It seems the terms "scanning," "accessing," and "detecting threats" were being used by multiple forum members, all of whom are from different parts of the world and may all speak English a little differently from each other. From ESET's point of view, if you can access something , it can be scanned. If something can be scanned, then ESET's software will detect threats in it. Some people may view this as a chain of separate steps, but other people may view these terms as all meaning the same thing (access = scan = threat detection). I think it is because there was some confusion in how the English language was being used by different forum members that this thread seemed to be going in circles: Some people thought they were asking separate questions, other people thought they were asking the same question. So, in helping draw this to a close, I will note (as I did earlier) that ESET's software is able to access, scan and detect threats in Master Boot Records (both legacy MBR and GPT-partitioned), boot records ("classic" boot sectors like you see on floppies and modern Volume Boot Records), and firmware (both the classic BIOS and modern UEFI types). Regards, Aryeh Goretsky