Jump to content

Search the Community

Showing results for tags 'network'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • ESET General Forums
    • ESET Announcements
    • General Discussion
    • Forum FAQ's and Rules
    • Submit a virus, website or potential false positive sample to the ESET lab
    • Quick questions by guests (registration not required)
    • WeLiveSecurity.com
  • ESET Home User Products
    • ESET Internet Security & ESET Smart Security Premium
    • ESET NOD32 Antivirus
    • ESET Cyber Security (for Mac)
    • ESET Cyber Security Pro (for Mac)
    • ESET NOD32 Antivirus for Linux Desktop
    • ESET Products for Mobile Devices
    • Web portals
  • Malware Detection and Cleaning
    • Malware Finding and Cleaning
    • ESET Standalone Malware Removal Tools
  • ESET Business User Products
    • ESET Cloud solutions
    • ESET Endpoint Products
    • ESET Products for Windows Servers
    • ESET Products for Linux Servers
    • ESET Products for Mobile Devices
    • Remote Management
    • ESET Enterprise Inspector (EDR)
    • ESET Products for Virtualized Environments
    • Encryption
    • ESET Licensing for Business
    • Other ESET business products
  • ESET Beta Products
    • ESET Beta Products for Home Users
    • ESET Beta Products for Business Users
  • Slovak and Czech forums
    • ESET NOD32 Antivirus, ESET Internet Security a ESET Smart Security Premium
    • Produkty pre mobilné zariadenia
    • Vírusy a iné hrozby
    • Ostatné

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Hi, I have installed ERA SERVER that controlls my network pc's, and when i'm inside my network, i try to update the virusDB and its all fine but when i'm out from my network when i try the same thing that gives me error. Someone know why??
  2. We're often talking about PUA here. Basically it's software which makes changes that users maybe don't want. E.g. it can change the homepage of your browser, install other software, especially toolbars, (additionally to the software you wanted to install) and makes it difficult to opt-out of this settings. The thing I talk about here you can also call are software wrappers with PUA - some of them are even the official installers, so if you want to use the software, you have to use this PUA (or PUS/PUP) installer. That's not nice I think! ESET users have the possibility to let ESET detect such software. However there is a PUA which isn't detected by ESET (deliberately) maybe because it would block too many installers.1 It's called OpenCandy. It's a quite often used library in installers from different companies, who want to generate money out of their installations. Sometimes it's also called adware. The Wikipedia article shows some of the companies that use this library. According to this article that are actually e.g. Auslogics Disk Defrag, CDBurnerXP (depending on the version), CrystalDiskInfo, Daemon Tools, DVDStyler, DVDVideoSoft, Foxit Reader, some Freemake products, ImgBurn, MyPhoneExplorer, Nero Burning ROM, Nero Burning ROM, Orbit Downloader, PDFCreator, uTorrent, Winamp and more... But there is a way to block this PUA inside these installers, so you can still install the software - but without toolbars or whatever it wants to install. The FAQ from OpenCandy even describes how. But I made it a bit easier for you, regardless whether you're an ESET user or not. As a non-ESET-user As you can read in the FAQ you can avoid the installation (and even the communication) of the installer by starting the installer with the parameter "/NOCANDY". Maybe you don't know how to do this so I made it a little more easier for you. Download this small batch file, which does this automatically. Just put it into your download folder and when starting an installation drag and drop the installation file on this batch and it will start the installer with the needed parameter. Download Alternative download link As an ESET user But as an ESET user you have more (and better) possibilities. The FAQ also describes some ways how to configure your firewall, so that it will block OpenCandy. I improved these suggestions and configured ESET in this way, so it will block this PUA. Then I exported the configuration and adjusted the XML file a bit. Because ESET has different protection layers it will also work in NOD32, but you have to use a different file. Below I explain what version you should use. Just import the configuration you need! Note: I won't assume the liability if something doesn't work. I strongly suggest you to export your configuration before importing the files from me, so you can restore it if something doesn't work. NoOpenCandy_FirewallAndWebProtection.xml This contains the ultimate blocking rules for ESET Smart Security. It adds a firewall rule and configures the web protection, so (if the firewall shouldn't catch the connection) even this will block the connection. Attention: When importing this configuration your blocking entries in the web protection will be overwritten! So make sure you don't have any sites configured which you block. If you have entries there import the NoOpenCandy_Firewall.xml file instead of this and add the following site to the blocked sites: *api.opencandy.com*. Download Alternative download link NoOpenCandy_WebProtection.xml This contains only the blocking entry for the web protection. You should use this if you use ESET NOD32 Antivirus, because there is no firewall included. Attention: When importing this configuration your blocking entries in the web protection will be overwritten! So make sure you don't have any sites configured which you block. If you have entries there add the following site to the blocked sites: *api.opencandy.com*. Download Alternative download link NoOpenCandy_Firewall.xml This file only contains the firewall rule for ESS. You can use it if you have already some entries in the list of blocked websites. Download Alternative download link If you have done this, you can check it with an installer of your choice. You won't see any notification (because I didn't enabled this in the configuration file), but you you can enable it manually if you want. Then you can see something like this: I hope you like it and it helps you to see less PUA... Notes: All my solutions will only block the PUA when an installer is trying to use it. You can still access the site of OpenCandy. Link to all files posted here: https://mega.co.nz/#F!OB51TRiA!NK5JUxySnSU8xLrdttiz9A (or here) 1 Edit: As I describe in the post below this PUA is detected - but as a potentially unsafe application, so you can enable the detection of it and it will be detected. For more information see my post #3. Edit2: Changed alternative download link, because the old hoster added PUA to their site, which was detected by ESET. Edit3: Uploaded new version with more IPs/domains blocked.
  3. Once again websites several webpages are not loading properly on Macs with OS X 10.11.0, 10.10.5, and 10.9.5 that have EES 6.1.16 or EES 6.1.12. It appears the webpage either time's out with loading or the CSS does not load properly. I know this was an issue with the version 6.0 products that was fixed, but now it is happening again.
  4. I try to install ERA 6 Web Console.. And download package from Agent Live Installers menu, but always get this error : " Failed to get installers: Failed to synchronize package repository " I try fill my own ERA server (hxxp://192.168.xxx.xxx/) and still get the same error. what i must fill in Repository Server in Server Setting?? Please help me out.. tnx b4..
  5. Hi all ! I've just downloaded Eset Cyber Security Pro for my mac and I need help to configure the firewall. (I used to have Icefloor) First question is : do I have to disable built-in os x firewall so as to make eset firewall work correctly ? Second question : How do i setup the firewall so as to NO OUTBOUND connexions could escape from my real IP address ( to the internet. I have setup two zones : - one for the en0 adapter which load several rules : allow in/out for OpenVPN connect (my VPN app) TCP/UDP, allow in/out for openvpn process in TCP/UDP and allow local network. Also Checked DNS. So while only connected to Wifi, internet doesn't work but i can connect to my VPN which is what I wanted. - one for the tun0 adapter which loads basic home rules when my VPN is ON. This should be ok because if my VPN drops then ESET switch to en0 zone and load the profile that only allow connection to my VPN. The problem is that while analyzing network trafic with ice floor PF states (and while VPN connected) i noticed some established connexion between my real IP ( and internet. Which basically means that some trafic is not in the tunnel. I know with ice floor i could put custom rules like "block drop out quick inet proto tcp from to any" and same for udp. I don't how I can do that with eset firewall : I can only says to the firewall "don't connect to that ip" but not "don't connect from that IP". Does anyone knows how I could deal with that problem ? Thanks
  6. Hi Eset Team. How to extend firewall learning mode 14 days to more? Regards Anand Mavani
  7. After following the steps in hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3747prior upgrading to the Win 10. After upgraded to Win 10, Windows download and install new update on their Windows Defender. After that, ESET Endpoint Security failed to load successfully. The Fireware, IDS and Botnet Protection become non-functional. Web Access Protection also non-functional resulting Anti-Phising not working. Tried to repair the installation, removed and reinstall but still fail.
