Aryeh Goretsky

Just some photos I found on the internet that can bring some good moments and make your white hair shine brighter.



 
Hmmm , I used to love that GUI ! , so simple and basic but powerful.

It's a genuine email that you would receive for instance if your license was registered to a seller's email address and another user with the ESET license registered to the same email address was attempting to add it to the license manager. Please provide the public ID of your license so that I can check it out.

Hello,

I am the author of the Orbital Decay: the dark side of a popular file downloading tool article on ESET's WeLiveSecurity blog.

Given the nature of the what was reported, I would caution against using any version of the software.

Regards,

Aryeh Goretsky

The detection is actually correct. It was already reported here in the past and obviously an administrator of the website still hasn't removed the references to defpush.com which is why the detection is triggered.

When installing ESET on Windows 7, SP1 must be installed as well as Windows Updates KB4474419 and KB4490628 that add SHA256 code signing support.
As for LiveGrid, please provide a screen shot of the pop-up prompting you to enable LiveGrid since we do not display anything like that if you choose not to use the LiveGrid Feedback system during installation. LiveGrid actually consists of 2 parts: LiveGrid Reputation system (should be always enabled) and LiveGrid Feedback system for submitting already detected and highly suspicious files (optional).
The LiveGrid Reputation system is passive. It is essential for keeping protection up to date against emerging threats. This system doesn't submit anything and only queries LiveGrid to get essential information about hashes of files and to receive a list of malicious objects that is generated continually as ESET processes new malware throughout the day. Disabling LiveGrid Reputation system has also also adverse effect on performance, detection (the gap between updates is not eliminated) and cleaning. When disabled, ESET will not be able to skip whitelisted and trusted files that you have on the disk and will continue to scan them. When it comes to detection, ESET may not be able to recognize new malware because of missing LiveGrid blacklists. When cleaning, ESET may not be able to kill and clean malware because of missing LiveGrid information about files.
The ESET Feedback system is active and it's purpose is to submit already detected and highly suspicious files to ESET. The more people use it, the more new malware the product can detect and clean and the smaller probability of encountering a false positive.

It's possible to use Yara rules within ESET Threat Intelligence but that's a separate paid service that provides advanced users with insight into our intel and it's not related to user's network in any way, it's global.

Tonight (CET) we are going to publish links to fixes for Endpoint v5. A bit later we plan to release also a fix that will be smaller in size and will download the appropriate installed of the latest v5 Endpoint instead of having it bundled.

Please refer to https://forum.eset.com/announcement/5-endpoint-50-65-and-eset-server-products-65-non-functional-as-of-feb-8-antivirus-and-antiphising-is-non-functional-reported/ and the KB article https://support.eset.com/en/alert7396-legacy-products-startup-issue.
This was caused by a bug in old versions of our products, namely Endpoint 5.0.2248+ (except the very latest version 5.0.2271) and versions 6.5.
There is already a fix for Endpoint v5, please refer to https://support.eset.com/en/alert7396-legacy-products-startup-issue and the section How to download the fixing tool for v5.
Please elaborate more on "The 'Personal Firewall' is work only in 'Eset Smart Security V5'.  V6 and V7 not working properly." The firewall works properly both in v6 and v7. What works differently for you in v5?
Endpoint v5 is going to reach end of life by the end of this year which means that even engine updates will not be guaranteed afterwards. We strongly recommend to upgrade to Endpoint 7.2 to those who can upgrade as soon as possible. Also please keep in mind that Endpoint v5 is not effective enough to protect you from current emerging threats while v7.2 provides a bunch of new protection features to keep you safe. Last but not least, neither Endpoint 6.6 nor 7.0, 7.1 and 7.2 were affected by this issue.

Thank you. The address is categorized as malicious by Web Control. We have reported miscategorization to the provider of the url categorization database. In the mean time, creating a Web Control permissive rule and moving it on top of other Web Control rules should do the trick:

Please provide ELC logs from such machine. Neither the hostname nor IP address appears to be blocked.

uTorrent PUA detection is not new, the first variant was added in July 2018. Is there any problem the PUA from detection and possibly also add utorrent.exe to performance exclusions?
Potentially unwanted applications are not malware. The detection is optional and particular PUAs can be excluded from detection if the user thinks that benefits of using the PUA outweigh possible risks.

