Marcos

Please collect logs with ELC on that machine and provide me with the generated archive for perusal.

Windows Updates are excluded from https scanning so ESET should not prevent them from being downloaded. We are not aware of any issues with Windows updates that would be caused by ESET.

Having a multi-user license doesn't mean that you are entitled to install ESET on any number of devices. The number of devices has to be chosen during the purchase process. From FAQ below this selection: One ESET Multi-Device Security licence can cover up to 5 of your devices. You should choose number of covered devices at the first stage of your buying process. You can transfer protection to another device at any time without the hassle of getting new licence. You can easily check your licence usage through our Licence Manager site at my.eset.com portal. If there's something unclear about this type of license or should you need to correct your order, please contact ESET UK.

1, Make sure that the VPN network is trusted. The first time the computer connected to the VPN, you should have been offered an option to mark it as home/office (trusted) network or public. Later you can change it in the advanced setup -> firewall -> known networks. 2, As the name suggests, in interactive mode you are asked whether to allow or block particular communications. It's possible to create the necessary rules in interactive mode and then switch back to automatic mode. Or use learning mode to create rules first and then switch to interactive mode for instance. In your case I assume that marking the VPN connection as trusted will resolve possible issues with firewall blocking desired communication. 3, I assume that temporarily pausing firewall makes a difference and that marking the network as trusted would also resolve this issue. In untrusted (public) networks, sharing and some other communications are disabled. Should the problem persist, create a separate topic for this. We'll need you to: 1, enable advanced firewall logging in tools -> diagnostics, 2. reboot the computer, 3. reproduce the issue, 4. disable logging and collect logs with ELC.

It depends on the country where you purchased your license. In Slovakia, we don't sell multi-user license but Family pack which is intended for 4 devices at maximum. In the US, it's possible to purchase a multi-device license for up to 10 devices. The price depends on the number of devices you want to cover.

If you would like to install EIS 11.1.51 release candidate, you can download it from: ESET Internet Security 32-bit ESET Internet Security 64-bit This version has passed QA testing and will be released very soon, probably as version 11.1.52. It addresses all known issues reported with v11.1.42.

The ESET firewall currently doesn't support wildcards in paths to applications.

It's it detected upon download ?

As the logs showed, you have Sophos installed and running. Try running the batch file listed at https://support.home.sophos.com/hc/en-us/articles/115005679923-Unable-to-uninstall-Sophos-Home ii in safe mode.

I found an error "Activation context generation failed for "C:\Program Files\ESET\ESET Security\ekrn.exe".Error in manifest or policy file "C:\Program Files\ESET\ESET Security\ekrn.exe" on line 0. Invalid Xml syntax." in your event log. Please continue as follows: - Run "sxstrace.exe trace -logfile:sxstrace.etl" in a commandline console. You should see: C:\LOG>sxstrace.exe trace -logfile:sxstrace.etl Tracing started. Trace will be saved to file sxstrace.etl. Press Enter to stop tracing... - attempt to start ekrn.exe from the Services console or by running "net start ekrn" - press enter in the commandline console to stop logging - provide me with sxstrace.etl. Then you can also provide me with fresh ELC and Procmon logs for me to check that the malware c:\windows\rss\csrss.exe is not running any more.

You can drop me a private message with the license key belonging to the license used in a product activation task and I will check if it's a correct license that is still valid.

Do you have only 2 computers connected via a router or hub ? An ARP poisoning attack is detected if more responses with different MAC addresses are received to a broadcasted ARP request.

An automatic update (uPCU) will be issues to users with an older v11 later, not immediately after the new v11.1 is released. If you want to have it asap without waiting for automatic update, you can download it and install it over your current version. Installation over an older version is a fully supported scenario to preserve your current settings.

This will be fixed as of the HIPS module 1316 which should be released soon.

If you would like to install EIS 11.1.51 release candidate, you can download it from: ESET Internet Security 32-bit ESET Internet Security 64-bit This version has passed QA testing and will be released very soon, probably as version 11.1.52. It addresses all known issues reported with v11.1.42.

I would recommend to use this opportunity to move to ERA6 since ERA v5 is due to reach its end of life by December 2018. Moreover, v5 Endpoint products do not provide as good protection as Endpoint v6 and may be affected by issues that were addressed in newer versions. If you don't need to keep the existing db, simply deploy an ERA v6 virtual appliance, generate an agent live installer and install it on a group of clients via group policy. The clients will start reporting to the new ERA then. Both old Endpoint v5 and new Endpoint v6 can be managed with ERA v6. If you want to keep the existing db, follow the instructions at https://support.eset.com/kb3607/. How many endpoints do you manage with ERA?

I advised you to use HKEY_USERS\*\ where "*" represents any SID, ie. any user. Note that I'm talking about HKU, not about HKCU.

Unfortunately without knowing what was being logged that made the logs that big I cannot advise any further. Try to reproduce it and then provide such dat file for perusal.

I'd suggest to start off with posting a screen shot of both the ESET warning and a list of wifi networks in your neighborhood. Also collect ELC logs as follows and provide them for analysis: - temporarily enable advanced firewall logging under Tools -> Diagnostics - reboot the computer - wait until the warning appears - disable logging - collect logs with ELC.

Please upload one of the smaller dat files to Dropbox, OneDrive, etc. and provide a download link. You can safely delete the other big dat files in that folder.

It appears to be your local seller. Please contact them to resolve the issue.

Instead of HKEY_CURRENT_USER, use HKEY_USERS\%SID%. I reckon that * should work as a wildcard for any SID.

Did you apply an ERA agent policy on clients that enables reporting of non-ESET applications?

I've just tried activation and it worked like a charm. Since you are installing ESET NOD32 Antivirus, I assume that you also have a firewall installed which might be preventing ESET from reaching activation servers.

You can choose to restore a file and exclude it from further detection by selecting the appropriate option in the right-click context menu.