FiaoFiao

[ 18 May, 2012] NOD32 latest escalation ID

admin — Fri, 18 May 2012 00:06:35 +0000

Username: EAV-34217400
Password: df8ndc283x

Username: EAV-34217852
Password: v2vrcrch36

Username: EAV-34446305
Password: 8r28xvdj4c

Username: EAV-34505185
Password: uc627dbfe5

Username: EAV-34227230
Password: mfsshbd2rr

Username:TRIAL-34630222
Password:a5tfmd47r5

Username:TRIAL-34630645
Password:fkud8en5s3

Username:TRIAL-34630666
Password:tuxct46pnv

Username:TRIAL-34630696
Password:b283puubdj

Username:TRIAL-34630710
Password:48cbs2es7v

Username:TRIAL-34630742
Password:br4cnc6scf

Username:TRIAL-34630785
Password:dffese56tn

How to allow communication for a certain application

admin — Mon, 12 Oct 2009 15:54:26 +0000

If a new connection is detected in the interactive mode and if there is no rule match, you will be prompted in a dialog window to allow or deny the connection. If you wish to perform the same action every time the application attempts to establish connection, select the Remember action check box.

For applications which are not communicating at the moment, you can create rules in the personal firewall setup. There are two ways to add a new rule. You can either right-click in the list of existing rules and select New rule, or click Edit all rules and then click New.
In the General tab enter the name, direction and communication protocol for the rule. The window allows you to define the action to be taken when the rule is applied.

Insert the path to the application’s executable and the local communication port in the Local point tab. Go to the Remote point tab to enter the remote address and port (if applicable). The newly-created rule will be applied as soon as the application tries to communicate again.

[ESET Smart Security]How to schedule a scan task (every 24 hours)?

admin — Sat, 10 Oct 2009 03:16:17 +0000

To schedule a regular task, go to ESET Smart Security > Tools > Scheduler (applicable in the Advanced mode). Below, you can find a short guide on how to schedule a task – this task will create a scan of local disks every 24 hours.

To schedule a scan task:

click Add in the main Scheduler screen
select computer scan from the drop-down menu
choose a name for the task and select Repeatedly
choose to run the task every 24 hours
select an action to perform if the scheduled task execution fails for some reason
review the summary of the scheduled task and click Finish
From the Targets drop-down menu, select Local drives
click Finish to apply the task

How do I use ERA to configure my client computers to download virus signature database updates directly from ESET?

kevin — Thu, 08 Oct 2009 08:51:29 +0000

If you cannot or do not wish to use a local update Mirror server, your clients can receive virus signature updates directly from ESET while still being managed by ESET Remote Administrator.

The advantages of this configuration are your clients receive Virus signature updates as soon as they are released and that your updates are not dependant on your local server. Follow the directions below to set up a direct-download configuration:

Open ERAC by clicking Start → All Programs → ESET → ESET Remote Administrator Console → ESET Remote Administrator Console .
From ERAC, click Tools → Policy Manager. You’ll see a server icon labeled Server Policy (your server’s name). Click it and then click Edit… on the far right of the Policy Manager window. In the example, the server is named Testserver. This will launch the ESET Configuration Editor.

Fig. 1-1
Click ESET Smart Security, ESET Nod32 Antivirus → Update module → Profile (My profile) → Setup. Highlight Update server: and ensure Choose automatically is selected from the Value: drop-down menu.

Fig. 2-1
Highlight Username: and enter your Username (the one you used to download your ESET security products at installation). Click here for more information about your username and password.
Highlight Password and click Set password:, enter your password twice when prompted.
Click the Console button to close the Configuration Editor. You will be prompted to save your changes. Click Yes and then OK to exit Policy Manager.
You have just configured all clients reporting to ESET Remote Administator to update directly from the Internet using your Username and password to authenticate.

Adding/Editing/Deleting a Whitelist entry (3.0)

kevin — Tue, 08 Sep 2009 23:17:08 +0000

A whitelist is a list of email addresses or domains that you have designated as legitimate email contacts. Messages from these contacts will not be blocked automatically, and will be delivered successfully to your inbox.

To more effectively filter spam, use the Whitelist in conjunction with the Blacklist. A Blacklist is a list of specific email addresses or domains considered to be associated with spam.

