Marcos

Please provide me with your registration email address so that try to look up your license on files.

Please drop me a message with a download link to a zipped dump file. The crash dump analyzer you've used may point ESET as the culprit even though the crash was caused by something else. We'll need to analyze the dump in order to tell what actually caused the crash. Also collect logs with ELC and provide me with the generated archive as well.

What do you mean by "new blocked rules"? Please post a screen shot for clarification. Rules are not created nor added automatically except in learning mode. However, in learning mode only permissive rules are created. A screen shot should shed more light. An exclamation mark on a device means that some traffic from that device was blocked. Clicking the device and selecting "Troubleshoot" will open the firewall troubleshooting wizard with details about communications that were blocked with an option to unblock a particular communication permanently if it was legitimate and blocking it caused some issues. Please post a screen shot of the Connected home monitor screen for clarification.

In the screen shot it's not shown under ESET. I mean, if you expand "ESET service", you should see only "ESET Service" under it:

Does temporarily disabling protocol filtering in the advanced setup make a difference? If not, what about pausing the ESET firewall ?

Do you have a reason to believe it's caused by ESET? Does temporarily uninstalling ESET make a difference?

Please provide more information about failures when loading websites. Is it only https or also http websites that you are having issues with? If you get an error while loading these websites, please post a screen shot of it. Do you have another security software installed besides ESET?

You can download it from the download page. Or you can switch to pre-release updates to get it instantly without waiting until the product is updated automatically.

It is typical for ransomware that it removes automatically after encryption is completed so it's pretty normal that you can't find it on the machine any more.

Unfortunately, it is impossible to decrypt files encrypted by GandCrab.

If you install Endpoint from scratch now, is it still taking about 30 minutes to download the first update?

I've gone through your previous posts but honestly I'm not sure what issue you are referring to. Please clarify.

The latest version of ERA is 6.5, however, the latest version of Endpoint products is 6.6.2072.

That's because you are using v11.0. Also keep in mind that only v11.1 has a lot of issues present in v11.0 fixed and also added supports for a sort of streaming updates for faster response to new threats which v11.0 doesn't support.

What script do you mean? Endpoints can be activated remotely from ERA using a Product activation task.

Fixed issue with webcam protection and registration as a new class. There were issues after upgrade (not with fresh installs) and web cameras on Windows 10 Fall Creators Update. That said, the changes don't affect ESET NOD32 Antivirus which doesn't contain the Webcam protection feature.

You can try downloading http://update.eset.com/eset_upd/update.ver with a browser utilizing the same proxy setting as ERA.

Either the license is no longer valid, you entered the username or password incorrectly or you connect through a proxy that is not configured correctly in the ERA setup. I'd strongly recommend upgrading to ERA v6 and Endpoint v6.6 and using an HTTP proxy to replace the mirror.

I'd recommend upgrading server products at the maintenance time. Upgrading to a new version requires a restart, otherwise older drivers will remain loaded until the next system restart which may cause unexpected issues, especially if you upgrade to a new major version (e.g. from EFSW v4 to EFSW 6).

Please provide the seat ID of the troublesome computer. You'll find it in HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId.

Not sure if "hammered" is a correct English word to describe it but servers may be temporarily under a heavier load at times when a larger update is released. We would need to check the server load exactly when you are observing very slow download speed to tell for sure.

What version of the HIPS module do you have installed?

We appreciate your willingness to help, however, further logs are not currently needed since the issue is now solved and a fixed program update (uPCU) to v11.1.42.1 will be put on pre-release update servers soon.

I don't find it surprising if attackers manage to remote in via RDP and with admin rights disable protection or uninstall the AV. Speaking about the Ransomware shield, it's only a part of consumer products. As for Endpoint, v7 will be the first version that will have it included.

The detection is correct. Potentially unwanted applications are not malware. As per the description at https://support.eset.com/kb2629/: A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks. PUA detection is not enabled by default and user's interaction is required when a PUA is detected. Last but not least, I'd like to emphasize that this forum is not a channel for disputing PUA detections. The only supported channel is via samples[at]eset.com where PUA vendors can contact us.