Marcos

I'm afraid that without temporarily uninstalling ESET you won't know what is causing the issue. If it's Windows 10, Windows Defender will temporarily protect the system. It provides decent protection so it shouldn't be a problem to temporarily uninstall ESET. Speaking about computers in LAN, do you mean that you have ESET Endpoint Antivirus on the clients and not ESET NOD32 Antivirus?

It's the file in which ESET detected the malware. I just downloaded the file from the url and scanned it at VT.

Embed.js contains a malicious javasript. The detection was added in March 2020, today it's detected by 10 AVs at VT: https://www.virustotal.com/gui/file/59ec9e936dcb9f44d9806b5f5a105a1980ab9439ac51b0b634b3c50f70e47a04/detection

You can either: 1, Run a disk scan with cleaning disabled and PUA enabled. When a threat is found, delete it manually. 2, Run 2 scans, one with PUA detection disabled and cleaning enabled and then the other scan with PUA enabled and cleaning disabled.

I was able to open the website without issues. What's the problem? Could you post a screen shot for clarification?

If you install ESET PROTECT using the all-in-one installer on the server with former ERA v5, it will offer you installation of HTTP Proxy. This way also live agent installer and policies will have the proxy pre-configured. The proxy limits communication to ESET's servers by default so clients won't be able to misuse it for browsing the Internet.

I'd prefer using an http proxy to mirror because of the following benefits: - streamed updates (clients stay protected against the latest threats basically without any delay) - saves a lot of Internet traffic (only non-cached files actually required by clients are downloaded) For more information about Apache http proxy included in the ESET PROTECT AiO installer, please read https://help.eset.com/protect_install/80/en-US/apache_http_proxy.html

It's a potentially unsafe application, ie. legitimate tool that could be misused in the wrong hands. It's not detected by default.

Engine 22863 was skipped, 22864 is now available on update servers.

It is not configurable. Since already scanned files are cached, scanning the actual folder should be quick then.

I would recommend ESET Internet Security since it can also protect you from RDP bruteforce attacks and other exploitation of vulnerabilities in network protocols. Moreover, it also contains antispam, Parental Control and Anti-Theft. There's also a premium product ESET Smart Security Premium which provides EIS features plus Data encryption and Password manager. Later this year it will also bring an additional protection feature that will be unique to this product and won't be part of EAV/EIS.

Db cleanup is triggered automatically on a daily basis. You can set it up in the server setup where you can also see what kind of events takes most of the db: How many clients report to the EEI Server? Is the db on the same server or on another one? What type of db do you use? What is the hw configuration of the server? How many detections occur on a daily basis? Could you post a screen shot of the Server status dashboard?

CERT_TRUST_IS_UNTRUSTED_ROOT and CERT_TRUST_IS_PARTIAL_CHAIN is reported. The certificate is signed by Fortinet which performs SSL inspection in your network but a valid root cert. is not installed on the client to establish trust.

Does the issue occur only when you open the Internet banking site in a secure browser or it occurs with a normal browser as well?