Marcos

Are you using Windows 10 Fall Creators Update?

I have often seen Filecoders to be detected both in TS shares and on local disks which means they were detected and blocked, however, the attacker had to disable real-time or even other protection mechanisms in order to be able to run the ransomware. Did you have detection of potentially unsafe applications enabled? I'm asking because detection is disabled by default as it covers legitimate tools that can be misused in the wrong hands, however.

Please post a screen shot of what package you selected in the repository.

First of all, if an attacker gains administrator access to a computer, he or she can do virtually anything, including killing the security programs you use. In this case it's not the firewall that would have prevented the ransomware from being executed by the attacker; they typically disable real-time protection which would have otherwise prevented the ransomware from being executed. Besides hardening or completely disabling RDP, if not really needed, you should consider: - keeping the OS up to date, installing all critical security patches asap - using a non-default port for RDP connections - limiting users with RDP access - using strong passwords - limiting IP addresses / ranges for RDP connections - set a password to protect ESET settings - enable detection of potentially unsafe applications to detect legit tools that can be used to kill running applications.

The attacker would have to run this command from the ERA console.

Please collect logs with ELC after the install fails and drop me a message with the generated archive attached.

What was detected by ESET and what by the other AV you mentioned? Was it files which were detected? Do you still have them at least in quarantine? I assume you are talking about a Mac device, aren't you?

You have posted in a consumer product forum. This feature is available only in ESET Endpoint.

Most likely a proxy server is serving an html code with a notice instead of the actual content of update.ver. Check proxy settings and make sure that the machine is allowed to connect to ESET's servers. Also I'd strongly recommend uninstalling EFSW 4.5 and installing EFSW 6.5. V4 is very old and is not intended for modern server systems either.

If temporarily disabling protocol filtering doesn't make any difference, the issue is highly unlikely to be ESET related.

If you have lost your registration email with a license key, please contact the seller from whom you purchased your license. If you don't get any email after entering your registration email address in the form for re-sending license details, most likely we don't have your email address on files.

Since this is ESET forum, A vs B discussions are not allowed. If you cannot afford paying for top-notch antivirus, you can go for a free one. Please refer to other forums for comparison. Paid antivirus can invest more into researches, developers, customer care, etc. and therefore provide you with as good protection as possible. Note that antivirus is not just the program itself. Also customer care is important, especially if you get infected with malware. Users with free AV usually don't get any support.

Why do you want to install v9 which contains less protection features and bugs that were addressed in newer versions? Also v9 will reach it's end-of-life in 2019 and users will be upgraded to the latest version except those using Windows XP.

It appears that you already have ESET Smart Security Premium installed and attempting to install it again. Check "Add or remove program" if EIS is already installed. What operating system do you use?

It appears that you already have ESET Internet Security installed (v11) and attempting to install an old ESET Smart Security (v9) over it. If there's a problem with EIS, uninstall it and install it from scratch. Do not install an old ESS v9.

It's not that difficult as it seems. You basically choose between: 1, ESET NOD32 Antivirus 2, ESET Internet Security (EAV + firewall + antispam + Anti-Theft + Parental Control + Network protection) 3, ESET Smart Security Premium (EIS + Password Manager + Disk encryption) Depending on the country, if you have more devices you can purchase a multi-license pack or Family pack. E.g. in the US and UK, you can purchase a multi-license pack (2-5 devices), not a Family pack. In Slovakia, we don't sell the multi-license pack but a Family pack for 4 devices. As for version numbers, it's not difficult either. The latest version is v11 and we provide it as a service (the same way as Microsoft provides Windows 10 updates), ie. we release product updates on a regular basis to ensure that users have the latest version with new features and fixes. We don't use version numbering like 2017, 2018, etc., except for marketing purposes.

Firewall rules are not per-user settings. The firewall must work even if no user is logged in so it would be difficult if not impossible to base firewall profiles on the currently logged in user.

I'm not sure if Parental Control that is a part of ESET Internet Security and ESET Smart Security Premium will ever be managed via my.eset.com. The main difference is that while children take mobile phones with them, they leave PCs or notebooks at home.

Please reproduce the issue and use Procmon to capture operations for at least one minute (make sure to enable advanced output before you start logging). When done, also collect logs with ELC, upload both archives to a safe location and drop me a message with download links. Do you have Parental Control disabled? You should get similar warnings from a browser if a certificate is not trusted. You can also check certificates used by particular websites here: https://www.ssllabs.com/ssltest/

The main problem with Opera is that debug symbols are not publicly available which prevents supporting new versions. Also it is not as popular as Chrome, Firefox or IE so investing a lot of resources into support would not be desired. Which AV supports Opera as a secure browser?

Please create a Procmon log with advanced output enabled as per the instructions at https://support.eset.com/kb6308/ and also collect logs with ELC. Upload both archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.

We are going to introduce ESET Enterprise Inspector (EEI) this year which is an EDR solution for monitoring the network for suspicious activities and responding to them accordingly. EEI will be interconnected with ESCM (ERAv7).

It appears that you have Endpoint Security installed. A malicious Word document was blocked by Network Protection upon an attempt to download, e.g. after a user clicked a link in a spam. Since ESET is very good at detecting and preventing Emotet and its VBA downloaders both by url blacklists and LiveGrid, it's very unlikely that the malicious Emotet payload would manage to run even if the initial download attempt hadn't been blocked by Network Protection. In future versions we plan to display threats handled by Network protection in yellow and report "Blocked" instead of "Detected".

You can check Windows Search indexing options and make sure that the ESET install folder is excluded: https://helpdeskgeek.com/windows-7/windows-7-file-search-indexing-options/. This issue will be addressed in future versions of consumer products.

The thing is those applications touch update files for whatever reason which triggers a scan and renaming the appropriate module folder fails. As I wrote, this is something that we should be able to work around on our part.