A new revamped Outlook plug-in that should resolve sync conflicts or issues with 3rd party plug-ins is currently planned for Endpoint 7.3. Currently there's no ETA, however but I personally expect it later this year.

Between Jan 23 and 28, you had various diagnostic logging enabled. You should disable it in the advanced setup -> tools -> diagnostics. Alternatively you might have enabled it via Help and support -> Details for customer care. Advanced logging should be enabled only for the time necessary to reproduce a particular issue and must be disabled then. When activated, a yellow notification pops up in certain intervals notifying you about that.
Feel free to delete the files in the Diagnostics folder.

The current up-to-date version for desktop edition is the v4
Endpoint edition v7 is running as BETA currently , once it goes stable I believe they will start looking at building the v7 for desktop.
The fix that Marcos talked about would be probably a small fix (hotfix) that will solve the issue with browsers and that's it , not a major upgrade.

There will be a fix for the issue in both Endpoint and ESET NOD32 for Linux desktop according to the latest news.

Hello,

Hmm… this is kind of a long answer.  ESET is always looking at all sorts of new (and not-so-new) technologies and how we can better protect people, and the Internet of Things is one of those areas where there are a lot of challenges and a lot of interest.  We have done everything from finding vulnerable devices and reporting them to their vendors (under responsible disclosure guidelines, BTW), as well as looked at the space from the perspective of a higher level overview.  So, from that perspective, ESET does have interest in the space.

But, that said, it is important to understand that there are a lot of non-obvious background activities that go into shipping actual hardware.  My last employer (before I joined ESET in 2005) was a telephony hardware manufacturer that made embedded systems like VoIP handsets, PoE switches, PBXes and the like.  While that may sound dissimilar to an "IoT device" at first glance, they are really largely the same:  General purpose (commodity) hardware and operating systems software that has been highly-optimized and engineered to perform a few set-purpose activities.  In the case of those devices, that involved things like taking and placing calls, handling voicemail, toggling MWI (message waiting indicator) LEDs and connecting to a variety of standards-based (SIP) and proprietary (Cisco) devices. 

To get to all of that, though, the company had to go through all sorts of prototyping to design and then test the hardware, source component suppliers, find printed circuit board manufacturers, assembly partners, etc.  Doing all of that requires having lots of electronics engineering talent, with specialization not just in embedded but telecommunications and networking as well.  You have to design the plastics (or contract that out to a design firm), as well as do things like get certification from various regulatory agencies and safety organizations (FCC, UL, TUV and so forth).  You even have to design crush-proof packaging and foam inserts which is a highly-specialized field. 

Getting device through certification is not always easy (when I left my last employer, they were going through a multi-month long process to get a Bluetooth radio module inside a handset certified for EU use) or cheap.

And, once you've finally got a working, certifiable product, it gets even more complicated.  If you have a physical product like hardware, you have to have physical space for engineers to sit in, warehouse space for inventory, a shipping department, a QA/testing department, an RMA department for analyzing why units failed in the field and repairing them and so forth.  Also, expect to re-spin (revise) your product's hardware several times over its life-cycle to fix bugs in it.  Those will occur, no matter how much you design or test for them.  At my last employer, they had one product with a circuit board on revision H (8th revision) because revisions A though G had flaws in them.  Even something as simple as the Raspberry Pi 4 has design flaws that need to be fixed with a board redesign.
All together, that is a lot of work, and while ESET has engaged in some activities-at-scale before which required some specialized engineering, making an IoT security device is in a different kind of direction than the has historically been in.

That's not to say that you will never see an ESET IoT security device, but just not to expect anything in the near term, because there's a lot of work to do to get into the hardware space.  It may instead be more effective to partner with companies to provide that kind of functionality.  But, that's a discussion far beyond my area of expertise.

Regards,

Aryeh Goretsky
 
 
 

When it comes to potentially unwanted programs you can completely disable this option in the detection engine area. PUA programs are programs that aren't technically viruses but they have bad business practices e.g. hard to remove, try to instal extras e.g. toolbars, might contain adware and try and send information back etc. The idea with a PUA is when the option is enabled it is up to the user to decide if the pros of using it outweigh the risks. 
If you want to keep PUA alerts on and it comes up with the pop up as you first showed by clicking the advanced arrow it will give you an option to exclude. 
Finally I'd like to warn you that using cracked software always comes with risks because they are coming from non official places and could contain extras.