Adding an email address to the Whitelist

Open the main program window by clicking the ESET icon next to the system clock or by clicking Start → All Programs → ESET → ESET Smart Security.
If you seee the message Display: Standard mode in the lower left corner, toggle to Advanced mode by clicking Toggle Advanced mode, or by pressing CTRL + M on your keyboard.
From the main menu, click Setup → Antispam module.
The Antispam module will be displayed. In the middle of the window, click Whitelist.

Fig. 1-1
The Whitelist window will appear. From here you can Add, Edit, or Remove Whitelist entries. To add an email address to the Whitelist, click the Add button.
The New item window will appear. In the Email address field, enter the email address you want whitelisted. In the Name field, enter the company or individual associated with the address.
If you wish to whitelist the entire email domain, select the Whole domain option at the bottom of the window. This can be useful if you wish to allow email mesages from all individuals in a specified organization.

Fig. 1-2
Click OK to finish.

Editing a Whitelist entry

While in the Whitelist window from step 5 above, select the address you wish to edit, and click the Edit button.
The Item change window will appear, allowing you to change the email address or name of the entry. Click OK to finish.

Fig. 1-3

Removing a Whitelist entry

While in the Whitelist window from step 5 above, select one or more email addresses, and click the Remove button.
A dialog box will ask you to verify the action. Click OK to confirm.
Close the Whitelist window when you are finished adding, editing, or removing entries.

How do I temporarily disable the startup scan?

kevin — Mon, 11 May 2009 00:08:46 +0000

By default, your ESET security product will scan programs and memory at startup. If your system startup scan is taking an unusually long time to complete, you may have conflicting programs set to run at start up. You cannot cancel the startup scan once it has started, but you can temporarily disable the scan from running on system startup by following the directions below:

Open the main program window by clicking the icon in the Windows notification area or by clicking Start → All Programs → ESET → ESET Smart Security or ESET NOD32 Antivirus.
Toggle to Advanced mode by clicking Change… in the lower left corner and then clicking Yes if you are prompted to confirm or by pressing CTRL + M on your keyboard.
In the left column, click Tools → Scheduler. The Scheduler/Planner window will be displayed.
Deselect Automatic startup file check | System Startup file check. | User logon. By default, this is the fourth option down.

Fig. 1-1
Restart your computer. Your startup scan is now disabled.

Important! Disabling the ESET startup scan exposes your computer to risk and is only a temporary fix for a third-party application conflict. If possible, we recommend checking for other applications which are scheduled to run at startup and either deselecting their startup features or uninstalling the conflicting software from your computer. ESET is unable to provide support for other third-party applications.

Email functionality issues: Solution checklist

kevin — Thu, 16 Apr 2009 06:27:31 +0000

Occasionally, features designed to protect your computer from malware can interfere with your email functionality. Below are known issues and instructions for resolving them.

Difficulty sending or receiving email

Problem: I can receive incoming email but cannot send outgoing mail.

Solution: Modify the email filtering to avoid conflicts. Click here for instructions.

Problem: Immediately after installing ESET Smart Security I can no longer send or receive email.

Solution: Modify the rules governing the behavior of your ESET Personal firewall to allow email traffic. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Problem: My email stopped working after I installed my ESET security product on a computer which already had another antivirus or antispam program installed on it.

Solution: Third-party antivirus and antispam programs, as well as other software firewalls such as Outpost, Zone Alarm or Kerio, can create conflicts when your ESET security product is installed on top of them. You will need to uninstall your ESET security product and uninstall the third party software and then reinstall your ESET security product. Click the Knowledgebase link below that corresponds to your software version:

Problem: I am using ESET Smart Security 4.0 with Mozilla Thunderbird and my email client is behaving strangely, garbling data, losing messages, etc.

Solution: An early version of ESET Smart Security 4.0 created conflicts with Thunderbird. These issues were fixed in Version 4.0.437. Click here for instructions to uninstall and reinstall the latest version of ESET Smart Security 4.0.

Problem: I am using a non-standard email client and my ESET security product seems to be blocking my email traffic.

