Marcos

Does also the Administrator account have a password set ?

Please gather logs with ELC and drop me a private message with the generated archive.

We strongly recommend using default settings which are optimal for most of the users.

Comparing ESET Internet Security and ESET Smart Security Premium, currently ESSP has two additional modules - Disk Encryption and Password Manager. If you don't need any of these or use another tools already, it's enough to purchase EIS. Transition between products is smooth; simply click Change product in the main gui and you will be offered products that you can activate. After a computer restart, the selected product will be activated.

To submit a suspicious file, please follow the instructions at https://support.eset.com/kb141/.

It was addressed about a week ago in HIPS module 1317 which is currently available on pre-release update servers.

Since you are able to reproduce the crash, please right-click egui.exe while the above mentioned error is displayed and select "Create dump file". Compress the dump and also gather logs with ELC. Finally upload both archivea to a safe location and drop me a private message with download links.

That's indeed what I was about to suggest as the next step. This forum is not meant to be a substitution for contacting customer care. If we are unable to help, one should always raise a ticket on support where it will be properly tracked.

Downgrading is not a solution. You should install EP6.6 for maximum protection. We'll be releasing Endpoint v7 within the next few months which will bring even better protection. I assume you must have been attempting to update EP6.6 from a mirror created by EP6.5. The fact that downgrading to EP6.5 helped only confirms my assumption.

1, Enable advanced update engine logging under Tools -> Diagnostics on a client that updates from the mirror. 2, Run update. 3, Disable logging. 4, On the client, gather logs with ELC. 5, Compress the content of the mirror folder. 6, Upload both archives to a safe location (e.g. OneDrive, DropBox, etc.) and drop me a message with download links.

It appears that your computer is infected. There are malicious DNS servers used: 82.163.143.176, 82.163.142.178. If you have IPv4 configured to obtain an IP address automatically from a DHCP server, check your router's setup and configure it to use Google's DNS 8.8.8.8 or 8.8.4.4. It is also weird that many legitimate processes aren't showing the status "running" but "unknown". Besides that, run a full disk scan with ESET Online Scanner or better from a rescue disk. I've also noticed that you have HIPS disabled. Re-enable it as soon as you get things working. Also you have a CoinMiner PUA excluded. If that was not deliberately excluded, remove it from the exclusion list.

So you are attempting to update Endpoint 6.6 from a mirror created by Endpoint 6.5? This won't work since EP6.6 uses a different format of update files. You'll need to create the mirror with Endpoint 6.6.

For some reason ecmds cannot start egui. However, why it doesn't time out after some time remains a mystery to me. I'd suggest contacting your local customer care and providing them with a Procmon boot log and logs gathered by ELC to start off.

That is a known quirk. The version number cannot be updated in the list of installed applications if the program was updated via uPCU to a newer version.

What product / version do you use to create the mirror? Is there any reason why you don't use http proxy to save traffic? When using a mirror, maybe about 90% of downloaded files will never be needed by clients.

Only apk files are scanned so if you don't have any on the SD card, no files will be scanned.

Try renaming the file or moving it to a different folder, e.g. c:\malware.

No, I didn't register there. I simply entered the address in the address bar several, chose to remember the action and the website was opened in a secured browser alright. I repeated it several times without issues. Perhaps it'd be good if you could shot a video to demonstrate the issue.

Been trying to reproduce it on Windows 10 and Chrome 66.0.3359.139 (Official Build) (64-bit) to no avail. I also closed Chrome, re-opened the website and it was always opened in a secured browser without issues or errors.

Does the problem occur with any browser, including IE? Does creating the above mentioned exclusions make a difference? Do you have Endpoint Antivirus or Endpoint Security installed?

The request http://eset.com/BPPRedirector doesn't go to the Internet but is rather intercepted by BPP. I've tried to reproduce it to no avail. Please provide: - information about the OS - information about the browser, version and platform (32/64-bit)

I've checked your logs and there was not a single record about blocked access to a website. The website is not on our url blacklist either. I'd suggest contacting Customer care and clarifying what issue you are having.

For me it works with v11.1.42. However, I'd strongly recommend upgrading to v11.1.54. Try manually running update and update to the latest version should be offered.

@snlehton This was most likely caused by the driver c:\windows\system32\drivers\netutils2016.sys. It's a legitimate driver, however, to my best knowledge it can load malicious configuration. Renaming it or moving it to a different folder in safe mode would have resolved the issue.

I recall it's a limitation of Android itself. Will update this topic when I have more information on this.