Marcos

Does it happen if you merely launch the app or when opening a document? If the latter, does it make a difference whether it's a locally stored doc or a doc in a network share?

Your first screen shot is from ESET Smart Security which contains a firewalll while the other one was from ESET Antivirus.

Does temporarily pausing real-time protection make a difference?

Did you also contact Customer care? This forum is not meant to be a substitute for customer care and does not allow tracking of issues. It's rather just an additional channel where you can discuss issues, provide feedback, etc. with other users and moderators. Please collect install logs as per the instructions at https://support.eset.com/kb406/ and provide them to customer care. You can post them here as well so that we can check if there's something obvious which is causing installation to fail.

In the advanced setup -> Firewall setup -> Known networks, select the correct type of your network.

As for the sample, we do not guarantee sending a response although we almost always do. In that case it sounds like a mountable disk image which may not look malicious but proclaiming it 100% innocuous without in-depth analysis could be deceptive. An in-depth analysis of a file can take from hours to weeks. Therefore it's necessary to mention what makes you think that a particular file is malicious when reporting samples to ESET.

*.doubleCLCICK.net sounds like a bogus site. If it's accessed by Firefox even without opening any website, it's likely that some of the extensions accessed it.

Beta versions are not included in the repository. As for installers for older versions, they are in the repository, however, only those that have the latest drives included and thus do not cause serious issues after installation caused by a conflict between an older AS driver and Meltdown/Spectre patches.

The problem with exclusions when the full path to a file as well as the detection name is specified will be addressed in the upcoming service release of Endpoint 6.6.

Is this a second license that you have purchased? I see you have one for ESS already activated which is valid until 8/16/2018. Please drop me a personal message and provide me with as many details as possible, in particular: A scanned copy of the receipt The activation key from the box you've purchased and the license key that you received after activation What store you purchased the license in

I was informed that we are in touch with Drive file stream developers since a 100% solution needs to be implemented on both sides if we don't want to sacrifice protection. In the mean time, we're trying to find a workaround via exclusions. We'll keep you posted.

Did you enter the key on a website somewhere? The activation form in EIS looks differenly:

It appears you have recently attempted to access a malicious website that was blocked and shortly after you attempting to disabled protection. You can disable protection anyway or keep ESET protecting your computer.

Dear forum members, We are considering a change in the product's behavior but before doing that, we would like to consult you, our field experts with regards to the problem and suggested change. We kindly ask you to: Read this message carefully Talk with other people of your support staff, whether they are aware of issues related to current behavior Provide any comments (supportive / negative) towards the proposed change As of now, one of the issues that our customers are facing is the behavior of products in managed environment, related to handling of detections and cleaning of Potentially Unwanted and Potentially Unsafe Applications (hereafter referenced as PUA) The following are prerequisites of the behavior: Default cleaning settings on the Endpoints (normal cleaning) Detection of PUA is enabled. With these settings we were reported the following problems by several customers and resellers / MSPs that we have interacted with directly during a customer research. Main problems are: End users on local machines are forced to respond to an „interactive window“ that is asking for action in case of a PUA detection, which can by triggered by protection modules or the on-demand scanner. They offer the „ignore & continue“ action even in managed environments where the end user should not make decision. Users can try to install a PUA which usually ends with multiple interactive windows appearing. If a PUA is already in the system and you schedule an on-demand scan, it will be reported to the user again and a dialog with action selection is shown to the user. If this happens on a server, it will be never resolved; the dialog eventually expires, and then will be reported again and again to the server upon re-scanning. The only solution currently is to set an exclusion or to set cleaning mode to strict which will automatically remove the PUA detection without asking. What are we planning to do: We are planning to change the product behavior in a way that our endpoints will automatically block / clean PUA detections in managed environments according to the option selected by an administrator, meaning that the end users will never see interactive windows. Alerts (only one) will be reported to the ERA, and it will be up to the security administrator to either set an exclusion or acknowledge such detection. After exclusion, reinstall of the affected PUA will be needed on the target system; restore from quarantine is not enough since „cleaning“ also removes references which are not restoreable (this is valid also now, when Exclusion is „cleaned“). We would like to hear from you and ask for feedback whether you consider this change as risky from the perspective of customer expectations. We do perceive the problem as serious and would like to change the behavior even for existing users by means of a module update. An alternative approach is to change it only in new versions of our products, meaning Endpoint V7 and eventually backport it to a new 6.6 hotfix if that happens in the foreseeable future. How the interactive window looks: How it looks in the logs: How it looks in the ESET Remote Administrator: Please note that we are also bringing a lot of changes into the ESMC: Cleaned „threats“ are automatically going to be marked as resolved (once the behavior is implemented, you will automatically get the PUA cleaned at the „first detection“) and will be automatically „resolved“ in ESMC (no duplicated entries when one clicks „no action“) You will be able to set exclusions directly from the threats section, basically by „one click“; there will be also an option to set „exclusion by HASH“ in EES. Please provide your feedback here: https://forum.eset.com/topic/14743-request-for-feedback-on-a-plan-to-change-handling-of-potentially-unwanted-unsafe-applications/. Thank you for your feedback & support.