  8. Hello, I would like to know which windows processes and their ports are secure. Today I opened the Zone & Rule Editor and there were way too many entries, some programs that are no longer installed, duplicates, etc. So I cleaned up the list and set up Zones and Rules for my browsers, mail client and various programs. My firewall is in interactive mode, thus ESS reports any new/unknown communication. So far the only process I have been asked for while browsing is SVCHOST Since this is a very generic service that includes many processes and protocols I don't exactly know to deal with it. Many users in other forums wrote that this process should be given full permission on anything. I am not sure about that, so this is how I set it up: Application: C:\Windows\System32\svchost.exe (Host Process for Windows Services) Allow: Out TCP&UDP Local Ports: 80 (HTTP), 443 (HTTPs) Now my questions: 1. how should I set up the rule for svchost.exe 2. what other processes are safe to allow and how should they be set up (direction, ports, etc.) Thank you in advance kind regards Pete
  9. We are in a migration process do ESET in our company. I had installed in 10 PC's Windows, Activated and Update the defitions of database. Today when I tried to active Endpoin Antivirus the Task Failed all time. Reboot the PC, after the agent was restarted and didn't solve. Looking for something on the ERA Server Log i found this line: 2015-09-02 11:10:43 Error: LicenseModule [Thread 250]: LicenseModuleHelper: SyncPools: Failed to retrieve the linked pools [seatId=43cxxxxxxxxxxxxx-xxxxxxx-xxxxxx]. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (failed to connect). Whats does it means ? The server is communicating with Eset.com, the database is beed updating normal. Tks
  10. Every single unit with EFS or EEA v6 that was activated is connecting to edf.eset.com:443 via our server proxy all the time. It's because every licence is being verified by ESET. I've already talked with polish ESET support and there is no way to avoid it. It is causing a traffic on our server proxy. We have ERA installed so we really don't need to go outside our LAN. I can turn off server proxy and everything works fine but than licence information is not being updated in ELA console. Is it a way to turn on server proxy settings for a specific period of time? For example daily during night so licences could be refreshed in ELA?
  11. Was interesesting in making use of the personal firewall to enter a list of IP address's much like you can with peerblock. Did it through the Rules and zones and entered some remote ip address's. Set it to notify user if it is fired off. And I can see the new rules in the "rules with no application assigned" But it neither fires off a notification nor is the IP blocked. I have tried single ip address's and using a netmask. Seems to have no effect. I setup the ip address's in the "remote' tab. I see if you are in interactive mode, and create rules through it asking you. it seems to work. but not if you manually enter your own ip address's I have set deny both directions, and TCP/UDP. I have even assigned a rule to an app I know tries to talk out.
  12. We are trying to architect an ERA plan that will take into account laptop devices that are often not on our corporate network for long periods of time. We can always tell the local client to communicate directly with the ESET servers, but we also want the client to communicate with our ERA environment for auditing and tracking purposes. Is there a recommended design or plan that ESET has to allow for this? My first thought is to put an ERA proxy on our DMZ that will communicate with our ERA server. I would like to get other opinions and hear what others are doing for scenarios like this. Thanks in advance.
  13. Hello, I have a new computer with ESS8 installed and it seems that it causes slow transfer over the local network. Speeds with ESS8: 3-5 MB/s Speeds with ESS8 uninstalled: 8-10 MB/s I run Windows 8.1 64 bit. and the exact same system and ESS8 (incl. the same configuration) is on my other machine where it works without any problem. My first thoughts were that I have wrong network drivers and I have spent 1,5 day trying to solve this issue. I was thinking that it is sufficient to simply disable realtime protection and firewall. Oh how was I wrong! Right after I have uninstalled Eset Smart Security 8 everything started to work flawlessly and my transfer speeds are back in normal. The same behaviour can be archieved by a simple restart into the safe mode with networking where it works as well because ESS8 is not loaded. I would be very grateful for any suggestions about how to fix this issue. I hope that simple advanced settings tweak could help me, but I have already tried some. Please feel free to contact me in case of any questions. Thanks!
