Marcos

If you have purchased a license and activated ESET with the license key you received, please gather logs with ELC and supply me with the generated archive.

Is such small nfi file created even several times a day every time the system wakes up from hibernation? Do you run scans with Windows Defender?

Please provide logs gathered by ELC for perusal.

Did you analyze a memory dump or how did you find out? The dll is loaded by ekrn so you can't simply check it it the Task manager. Also that module has nothing to do with real-time protection, it's a firewall module. If pausing real-time protection actually makes a difference, please generate a Procmon log with advanced output enabled as per the instructions at https://support.eset.com/kb6308/ while the issue is occurring.

If a file is detected doesn't mean that it won't be submitted. Even in the LiveGrid feedback submission setup, you can set actions separately for infected and suspicious files. And even if an nfi file is created, it may be refused by LiveGrid servers and would be subsequently deleted, e.g. if somebody else has already submitted it. Another question is if the nfi file was really related to the above mentioned detection. If you would like me to check, provide the nfi file.

ESET Smart Security has been on the market since 2002 if I remember correctly and never supported wildcards in firewall rules. Moreover, there has never been a big demand for such feature. We appreciate your feedback and welcome any reasonable and feasible ideas that could make our products fit your needs. Some improvements have big benefits for all or most of users but take many resources and time to accomplish them (e.g. detection-related ones). Some have smaller benefits appreciated by a small number of users but can be accomplished quickly. Then there are improvements with smaller benefits for a small number of users but are quite expensive to accomplish in terms of resources and time. Unfortunately, support for wildcards in rules falls into the last group which is also why it hasn't been added yet. However, we didn't forget about it, it's on a to-do list and we plan to implement support for wildcards in the future.

It's a leaked license, thus the error.

Please refer to this KB article for a list of IP addresses used by ESET's products: https://support.eset.com/kb332/.

Kindly also drop me a private message with your license key.

Please gather logs with ELC and supply me with the generated archive.

Since ESET is not the owner nor developer of Facebook, we cannot help you. Please contact Facebook.

You have installed an older version of ERA v5.0.119. The latest version is 5.3.39. Likewise you've installed Endpoint Antivirus 5.0.2214 while the latest is 5.0.2217. Anyways, since v5 will reach its end of life towards the end of this year and doesn't provide as good protection as Endpoint v6, I'd strongly recommend: - installing / deploying ERA v6 - upgrading clients to the latest Endpoint 6.6.2072 - considering using HTTP proxy instead of a mirror to save a lot of traffic (mirror downloads maybe ~90% of files that will never be needed by clients) - considering upgrading your license to ESET Endpoint Security which also contains Botnet and Network protection modules to protect especially unpatched systems from being attacked through vulnerabilities in network protocols.

A security product installed on your machine prevents it from getting infected by malware. However, it obviously cannot prevent others from performing brute force attacks or trying weak passwords to log in and change your account settings. Also if you logged in on public machines in a library, school, etc. ESET cannot prevent your login data from being captured by possible keyloggers installed on other machines where you log in. Contact Facebook, use a stronger password next time and log in to your account only on your own devices that are protected by ESET.

Are you saying that you are having two issues? First one that your mobile is not optimized for AT and the second one that your notebook doesn't appear in the AT portal? As for the second issue, did you enable AT on the laptop, entered your UP and then was asked to enter the device name? Did the process finish with the message "Device association has been completed" ?

Please provide me with logs collected with ELC.

I'd suggest temporarily uninstalling ESET and see if you can install the update then. If the problem persists, you can rule out ESET being the culprit.

Unless you use an offline license on completely isolated machines that never connect to the Internet, it's Endpoint itself that connects to activation servers and performs activation. Try installing Endpoint using the msi installer and then use your license key to activate it. With correct proxy server setup and firewall permitting access to ESET's activation servers (see https://support.eset.com/kb332/), activation should succeed. Should it fail, an ACT error code should be displayed. If that all works, we can look into the issue with activation of all-in-one installers.

I would like to point out that only ESET Internet Security and ESET Smart Security Premium are our flagship products for consumers that provide complete protection from Internet-borne threats so users might be more interested in testing these than just a pure antivirus. These products also contain Botnet protection and Network protection modules to protect especially unpatched computers from exploits exploiting network vulnerabilities and thus proactively prevent the system from getting infected with not yet known malware (which happened in the case of the infamous WannaCry ransomware for instance).

Is ESET Endpoint 6.6 installed on these machines? What error are you getting when attempting to update?

The FP has been fixed and update resumed.

Unfortunately without a proof we cannot comment on it. Of course, no antivirus detects 100% of all threats, especially when it comes to scripts. And blocking all powershell scripts just because they could be misused is not a good solution either.

Please see my comment above. Updates were stopped and the detection will be removed momentarily.

There are several layers that could detect such threat: 1, Detection by a signature. 2, Web access protection if the powershell script is downloaded from the Internet. 3, AMSI scanner upon execution of powershell. 4, Advanced memory scanner if the payload is a file that is executed. The question is if the payload does something really malicious. Please contact samples[at]eset.com and provide details.

Thanks but it's not needed. We have got some examples from the LiveGrid feedback system.

Appears to be FP. We've stopped offering the latest update for now.