I would recommend contacting customer care. At least on Windows the on-demand scanner reports any found threats to ERA so I'd expect the Linux version to behave in a similar fashion.

That shouldn't be possible. Only records with warning or critical severity are transferred to ERA.

Dear forum members, We are considering a change in the product's behavior but before doing that, we would like to consult you, our field experts with regards to the problem and suggested change. We kindly ask you to: Read this message carefully Talk with other people of your support staff, whether they are aware of issues related to current behavior Provide any comments (supportive / negative) towards the proposed change As of now, one of the issues that our customers are facing is the behavior of products in managed environment, related to handling of detections and cleaning of Potentially Unwanted and Potentially Unsafe Applications (hereafter referenced as PUA) The following are prerequisites of the behavior: Default cleaning settings on the Endpoints (normal cleaning) Detection of PUA is enabled. With these settings we were reported the following problems by several customers and resellers / MSPs that we have interacted with directly during a customer research. Main problems are: End users on local machines are forced to respond to an „interactive window“ that is asking for action in case of a PUA detection, which can by triggered by protection modules or the on-demand scanner. They offer the „ignore & continue“ action even in managed environments where the end user should not make decision. Users can try to install a PUA which usually ends with multiple interactive windows appearing. If a PUA is already in the system and you schedule an on-demand scan, it will be reported to the user again and a dialog with action selection is shown to the user. If this happens on a server, it will be never resolved; the dialog eventually expires, and then will be reported again and again to the server upon re-scanning. The only solution currently is to set an exclusion or to set cleaning mode to strict which will automatically remove the PUA detection without asking. What are we planning to do: We are planning to change the product behavior in a way that our endpoints will automatically block / clean PUA detections in managed environments according to the option selected by an administrator, meaning that the end users will never see interactive windows. Alerts (only one) will be reported to the ERA, and it will be up to the security administrator to either set an exclusion or acknowledge such detection. After exclusion, reinstall of the affected PUA will be needed on the target system; restore from quarantine is not enough since „cleaning“ also removes references which are not restoreable (this is valid also now, when Exclusion is „cleaned“). We would like to hear from you and ask for feedback whether you consider this change as risky from the perspective of customer expectations. We do perceive the problem as serious and would like to change the behavior even for existing users by means of a module update. An alternative approach is to change it only in new versions of our products, meaning Endpoint V7 and eventually backport it to a new 6.6 hotfix if that happens in the foreseeable future. How the interactive window looks: How it looks in the logs: How it looks in the ESET Remote Administrator: Please note that we are also bringing a lot of changes into the ESMC: Cleaned „threats“ are automatically going to be marked as resolved (once the behavior is implemented, you will automatically get the PUA cleaned at the „first detection“) and will be automatically „resolved“ in ESMC (no duplicated entries when one clicks „no action“) You will be able to set exclusions directly from the threats section, basically by „one click“; there will be also an option to set „exclusion by HASH“ in EES. Thank you for your feedback & support.

We offer Remote Administrator to install and manage ESET Endpoint products on endpoints.

Please try excluding /Users/%user%/Library/Application Support/Google/DriveFS/ .

Before you start logging: 1, If it's Windows 8.1 or newer, disable Protected service in the HIPS setup and reboot the computer. 2, After launching Procmon, set a "contains" filter for the path "C:\Program Files\ESET\ESET Security\Modules" 3, Enable advanced output in the Filter menu. 4, Enable Drop filtered events in the Filter menu. Start logging with Procmon and wait until the error occurs. This way the log should be reasonably small and yet capture events on the folder where the issue occurs.

Customer care would provide you with a logging version of the ESET plugin, if needed for further troubleshooting.

Do you also have HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc set to 0x00000000 ? What Windows update you are unable to install if ESET is installed? It appears that "KB406892" is not a correct number.

You'd need to remove all the other settings from an xml configuration file while preserving the xml structure. Exporting only some of the settings is not supported.

Ok, so we could rule out Windows Search. How often are you getting the error? Would it be possible to start logging with Procmon, reproduce the error, save the log and provide it to me for analysis?

What format of the product key do you have? Is it in the format XXXX-XXXX-XXXX-XXXX-XXXX ? If so, you should be able to enter it in the activation form in gui - Help and support -> Change license.