Marcos

There is nothing to worry about. While we internally recognize Ransim, it's a simulator that doesn't do any harm and whether an AV passes the test or not doesn't tell anything about how well the AV protects against actual ransomware or other types of malware.

Unforrtunately I still don't get what the problem is. If you mean that ESET does not appear in the App Lock list of installed applications, then the behavior is correct.

The current beta version of Catalina is not final yet. At the time of the final release ESET's products which is expected in October will be fully compatible with it. Without downgrading to the latest stable release (Mojave) it's not possible to install ESET.

If I understand it correctly, you're unable to run uacinstall.vbs neither from the temp folder nor any other folder but if you give a VBS script a different name, it can run. Correct?

Not true, it takes VT some time to update. Plus VT doesn't take into account when a particular file was blacklisted in LiveGrid which happened hours ago. ECLS Command-line scanner, version 7.0.2097.0, (C) 1992-2018 ESET, spol. s r.o. Module loader, version 1018.1 (20190709), build 1054 Module perseus, version 1554.1 (20190731), build 2050 Module scanner, version 20053 (20190920), build 42838 Module archiver, version 1291 (20190823), build 1305 Module advheur, version 1193 (20190626), build 1175 Module cleaner, version 1195 (20190610), build 1293 name="70e50d0eae76044b3c022cdb423bd47e525a8891", threat="Win32/Filecoder.NXW trojan"

I'm unable to reproduce it with or without uBlock. Please enable advanced protocol filtering logging in the advanced setup -> tools -> diagnostics, reproduce the detection of untrusted certificate, then stop logging, collect logs with ESET Log Collector and upload the generated archive here.

Maybe they've changed the certificate recently? I'm not getting a notice about untrusted certificate:

I'd strongly recommend uninstalling EEA v5 and installing the latest EEA v7.1. Instead of updating from a mirror, I'd suggest using ESET HTTP Proxy to cache dowloaded files and thus save network traffic. Also when updating from a mirror you lose streamed updates that are downloaded every few minutes and thus ensure maximum protection against newly emerging threats. As for the malware, it seems to be spreading from a remote share. Does temporarily disconnecting the machine from LAN stop malware detections? Please carry on as follows: - upgrade Endpoint on the machine to v7.1. Ideally install Endpoint from scratch, ie. uninstall v5 first. - run a full disk scan - collect fresh logs with ELC and upload the generated archive here.

It doesn't seems like malware behavior. What link did you click? What urls opened in tabs? Note: when posting links, make sure they are non-clickable.

Alternatively you can migrate to a new server installed in English. For instructions, please refer to the links above. It's up to you which way you choose; whether you'll do manual translation or install an English version of the ESMC server and migrate clients to it.

It's a PoC with an encryptor and decryptor in one. The instructions for decryption say: Run the ransomware in the command line with one argument, decrypt. Example: GoRansom.exe decrypt So detecting the sample would mean that users would not be able to decrypt files if it was detected and blocked by ESET.

A lot of information is missing there. Please attach status.html as is.

Let's try it with the next version when available which will not wait for WSC to respond on a check on system startup.

Please provide a screen shot of the message you received. Was it really a notification about a marketing message or a marketing message itself that popped up?

For a start let's check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log for details about the problem. You can post status.html here as well. If agent is not reporting to your ESMC server because its IP address or certificates have changed, re-deploy agent with a correct address of the ESMC server and the current peer and CA certificates.