Solution: Your ESET security product’s protocol filtering may not recognize email clients other than Microsoft Outlook, Outlook Express, Windows Mail or Mozilla Thunderbird. If you are using a client such as Eudora, Kerio MailServer, Opera Mail, The Bat!, etc., you should deselect that program from Email client protection scanning. Click the Knowledgebase link below that corresponds to your software version:

ESET Antispam issues

Problem: The ESET Smart Security Antispam Toolbar does not appear in my email client.

Solution: You may need to modify your settings or ensure that you are using a version that is compatible with your email client. For example, full email integration on Mozilla Thunderbird is supported only in ESET Smart Security 4.0 and later. Click the Knowledgebase link below that corresponds to your software version:

Problem: I want to remove the ESET Smart Security Antispam Toolbar from my email client.

Solution: You can remove the Antispam Toolbar from a single session or remove it from your client entirely. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Problem: I cannot find messages that the ESET Antispam module is marking as spam. Where are they being sent?

Solution: You can choose the destination folder that ESET Smart Security is sending messages it flags as spam. Click the Knowledgebase link below that matches your version of ESET Smart Security:

Problem: How do I tell the Antispam module which email addresses are trusted (Whitelist) contacts and which ones are known spam sources (Blacklist)?

Solution: You can add and modify the Whitelist and Blacklist that your ESET Antispam module uses to protect you from spam while allowing trusted email. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Version 4.0: modifying entries to the Whitelist and the Blacklist

Version 3.0: modifying entries to the Whitelist and the Blacklist

NOTE: You can also export your Whitelist or Blacklist from one computer and import them onto another.

Problem: My ESET Antispam module is adding an unwanted note to my incoming and/or outgoing mail that says the message has been scanned.

Solution: You can configure or disable the scanned message tag that appears at the end of emails that your ESET security product has scanned. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Other

Problem: I want to disable my ESET security product’s email protection entirely.

Solution: It is possible, but not recommended, to disable the ESET Antispam module. Doing so will expose your computer to added risk. if you wish to proceed, click the Knowledgebase link below that corresponds to your software version:

Why does the Protection status icon change color and what does each color mean?

kevin — Wed, 15 Apr 2009 00:00:17 +0000

Your ESET security product displays your current level of protection in the Protection status area, located on the left of the main program window. It displays information related to your computer’s security, including:

Protection status level, with color-coded Protection status monitor icon
The number of attacks on your computer that your ESET security product has blocked
The current version of the virus signature database
The date your license expires

Fig. 1-1

What does each color mean?

Green - Maximum protection

The green Protection status icon with a white checkmark indicates that your computer is fully protected. If you are using ESET Smart Security, Antivirus and antispyware, Personal firewall and Antispam module will be visible and marked with green checkmarks indicating that each is updating correctly and functioning optimally. If you are using ESET NOD32 Antivirus, Antivirus and antispyware will be marked with a green checkmark.

Fig. 1-2

NOTE: If your Antivirus and antispyware or Personal firewall are not updated or functioning optimally, one or both will be marked with a red exclamation point and your Protection status icon will change. If your Antispam module is not fully updated or functioning optimally, it will be marked with a red exclamation point; however, your computer’s Protection status will not change because the Antispam module protects your email only.

Yellow – Maximum protection may not be ensured
The yellow Protection status icon with a white letter ‘i’ indicates that maximum protection status is not ensured. This means your computer is still being protected, but one or more of the recommended or default protection features is disabled or not functioning correctly and may be exposing you to added risk.

If your virus signature database is unable to update, your Protection status icon will turn yellow.
If you have not downloaded the latest updates for Windows, your Protection status icon will change to yellow by default in version 4.0 of your ESET security product.
Instructions for modifying or disabling your ESET security product’s Windows update notification features are available here.
Your Protection status icon will also turn yellow when your ESET security product’s license has 10 days remaining or fewer before it expires.
When it expires, your ESET security product will be unable to update and your Protection status will then change to red. Instructions for renewing your license are available here.
If you disable Document protection, Email client protection or Web access protection, your Protection status icon will change to yellow.
If you select Block all network traffic on the ESET Personal firewall, your computer will not be exposed to risk but your Protection status icon will turn yellow because no network services, such as updates, will be available.
Generally, you can restore the green maximum Protection status icon by following the instruction in the alert box below the yellow Protection status icon.

