Marcos

You can find scan logs under Tools -> More tools -> Log files -> On-demand scanner.

In your case it's a backup-related process CarboniteService.exe which is having a handle for an update file open at the time we attempt to rename the appropriate folder. Is it possible to configure the backup sw to exclude the Modules folder at least?

The log is not from a boot. After launching Procmon, select "Enable boot logging" in the Options menu and "Enable advanced output" in the Filter menu. Then reboot the computer, launch Procmon and save the log.

Please provide a screen shot of 1-2 such warnings. Also try the following: - Reboot the machine - Without launching any applications, disable SSL/TLS filtering in the advanced EIS setup and save the changes - Re-enable SSL/TLS filtering - Try to reproduce the scenario.

Please upload the log to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with a download link.

That option is available in consumer products too.

Haven't tested it myself but you can try creating an exclusion for the whole computer with the threat name set:

Excluding a threat from being detected is not a solution unless you want to get infected. Although in this case it's adware and not malware, I would not let even adware run on a computer. If you're getting this alert right after launching a browser, ie. without opening any website, try disabling all extensions that you have installed.

I'm getting the following notice regardless of whether HIPS is enabled or not. Didn't find any difference between HIPS being enabled and disabled. The process ended normally in either case.

Unfortunately, the Procmon log was not from a boot. Please refer to the section "Gather boot log files" in the above mentioned KB article. Before you start logging, enable also advanced output in the Filter menu.

Please provide: - ELC logs - A Procmon boot log created as per the instructions at https://support.eset.com/kb6308/ Upload both archives to a safe location and drop me a message with download links and a link to this topic.

I doubt that the problem is in EIS setup since the ESET firewall allows all outgoing communication in automatic mode by default.

Web structure tells almost nothing about whether a particular page is phishing or innocuous. There are some typical folders that contain phishing pages, such as securedview, paypal/paypal, docusignpro, adobecom, Gdrive, etc. but their names change, folder names may consist of random characters or phishing pages may be placed even right in the web root folder. It is not possible to 100% detect phishing pages just by the address / web structure and there are many things that need to be considered.

Please check if a firewall allows ESET Mail Security to connect to the Antispam servers listed at https://support.eset.com/kb332/#antispam.

For Endpoint you can create a mirror. Consumer products support only online updates from the Internet.

Probably you meant integrating Secure Data into Endpoint and subsequent management by ERA. Unfortunately, that will take longer and Secure Data will not be included in Endpoint v7.0 but in future versions.

Install and update files would be cached by the already existing proxy. I've now realized that the existing proxy requires authentication which is an unsupported scenario. Please configure ESET products to use the existing proxy.

Since you already have a proxy in place, why do you want to use also the Apache HTTP Proxy?

In the Task manager, right-click "ESET Main GUI" and select "Create dump file" while the notice about a crash is displayed on the screen. Also collect logs with ELC. Then compress the dump, upload it to a safe location along with ELC logs and drop me a message with download links.

Do you really have QUIC protocol disabled?

Do you have any dump files in "C:\ProgramData\ESET\ESET Security\Diagnostics\" ?

There is probably a communication issue between your computer and ISP or between your ISP and ESET's servers. You can provide a Wireshark log from time when the error is reported but I don't think it would shed more light. Since you have a consumer product installed, I assume that you are not behind a corporate firewall that could block communication with ESET's servers. Requests to your DNS server must work or you wouldn't be able to open websites in a browser for instance.

Do you have wifi enabled? Is the only problem that you don't see your notebook's location in the AT portal?

Dobry den, Jedna sa o potencialne nechcenu aplikaciu (PUA), pricom starsia verzia jednej aplikacie od tejto firmy bola vyhodnotena ako Deceptor certifikacnou autoritou AppEsteem. Detekcia PUA je dobrovolna a pouzivatel sam rozohoduje, ci chce takeho aplikacie detegovat, alebo nie. Ak aj nechcete vypinat detekciu PUA, mozete priamo zo zlteho okna detekcie v rozsirenych moznostiach zvolit moznost vylucit vzorku z detekcie. Rovnako mozete pridat blokovanu stranku do zoznamu povolenych stranok v rozsirenych nastaveniach - v nastaveniach Webova a emailova ochrana - Sprava adries.

Are you getting these alerts even if no browser is running? If not, does using a different browser make a difference? Did you try to run a browser without extensions?