Marcos

What format of the product key do you have? Is it in the format XXXX-XXXX-XXXX-XXXX-XXXX ? If so, you should be able to enter it in the activation form in gui - Help and support -> Change license.

Do you want to create an all-in-one installer with pre-configured settings? Wouldn't deploying agent and setting up an Endpoint policy with exclusions be an option? Or you don't plan to have Endpoint managed by ERA at all?

See https://support.eset.com/kb6382/. It's possible using a Run command task from ERA after configuring Endpoint to accept these commands from ERA.

Do you have any other non-standard Outlook add-on installed? If so, could you try temporarily disabling it and see if it makes a difference?

If you or somebody else have experience with other products that protect MBR, I would like to know if they can also prevent false positives and permit legitimate applications to make necessary changes to MBR and have no noticeable impact on performance.

If MBR is protected, how can legitimate applications modify it, if needed?

Here you can find step-by-step instructions how to open indexing options: https://helpdeskgeek.com/windows-7/windows-7-file-search-indexing-options/.

Please provide ELC logs to start off.

It has nothing to do with your account since you wrote that you are not an owner of the website that was blocked. Simply the website you visited was compromised and an admin or owner of the website should clean it and take measures to prevent further reinfection. You as a person with no relation to the website cannot do anything about it but give a heads-up to admins of the website.

I would recommend reading https://blog.sucuri.net/2017/02/joomla-security-pornography-spam-campaign-in-the-wild.html, especially the part Joomla 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object-injection attacks and execute arbitrary PHP code via the HTTP user-agent header. It was first exploited in December 2015 and is still happening today. If you have not updated your Joomla site since then, you are likely already compromised. We have a new guide on how to clean a hacked Joomla site that you can follow.

You can report a possible false positive to ESET as per the instructions at https://support.eset.com/kb141/.

Next week we'll be releasing DesLock 1.0.13.0 which should address this issue.

You can create a HIPS rule to prevent other applications from launching IE.

To start off, please provide me with logs collected by ELC .

It could be that the ESET install folder is not excluded from indexing by Windows Search which locks an update file at the moment we attempt to rename it during update.

Since I don't use the product you've mentioned, I have no clue what kind of protection it provides. However, ESET is unique in protecting UEFI. Although there's at least one more AV vendor to provide this protection, it's available only to business users as a stand-alone tool and not as a part of their products. ESET included the UEFI scanner also in products for home users. For more information about ESET technology, please read https://www.eset.com/int/about/technology/.

Please provide a screen shot of what you are getting.

Yes, you can. What is not possible is transferring an already registered license to another person.

I'm not sure if installation on tablets is possible and fully supported. I know we support installation on Android tablets, however.

Already replied here: https://forum.eset.com/topic/14705-missing-eset-offline-installers/?tab=comments#comment-73063 In order to keep the discussion at one place, we'll draw this topic to a close.

Only the latest v11 offline installers are available. Please clarify why you need v9 or v10 offline installers.

Try the following, one at a time, to narrow it down: - Temporarily disable HIPS and restart the computer - Temporarily disable protocol filtering. After each step, try to reproduce the issue. Let us know about your findings.

Since there's no security solution that would be able to provide 100% malware detection and protection without excessive number of false positives, it's always a good practice to strengthen protection by other means, such as by HIPS, firewall rules, etc. if the end user or admin is savvy enough to deal with possible issues that such rules may cause at times.

What makes you think that ESET is the culprit? ESET does not modify nor rename files or folders; it merely deletes files if they turn out to be malicious and are detected. If it's only the external sdcard that is affected, it could be a hardware issue for instance. No other users have experienced and reported such issue yet.

I would run "htcacheclean -A" on the proxy to find out if files are actually being cached. If that's not an issue, pick 2 machines that have the same version of the detection engine. Update one of them to the latest version, if available. Once updated, start logging the network communication to pcap (e.g. using Wireshark or tcpdump on Linux) both on the proxy and on the other client and then run manual update on the client. Finally save both pcap logs and provide them to us along with the output of the command "htcacheclean -A".