Marcos

Switching from release to pre-release updates or vice-versa may take several minutes since all modules are downloaded and re-compiled. Update to v11.1.42 was removed from the repository about an hour ago. Those who did not upgrade but installed v11.1.42 from scratch were not affected. Those who had setting protected with a password could use the ESET Uninstall tool in safe mode and install v11.1.42 from scratch then until we find a better solution.

Could you please try switching to pre-release updates in the advanced update setup to ensure that the latest Configuration Engine module is downloaded? Please let us know if that fixes the issue:

Which of the above that I suggested to try do you confirm to get the issue go away?

Does pausing real-time protection make a difference? If not, what about temporarily disabling protocol filtering or advanced scanning of scripts in the web protection setup?

Do you have the "Rename computers" task enabled in the Server tasks setup?

The OP should confirm that encryption occurred after 5:36:27 on March 10, 2018. The logs suggest so but since I didn't get examples of encrypted files, I cannot check their timestamp.

I assume it's a trusted device which scans remote ports for whatever reason. If that's the case, select "Do not notify" and click Allow.

We can rename Disconnect to "Block access" if you think it causes confusion and renaming the button would help.

You have switched the firewall to interactive mode. This is recommended only for advanced users who can evaluate network communication and distinguish the legit from the bad. In this case it is a perfectly legit communication. The tool appears to be from HP and has good reputation. Ocsp.comodoca.com is contacted to check if the certificate has been revoked. I'd strongly recommend switching the firewall to automatic mode.

Could you please clarify what you mean by accessing your phone via your wife's phone? If you had ESET Mobile Security installed and Anti-Theft enabled, you should be able to log in to my.eset.com and mark the computer as missing. Then you will be able to check its location for instance if the mobile phone is turned on and wifi is enabled.

According to the log, the ransomware was run from a remote share (desktop) \\Masterserver\Users\kiek\desktop\f-new.exe and was accessed by explorer.exe. This had been happening between 5:35:26 and 5:36:27 on March 10. My understanding is that an attacker already copied the ransomware to the above mentioned desktop, then connected to this computer and attempted to start it via Windows Explorer. It had been blocked several times by ESET until the attacker disabled real-time protection to allow the ransomware to run.

Without the file itself or at least its hash it's impossible to tell what is. It could be anything, theoretically calc.exe, egui or ekrn.exe or whatever renamed to gjagent.exe. The name itself doesn't tell anything about the file content.

A screen shot from v9. The exclude options are greyed out.

It's not a bug but a feature that has been there since the beginning. The behavior is correct. For safety reasons it's not possible to exclude actual threats from detection,only pot. unsafe and unwanted applications can be.

Please contact your local customer care so that the case is properly handled and tracked.

So the question is if the computer has connected to the Internet at least once after installing Endpoint. Offline license files are intended for use only on completely isolated computers that never connect to the Internet.

Did you use an offline license file to activate Endpoint only on computers that never connect to the Internet? If those computers connect to the Internet, activate them from ERA or manually from the main gui.

First of all, please post in English so that moderators and other users understand you and could help. Unsurprisingly asking about the best AV in an ESET official forum won't yield other answers than ESET. Honestly, with ESET's products you won't make a mistake and I'm not saying that just because I'm an ESET moderator. I recommend reading this page for information about genuine technologies that ESET uses to protect you from emerging threats: https://www.eset.com/int/about/technology/.

If I remember correctly, Filezilla is bundled with Fusioncore PUA. When it comes to PUA detection, the user is asked for action selection. Besides selecting "No action", one can expand advanced options and select exclude from detection.

A changelog will be posted after the new version has been released for all users. The biggest change are more frequent updates to ensure even faster response to new threats.

Updates from a mirror over https are supported only in new versions. If you mean ESET File Security v4 for Linux, a brand new version will be available later this year. If you mean Business Edition for endpoints, I'd strongly recommend upgrading to the latest version of Endpoint 6.6. V4.2 is too old and cannot provide sufficient protection against emerging threats.

It is not clear to me what you would like to achieve. Do you want to keep detected files intact and create a copy of them in quarantine? Because I understand quarantining as moving detected files to quarantine which is done when cleaning threats.

Is she using Windows XP that she has v9 installed? If not, then I'd suggest uninstalling v9 and installing the latest v11. Also is it ESET NOD32 Antivirus or ESET Smart Security installed?

Unfortunately, you've posted in the General forum so we don't know what ESET product and version you are using. Please provide that info so that we can move this topic to the appropriate forum. Also let us know if disabling protocol filtering in the advanced setup make a difference.

Did you remove the license by uninstalling ESET Mobile Security or what exactly did you do? Please drop me a private message with your email address associated with my.eset.com.