Marcos

Did you install MS SQL Server in Mixed authentication mode as per http://help.eset.com/era_install/65/en-US/index.html?sql_server_windows.htm ? The procedure of installing MS SQL Server is described in the KB https://support.eset.com/kb3671/. I'm asking because I see "MS SQL Server via Windows authentication" in the screen shot.

Run Windows update to install the latest Windows updates. Also you can configure ESET to notify you only about critical updates or disable OS update notifications completely.

Is Endpoint reporting in its main gui that is is not activated? If you don't see any warning, check if you have notifications about not activated product actually enabled in the advanced setup -> user interface -> application statuses -> general. ERA enables you to control these notifications and reporting of them to ERA separately via a policy. Also please provide us with the seat id found in HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId so that we can check if there were any activation attempts in the past.

Please refer to this KB article for information about addresses that must be allowed on a firewall for ESET security products to work: https://support.eset.com/kb332/ It's mainly ekrn.exe and eraagent.exe on endpoints which communicate with various ESET's servers.

If you don't want to be prompted about untrusted certificates, change the setting you've mentioned. However, using that as a default value for all users is a bad idea. From time to time even owners of popular websites forget to update their certificates or some websites may use self-signed certificates for whatever reason and blocking them automatically without giving the user an option to continue to such website is not good. Even browsers do not block such communication by default and give the user an option to create an exception.

You wrote that the application is blocked by ESET. Did you get an alert from your Endpoint? If so, please provide a screen shot of it for clarification.

While the display of the splash screen is a so-called per-user setting, I reckon that a policy applied to Endpoint v6+ should override both global and per-user settings. In Endpoint v5, it was necessary to enable the appropriate option Suppress user settings if such setting was already changed by a user.

The fact that some websites use expired, revoked or otherwise untrusted certificates is not ESET's fault and ESET is not the one to blame. With TLS filtering disabled, it would be the browser which would alert you about untrusted certificates. It is the responsibility of a website administrator and owner to ensure that a valid certificate is installed and used. Users who want to block untrusted communication automatically without being asked can set the above mentioned setting as suggested, however, this cannot be recommended for everyone.

V11.0.159.5 is the same as 11.0.159.0 except that it has the latest modules included. So if you have 11.0.159.0 and it's updated, it's the same as 11.0.159.5. A lesson to learn is that you should not pay attention to the latest number which either indicates changes in localization or a re-packed installer with latest modules included.

If temp folder variables point to z:, then 121 MB is not enough. Try changing the system temp folder to c:\windows\temp.

Officially it's not supported. On some systems it may work and on some others not. Make sure that there is at least 500 MB of free space on the drive where ESET is installed and 400-500 MB on the disk with temporary folders. In the advanced update setup disable module snpashots to save some space.

This turned out to be a known issue which was fixed in December and a fix will be included in v11.1 which is going to be released soon.

First of all, disabling HIPS is a bad idea because you also disable self-defense, Ransomware shield, Advanced Memory Scanner and Exploit Blocker which are HIPS-based features. I'd suggest saving your current settings to a file and then completely uninstalling ESET and installing it from scratch. Let us know what change to default settings you make before the issue occurs.

Please check the attached video and find out what you did differently. exclusion.rar

Did you access that hostname deliberately or the alert popped up unexpectedly all of a sudden?

What reminder do you mean? Please post a screen shot of it for clarification.

First of all, did you contact customer care regarding this? Please note that this forum is intended chiefly for sharing the knowledge among ESET's users and moderators. However, a proper channel for reporting issues to ESET and to have them tracked and handled properly is contacting your local customer care.

This is not possible since the order of rules determines their priority. There's a Search function (a magnifier glass icon) where you can filter what you want, e.g. enter "Allow" to filter permissive rules. Or enter an application name to filter rules for that particular application, etc. The rule editor is subject to improvement in future versions.

Definitely it's a false positive on our cleaner. It's unthinkable that ESET would sign and release a malicious tool / file

If an older version of the ERA Agent is installed, you'll need to run the installer twice. The first time it will upgrade Agent from v6.3 to 6.5 and the second time it will update the configuration.

Search the registry for "que.vbs" and remove the reference(s) to it from autostart locations.

Please provide a complete record from the Detected threats log. Is the file detected upon an attempt to launch it or when copying it to the same location? I was unable to reproduce it.

Please collect logs with ELC, upload the generate zip archive to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a personal message with a download link.

Http2 is not currently supported but will be in the future.

Unfortunately, your description is too vague. I assume the error occurred while attempting to upgrade ESET to a newer program version. Try uninstalling it and installing it from scratch.