  14. I need to block communication with one IP address (especially SMB). But simply blocking all communication with this particular IP will suffice. I have created the rule prohibiting all UDP and TCP communication with this IP, but the rule has no effect. PC, which I need an access to be restricted to, is still completely accessible from that remote IP. Strangely, ICMP blocking, which I used for testing, works correctly. Any advice is appreciated.
  15. I have installed ESET Remote Administrator 6 as Virtual on Hyper V. Have managed to add this server to domain, to add domain user as administrator on it. But when I run task to Sync Static Group of computers on domain I get this error: LDAP server authentication failed. Have no idea what to do. Ivan
  16. After I install and activate the parental control Eset Smart Security 8, began my problems with internet connection in the application Google Drive, I disabled the Firewall, the same parental control, restarted my computer again and again, but not no way to reconnect the application.. Please I need help with this problem.
  17. Can you point me to a document for ESET File Security for Microsoft Windows Server 6.0.12032.0 that would explain what ports should be open to which IPs for each of the features of ESET ? I keep seeing some of our servers trying to access on port 80. I was trying to look at the eset config to see what feature is turned on that is doing this. We have a ESET management server to provide the signature updates, but I don't know if it is threatsense, live grid, or something else. Thank you.
  18. Hi Champ, Is there any disaster recovery manual for ESET ERA and Endpoint Security Version 6 in the event of disaster ? Example: Prepare for disaster recovery, Perform disaster recovery Cheers, Aswath
  19. Hello My network upnp is no longer accessible since installing eset smart security. I enabled the option "Allow UPNP for system services in the trusted zone". before I was using another firewall with nod32 before you buy "eset smart security," I had not had that problem. the box of my internet access provider , I see more my upnp network, I use "FreeMi UPnP Media Server" on my computer. sorry my english is bad, im speak french only
  20. Hello Team, I recently started managing this client and some how they are not sure which server is ESET Primary Server or Administration Server. Is there a ways we can find the Remote Administration server in the network? Any help would be appreciated !! Regards, Binu Kumar
  21. Hi all, As it is important to also manage the server on which "ERA Server" is installed, we are trying to install ERA Agent (on the same machine). Our ERA server works fine, we allready hae a certain number of devices connected and managed, but when we setup this Agent it doesn't work. For information: This Topic concerns installation on a Debian Server. This is how we proceed: We manually dowload (and put on the server): Peer certicate CA public key We download the agent and make it executable: wget hxxp://download.eset.com/download/ra/v6/standalone-installers/agent/Agent-Linux-x86_64.sh chmod +x Agent-Linux-x86_64.sh Then we run setup: ./Agent-Linux-x86_64.sh \ --skip-license \ --cert-path="/etc/ssl/era/Certificate Export CN=Agent at _ BLABLABLA.pfx" \ --cert-password="" \ --cert-auth-path="/etc/ssl/era/Certification Authority BLABLABLA public key.der" \ --hostname="OUR_ERA_DOMAIN" \ --port=2222 The agent setup ends-up fine. But in the Agent log file we do have several suspect lines: 2015-03-19 12:20:09 Information: ERAG1ClientConnector [Thread 7ff332b6c700]: <CONNECTOR_MODULE> exception N3Era10Connectors17G1ClientConnector20no_installed_productE occurred at /mnt/builds/jenkins/workspace/ERA/release_6.1/37a27c02/src/Products/RemoteAdministrator/Src/Connectors/ERAG1ClientConnector/Agent/ProductOfflineConfiguration/UnixProducts.cpp:160. Product not installed. 