Marcos

The registry is basically scanned only when cleaning threats after detection. Normally only startup locations are scanned by the startup scan.

@SWa and @kaizohh, was the issue that only a benign alert was generated or it actually affected the application in some way ?

I'd recommend enabling advanced operating system logging under tools -> diagnostics and rebooting the machine to reproduce the issue. Next disable advanced logging, collect logs with ESET Log Collector and add C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl to the generated archive. Upload the archive to a safe location and drop me a personal message with a download link.

If you are using an http proxy then the installer will be cached and other clients will not re-download it again. Therefore it's a good idea to upgrade just one client for a start so that the installer is downloaded and cached.

I'd suggest enabling reporting of all installed applications in an agent policy, apply it on clients, wait a bit until clients report installed applications to ESMC, then check Installed applications in client details for information about the application name and version that was reported which you could subsequently use in a dynamic group rule.

In order to upgrade agent on clients, send an ESMC Component upgrade task to clients:

First of all, kindly please understand that this forum is not a place for disputing detections. Unfortunately, you didn't provide information about the detection name or application so it's hard to tell if it's actually a false positive. Actual false positives are dealt with quickly when reported, hence I assume it's rather a PUA detection and in such case the detection should be correct. I've tried to look up email sent from your forum's registration email address to samples[at]eset.com to no avail.

The license was issued in Honk Kong and was deactivated. If you wish to continue using ESET, I'd recommend: - purchasing a license for ESET Internet Security or ESET Smart Security Premium (includes also Password Manager and Disk Encryption) - uninstalling ESET NOD32 Antivirus and installing EIS or ESSP and activating it with your license. EAV doesn't contain the network attack protection module and therefore cannot protect you from brute-force attacks or exploitation of vulnerabilities in network protocols either, hence the recommendation to use EIS or ESSP instead.

EraAgentSvc doesn't stop when installing or upgrading Endpoint so the error must be unrelated to the issue. To upgrade Endpoint, send a software install task to clients. We recommend to do it in batches, starting with smaller ones. If installation fails, it's necessary to troubleshoot the issue on one of the machines, create install logs as per https://support.eset.com/en/how-do-i-generate-an-installation-error-log-for-windows-eset-products and provide it to ESET staff for perusal along with logs collected with ESET Log Collector. What version of Endpoint do you have currently installed?

We'd need the following for analysis: - C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl - created after enabling advanced operating system logging in the advanced setup -> tools -> diagnostics and reproducing the issue - logs collected with ESET Log Collector.

It shouldn't be a problem to upgrade to a higher product and / or increase the number of seats; the price for the remaining period of your license would be subtracted from the price of the new license.

I was unable to reproduce it. Only WD SmartScreen blocked execution.

Microsoft has already released a hotfix for the vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

If possible, try to reproduce it with a freshly installed EP 7.2 without updating modules (e.g. you could disconnect the pc from LAN right after activation). As for the memory dump, compress it and upload it to a safe location (e.g. OneDrive) and drop me a private message with a download link.

Would it be possible to provide a complete memory dump from time when the issue occurs by manually initiating a crash as per https://support.eset.com/en/how-do-i-generate-a-memory-dump-manually ? Has the issue manifested just recently and it used to work with Endpoint 7.0, 7.1 or 7.2 alright before?

What version of Endpoint do you attempt to upgrade to v7.2?

The log shows that you have Apache HTTP Proxy Apache/2.4.20 (Win32). Within the ESMC All-In-One installer we provide a 64-bit version 2.4.39. Please use this one.

If a website is blacklisted, adding it to the list of allowed addresses will allow access. Access to websites in the Allowed addresses list is scanned for malware. URLs in the list of addresses excluded from content scan are not scanned for malware. We do not recommend adding any URLs in this list unless there's an issue accessing a specific website and ESET personnel has advised to exclude it from content filtering.

Since you didn't purchase a renewal but a new license, your existing license will not be extended. Instead, you could use the new license. I assume it should be possible to refund the price for the license and purchase a renewal instead when due. Please contact ESET Germany or the seller for more information.

Would it be possible to provide the application for replication and further investigation of the issue?

I don't recall analyzing your previous logs so I can't tell what the problem was caused by at that time.

If the issue occurs with v13.0.24, further logs will be needed for analysis. Please carry on as follows: - in the advanced setup -> diagnostics -> tools, enable Advanced operating system logging - reproduce high CPU usage - disable advanced logging - compress C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl and provide it to ESET for perusal along with logs collected with ESET Log Collector.

Unfortunately I have no clue. You can try.

Dobry den, jedna sa iba o zastrasovaci mail, treba ho ignorovat. Viac informacii najdete na: https://www.eset.com/sk/o-nas/press-centrum/malver/eset-podvodnici-vydierajuci-pornom-si-vylepsili-slovencinu/

As for the files that could not be opened and scanned, just ignore those messages. They all seem to be standard files that are exclusively used by the OS or you don't have permissions to access them. As for the scan time, most likely it was not the first on-demand scan you've run so the scanner already had information about whitelisted files and skipped them.