Fig. 1-3

Red – Maximum protection is not ensured
A red Protection status icon with a white exclamation point appears when maximum protection is not ensured and your computer is vulnerable to threats. Generally, you will see an alert message explaining why maximum protection is not ensured and recommending actions to take. One or both of the Antivirus and antispyware or the Personal firewall modules may have red exclamation points next to them.

If your Protection status icon turns red immediately after you install ESET Smart Security or ESET NOD32 Antivirus, check to make sure your username and password are entered correctly. A typo in the username or password fields will prevent your ESET security product from updating.
If one of your ESET security product’s critical protection modules, such as Antivirus and antispyware, is disabled, the Protection status icon will turn red.
If your Protection status icon is red because Real-time file system protection is disabled, you can re-enable it from the main program window in Advanced mode by clicking Setup → Antivirus and antispyware protection → Real-time file system protection → Enable. Click here for more information about how to exclude certain files from Real-time file system scanning without disabling the module entirely.
If your Protection status icon is red because your ESET Personal firewall is disabled, you can re-enable it from the main program window in Advanced mode by clicking Setup→ Personal firewall → Network traffic filtering → Switch to filtering mode. Click here for more information about configuring your Personal firewall.

Fig. 1-4

How do I use ESET Remote Administrator to disable notifications about Windows updates?

kevin — Tue, 14 Apr 2009 03:18:12 +0000

When Windows updates are missing, ESET Smart Security and/or ESET NOD32 Antivirus display notifications requesting the updates. You can use ESET Remote Administrator (ERA) to suppress these notifications on client computers that report to the ERA server. To create a configuration that suppresses these notifications and push that configuration out to client computers, follow the steps below:

Open the ESET Remote Administrator Console (ERAC) by clicking Start → All Programs → ESET → ESET Remote Administrator Console.
Click Tools → ESET Configuration Editor.
In the ESET Configuration Editor menu on the left, click ESET Smart Security, ESET NOD32 Antivirus → ESET Kernel → Setup → Advanced → Notify about missing OS updates from level: Critical updates.

Fig. 1-1
Select No updates from the Value drop-down menu in the Setup area on the right. Click File → Save to save the configuration as a .xml file. Close the ESET Configuration Editor.

Fig. 1-2
In the ERA Console, click File → New Task….
In the New Task window, select Configuration. Click OK.
In the Configuration for Clients window, click the Select button and navigate to the .xml configuration file you created in the steps above. Click Next.

Fig. 1-3
Apply the .xml configuration file to the clients you want by dragging and dropping each client into the Selected items column. Click Next.

Fig. 1-4
A summary window will display the task type and list of clients to which it will be applied. In this window, you can set a time to apply the task, give the task a name and describe the task. Click Finish to complete the task setup and apply the configuration to client computers that report to the ERA server.

How do I disable the graphical user interface (egui.exe)?

kevin — Thu, 02 Apr 2009 23:55:35 +0000

Although ESET does not recommend doing so, it is possible to disable the graphical user interface of your ESET security product. In certain cases, such as terminal server networks with extreme memory limitations, you may wish to disable each instance of the egui.exe. It is essential that you first configure ESET Remote Administrator to control terminal computers running instances of ekrn.exe because after disabling, there will be no graphical interface on the terminal computer.

Click here for more information about ESET Remote Administrator.
Click here for information about how to install ESET Remote Administrator and set up a Mirror server.
Click here for instructions on pushing out .xml configurations to your network client computers.

Warning: Do not proceed unless you are an experienced user and familiar with ESET Remote Administrator.

Disabling the graphical user interface
Follow the steps below to disable egui.exe on an individual client:

Click Start → Run (Windows Vista users: Click Start, type Run and press ENTER).
Enter the following string into the command-line field and click OK:
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui /f

Recommended settings
You may encounter a variety of issues once egui.exe is disabled. Below is a list of potential solution configurations that can be pushed out through ESET Remote Administrator to address these issues. In general, you should configure your ESET security product to minimize the number of user interactions required because the lack of a graphical user interface makes such interactions more difficult.