2015-03-19 12:20:10 Information: CAgentSecurityModule [Thread 7ff3227fc700]: Agent peer certificate with subject 'CN=Agent at *, BLABLABLA' issued by 'CN=OUR_ER_DOMAIN, BLABLABLA' with serial number 'XXXXX' is invalid now 2015-03-19 12:20:14 Information: CReplicationModule [Thread 7ff3157fa700]: CReplicationManager: Processing client replication task message 2015-03-19 12:20:14 Information: CReplicationModule [Thread 7ff3157fa700]: CReplicationManager: Initiating replication connection to 'host: "OUR_ERA_DOMAIN" port: 2222' (scenario: Regular, data limit: 1024KB) 2015-03-19 12:20:14 Information: NetworkModule [Thread 7ff3147f8700]: Received message: CreateConnectionRequest 2015-03-19 12:20:14 Information: Kernel [Thread 7ff332b6c700]: Used memory after modules start-up is 43680 KB 2015-03-19 12:20:16 Error: CAgentSecurityModule [Thread 7ff3227fc700]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain 2015-03-19 12:20:16 Error: NetworkModule [Thread 7ff320ff9700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:OUR_ERA_IP, ResolvedHostname:, ResolvedPort:2222 2015-03-19 12:20:16 Error: NetworkModule [Thread 7ff320ff9700]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2015-03-19 12:20:16 Error: CReplicationModule [Thread 7ff3157fa700]: CReplicationManager: Replication (network) connection to 'host: "OUR_ERA_DOMAIN" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. Reading this, there seems to be an error occuring when the agent tries to connect to server (as they are on same machine this is quite strange). We don't understand why it is said that our "ERAG1ClientConnector" is invalid now... What is that connector and can it possibly be outdated ? We tried to change the "hostname" setting during agent setup to the public or private IP and even localhost but then we have another error that indicates that certifcate and IP doesn't match (plus the actual one). Any tips are welcome.
  22. Hello, I'm trying to make a restoration of my system after a mistake I made a few days ago, but this isn't working with ESET because it blocks the process. How can I restore my system with ESET? How can I exclude the restoration system (if that's what I have to do?). Thanks a lot.
  23. Hello I'm using ESET Endpoint Security 5 on Windows 8.1. Firewall is setted up in interactive mode and I'm really strict with this. I'm blocking all not needed comunications including from system processes (explorer.exe, services.exe, lsass.exe etc.). But it seems that firewall is blocking DHCP requests, because when I connect to network I'm not getting IP adress and network state is Limit (restriced) access only. When I turn off firewall and use ipconfig /renew I will get the IP adress normally. I'm attaching screenshot of rules, but I don't know how to export full lines. Which rules should I focus on?
  24. Hello. I have been using ESS for a few years and I love it. I've had some issues with the firewall and Windows network, and I have finally decided to get it all figured out. I have two computers running Windows 8.1. If I disable ESS firewall protection, the Windows network works great, I can see other computers and their shared files. But as soon as I enable ESS firewall, Windows tells me that I can no longer find those locations. Both computers have the network set as Trusted in ESET. I have tried turning on learning mode as well, and while it works great for creating program rules, it still will not allow my computers to see each other over the network. ESS is my only firewall, neither my router's firewall or Windows firewall is active. Does anyone have any experience setting this up? ESET's firewall works great otherwise, but I'd love to resolve this so I can access my computers without disabling ESS's firewall. Thanks!
  25. Dear Sir, we have using ESET Endpoint Version 5.0.2214.4, recently infected with conficker worm.AA it spreading over the network, we have no solutions to prevent the conficker worm A.A infected the workstation pc. had try to configure IDS setting it still infected the workstation pc by create a conficker file into windows folder and only removed it by eset endpoint security on windows section and it also created a task job, by it self. had try to make a full scan but no infection just got infection it spread over network and cleaned by endpoint itself and reinfected again after a few hours or day, however had try to disable autorun.inf using registry patched it totally not able to block the conficker worm spread over the networkstation... it will infected and removed by eset endpoint only .. pls help
  • Create New...