Marcos

The FP has been fixed and update resumed.

Unfortunately without a proof we cannot comment on it. Of course, no antivirus detects 100% of all threats, especially when it comes to scripts. And blocking all powershell scripts just because they could be misused is not a good solution either.

Please see my comment above. Updates were stopped and the detection will be removed momentarily.

There are several layers that could detect such threat: 1, Detection by a signature. 2, Web access protection if the powershell script is downloaded from the Internet. 3, AMSI scanner upon execution of powershell. 4, Advanced memory scanner if the payload is a file that is executed. The question is if the payload does something really malicious. Please contact samples[at]eset.com and provide details.

Thanks but it's not needed. We have got some examples from the LiveGrid feedback system.

Appears to be FP. We've stopped offering the latest update for now.

Does the page https://help.eset.com/era_admin/65/en-US/index.html?admin_pol_how_policies_are_applied.htm help understand how policies are applied?

You can remove the license from unused device(s) via the License manager and then use to activate ESET after you reinstall the OS and install ESET.

Yes, you can use your license key to activate ESET. You can then remove the license from the former computer via the license manager at my.eset.com.

I assume that creating a filter for Active threats -> Count >= 1 should do the trick and only active threats (ie. those that could not be cleaned / deleted for whatever reason) should be included in the report then.

Please gather logs with ELC and provide me with the generated archive if you would like me to check your ESET's configuration. The log you've provided was generated by Process Monitor.

If you can't evaluate if a particular communication is good or bad, I'd strongly suggest using automatic mode without any custom rules. Otherwise it could happen that you block a legitimate communication which will cause issues with the operating system or some applications.

I don't see anything wrong with that. As long as the LiveGrid feedback is enabled, it is normal that nfi files may be created in the charon folder. Please provide me with the nfi file for perusal.

In-depth scans doesn't use Smart optimization by default and scans every file you have on a disk. Try enabling Smart optimization in the In-depth scan profile; the scan time should be reduced quite a lot.

Are you getting the pop-up only when launching IE or other browsers as well? Please provide me with logs collected by ELC to start off.