Marcos

ESET FIle Security doesn't have a firewall.

You can install v7 on top of v5. If you want to perform update via ESMC, send a software install task with v7 selected as the product to clients. After update, reboot the machines immediately.

We are going to introduce EDTD for any customers with Endpoint within the next few weeks. As for home users, I'm not sure there would be enough of them who would be willing to pay an extra fee for EDTD.

If you create a new agent live installer and install it on a troublesome client, will it start connecting to the ESMC server?

I was able to find only a license which expired 4 days ago. Were you actually charged for ESET after purchasing a renewal? Did you purchase it through ESET LLC (www.eset.com/us)? If so, please contact ESET LLC or the seller if you purchased from elsewhere.

Please uninstall Endpoint v5 and install the latest v7.3.2036. Endpoint v5 is in the limited support phase which means that we basically only guarantee module updates for it. It will reach end of life by the end of this year. Also I'd like to mention that disabling protocol filtering must prevent network communication issues. If not, the issue must be unrelated to the issue discussed in this topic.

Yes, the fixed version of the Cleaner module will be numbered 1211.1. It's currently available on the pre-release update channel.

It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist. LiveGrid is not meant to provide instant results for submitted files; that's what ESET Dynamic Threat Defense was made for.

Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced. The action for "suspicious object" and Augur detections depends on the cleaning mode settings.

Two real-time scanners should never run at a time. This rule of thumb has been true for years. The fact that everything works fine does not mean that it will do so in the future, e.g. when you encounter malware that both scanners will attempt to clean at the same time or when an update occurs to either program and it will cause clash with the other driver. You have the following options: 1, Disable MBAM's real-time protection so that it's real-time protection driver doesn't load and use it as a second opinion on-demand scanner. 2, Ask for a refund and keep only MBAM. 3, Ask for a refund and keep only ESET.

You should continue by following the instructions in KB6880, ie. create 2 update profiles, one for updating from a mirror and another one for direct update from ESET's servers. Then edit the default Regular update task and select the primary and secondary profile. You wrote that it didn't work. Could you be more specific what didn't work? Updates from the mirror or from ESET's servers when updating from home? Note that switching between the primary and secondary update profile works only when the scheduled task is run, not when you manually run update.

If users connect through a proxy in the office and directly at home, you could use a single update profile. In the adv. setup -> Tools -> Proxy server, set up the proxy server and enable the following option: In that case if connection through the configured proxy fails, the product will attempt to connect directly (at home).

Self-defense has nothing to do with this since the dat file is to be replaced in safe mode. I'd recommend upgrading to the latest version first and then enable SD (followed by a reboot). Endpoint 6.5 and older use a dat file, not dll. The dat file will be downloaded automatically unless you manually installed the fixed version of it that we provided yesterday for download. In the Update section there was an About button in Endpoint v5 if I remember correctly. It will show information about installed modules. Generally with regard to Endpoint v5, this is a legacy product currently in limited support with EOL to reach by the end of this year. V5 pales in comparison with v6 and especially v7 in terms of protection and also suffers from issues that were addressed in newer versions. Moreover, Microsoft is supposed to block any version of Endpoint older than 7.3 on Windows 10 as of the update planned for H1 2021. We strongly recommend upgrading to the latest version 7.3 or at least 6.5 on systems with Windows XP where upgrade to a fully supported OS is not possible for whatever reason. https://support.eset.com/en/kb3592-is-my-eset-product-supported-eset-end-of-life-policy-business-products

Please read https://support.eset.com/en/kb6819-upgrade-eset-remote-administrator-63-and-later-to-eset-security-management-center-version-7-using-the-web-console if you want to keep the existing database with data. If you want to install ESMC 7.2 from scratch and re-deploy agent on clients, you can download the installers (All-in-one, standalone or virtual appliance) from https://www.eset.com/us/business/security-management-center/download/.

Is there any reason why you haven't upgraded to ESMC 7.2 yet? ERA v6 has already reached end of life and its latest version 6.5 is in limited support phase with EOL to reach by the end of this year.

Since the archive is small now, you can upload it here. Sharing via services where we must request access with our private accounts is not the right way to go.

If you want only accessing of one category of urls to be reported to ESMC, it should be fine. The problem could be if you created a rule for every single url with the Warning severity. Since a single client could generate several such records per second, with hundreds or thousands of machines reporting them to ESMC could cause network and server performance issues and congestion.

You must use the "Warning" severity for the desired Web control rules to send the data to ESMC. However, be careful to not use it for rules that allow or block too many urls or it may have adverse effect on perfomance of the ESMC server if many clients start to send a lot of data.

You can upload it to a safe location, e.g. OneDrive and drop me a personal message with a download link. Or generate a new archive while using the default template, I assume the size of the log should be significantly smaller.

ELC should generate a single archive, not individual files: https://support.eset.com/en/kb3466-how-do-i-use-eset-log-collector

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD. Detection of suspicious app would look like file.exe - a variant of Win32/Packed.VMProtect.AC suspicious application

Try uninstalling Endpoint and installing the English version of it. The system language setting is not the only one which affects the language of the program.

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules.

Please post the information about installed modules (Update -> Show all modules).