Antivirus and antispyware

Cleaning
We recommend you set the cleaning level in the ThreatSense engine parameter setup window to Strict cleaning in all modules. Click here for illustrated instructions.

SLL Protocol filtering
If administration of the SSL protocol is needed, we recommend turning on Block communication that uses the certificate. From the main program window, press the F5 key. From the Advanced Setup window, click Antivirus and antispyware → Protocol filtering → SSL → Certificates → End certificate validity.

Update
We recommend you select Never restart computer and Never update program components. From the main program window, press the F5 key to open the Advanced Setup window. From the Advanced Setup tree, click Update → Setup and then select these options under the Update mode tab.

Tools
If the ThreatSense.Net Early Warning System is enabled, we recommend selecting the Submit without asking option. From the main program window, press the F5 key to open the Advanced Setup window. From the Advanced Setup tree, click Tools → ThreatSense.Net → Advanced setup… and select the Submit without asking option in the Suspicious files tab.

Email clients and issues
The lack of a graphical user interface results in a few changes to the way your ESET security product works with email clients:

You must configure your ESET security product not to ask for user action in alert messages, since the alerts will not appear. From the Advanced Setup window, click Antivirus and antispyware → Email client protection → Setup… and move the slider to Strict cleaning.

Also, you must add addresses into antispam lists (trusted addresses, spam, list of inclusions) remotely, since those options will not be available on the client terminal.

Some items on the ESET Antispam Toolbar drop-down menu in your email client will be inactive, such as Antispam setup, Address books and Help.

NOTE: Under certain circumstances, a Microsoft Outlook integration error can occur or an existing integration can stop functioning. Microsoft Outlook may display the following message:

"The Add-in ESET Outlook Plugin (C:\PROGRA~1\ESETESETNO~1\EPLGOU~1.DLL) cannot be loaded and has been disabled by Outlook. If no update is available, please uninstall the Add-in."

If this occurs, delete the extend.dat file of the user account with the error. By default, this file can be found in C:\Documents and Settings\Username\Local Settings\Application Data\Microsoft\Outlook. Outlook will automatically recreate the .dat file at the next application startup and the issue should not occur again. Other clients, such as Microsoft Outlook Express, Microsoft Windows Mail and Microsoft Windows Live Mail can also have very rare integration issues, often caused by the presence of another security program in addition to your ESET security product.

Scheduler
Schedules triggered by the User logon event trigger will not work without the graphical user interface because your ESET security product monitors the launch of egui.exe at user logon. If any of your scheduled tasks require user logon to start, reconfigure them to trigger on a different event. From the main program window, toggle your ESET security product to Advanced mode click Tools → Scheduler. In the Scheduler/Planner area, click on existing rules that launch at user logon and click Edit…. From the Edit task window, select an event trigger other than User logon, such as Every time computer starts or The first time the computer starts each day.

Personal firewall

Warning: ESET strongly discourages installations of ESET Smart Security on servers (and ESET Customer Care North America does not support such installations) for a number of reasons. A primary concern is that the ESET Personal firewall can block connections to the server, even those by an administrator seeking to modify the server after the installation. Below are suggestions for Personal firewall configuration that may be necessary on a computer running ESET Smart Security with egui.exe disabled.

Filtering mode
ESET recommends you use one of the following filtering modes: Automatic mode, Automatic mode with exceptions or Policy-based mode. Click here for more information about the Personal firewall filtering modes.

Rules and zones
ESET recommends you set your desired Personal firewall behavior when changing the network adapter settings. From the main program window, press the F5 key. From the Advanced Setup window, click Personal firewall → Rules and zones → Trusted zone → Setup… → Advanced settings…. and select Do not show the dialog with protection mode settings of the computer in the network.

Application modification detection
You will need to add trusted applications that update occasionally to the List of applications excluded from checking, since the user will not be able to see alert notifications asking if such updates are permitted. To exclude an application, open the Advanced Setup window and click Personal firewall → Application modification detection. Then, click Add… to add the list of applications that are allowed to update without being checked.

NOTE: You can disable Application modification detection entirely by deselecting Enable detection of application modifications check box in the Detect modification of network-aware applications area, but this will decrease the security of your computer.