It is unclear what you want to do.
Refer to this Eset knowledgebase article for options available when the potentially unwanted application alert appears: https://support.eset.com/en/what-is-a-potentially-unwanted-application-or-potentially-unwanted-content

Hello,

Hmm… this is kind of a long answer.  ESET is always looking at all sorts of new (and not-so-new) technologies and how we can better protect people, and the Internet of Things is one of those areas where there are a lot of challenges and a lot of interest.  We have done everything from finding vulnerable devices and reporting them to their vendors (under responsible disclosure guidelines, BTW), as well as looked at the space from the perspective of a higher level overview.  So, from that perspective, ESET does have interest in the space.

But, that said, it is important to understand that there are a lot of non-obvious background activities that go into shipping actual hardware.  My last employer (before I joined ESET in 2005) was a telephony hardware manufacturer that made embedded systems like VoIP handsets, PoE switches, PBXes and the like.  While that may sound dissimilar to an "IoT device" at first glance, they are really largely the same:  General purpose (commodity) hardware and operating systems software that has been highly-optimized and engineered to perform a few set-purpose activities.  In the case of those devices, that involved things like taking and placing calls, handling voicemail, toggling MWI (message waiting indicator) LEDs and connecting to a variety of standards-based (SIP) and proprietary (Cisco) devices. 

To get to all of that, though, the company had to go through all sorts of prototyping to design and then test the hardware, source component suppliers, find printed circuit board manufacturers, assembly partners, etc.  Doing all of that requires having lots of electronics engineering talent, with specialization not just in embedded but telecommunications and networking as well.  You have to design the plastics (or contract that out to a design firm), as well as do things like get certification from various regulatory agencies and safety organizations (FCC, UL, TUV and so forth).  You even have to design crush-proof packaging and foam inserts which is a highly-specialized field. 

Getting device through certification is not always easy (when I left my last employer, they were going through a multi-month long process to get a Bluetooth radio module inside a handset certified for EU use) or cheap.

And, once you've finally got a working, certifiable product, it gets even more complicated.  If you have a physical product like hardware, you have to have physical space for engineers to sit in, warehouse space for inventory, a shipping department, a QA/testing department, an RMA department for analyzing why units failed in the field and repairing them and so forth.  Also, expect to re-spin (revise) your product's hardware several times over its life-cycle to fix bugs in it.  Those will occur, no matter how much you design or test for them.  At my last employer, they had one product with a circuit board on revision H (8th revision) because revisions A though G had flaws in them.  Even something as simple as the Raspberry Pi 4 has design flaws that need to be fixed with a board redesign.
All together, that is a lot of work, and while ESET has engaged in some activities-at-scale before which required some specialized engineering, making an IoT security device is in a different kind of direction than the has historically been in.

That's not to say that you will never see an ESET IoT security device, but just not to expect anything in the near term, because there's a lot of work to do to get into the hardware space.  It may instead be more effective to partner with companies to provide that kind of functionality.  But, that's a discussion far beyond my area of expertise.

Regards,

Aryeh Goretsky
 
 
 

Hello,

ESET is not in the wireless networking business, but using a guest wireless network without access to  your own internal network of machines is a good start.  Keeping the router up-to-date with the latest firmware from the manufacturer is important, too.  If they are no longer providing updates, you can look to see if firmware from a third-party is available, such as DD-WRT, or replace the router with a new, supported device.  If you are using ESET Internet Security or ESET Smart Security Premium, you can use the Connected Home Monitor feature to see what is attached to your internal network.

For scanning other people's computers, you may want to consider using a USB flash drive with ESET SysRescue Live installed to it.

Regards,

Aryeh Goretsky

As far as I know, we don't plan to have Application control any time soon (meaning in the next few moths). Currently it's only possible to create HIPS rules to block execution of specific executables based on the path.

It was resolved immediately when you reported it here. Not sure what exactly you mean by "supports" but a correct way how to report false positives is following the instructions at https://support.eset.com/en/submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab.

There are no such agreements. It would mean that every AV maker would have to have an agreement with every company or person in the world that compiles files and creates applications. It is obvious that AV makers fix false positives in their own interest as well.
Also I wrote that the detection was fixed so your conclusion is incorrect.

In Win 10, Eset uses the Early Launch Anti-malware;  i.e. ELAM, driver to load its kernel process drivers prior to any other non-device drivers. You can read about ELAM here: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware

Ekrn.exe is the crucial process responsible for protection. It starts with Windows as early as possible.