Marcos

Please provide a screen shot of the exclusion list. Is the detection name prepended with "@NAME="? You can also try excluding a potentially unwanted or unsafe application right from the yellow alert window upon detection. Also note that this only works for pot. unwanted and unsafe applications, not for malware detections.

The attached vbs file is an ESET html alert about blocked access to a malicious url. Is the file re-created after you delete it?

The latest version of ECS is 6.5.600.0. If you have this one or newer installed, you have the most current one. 6.5.600.3 is 6.5.600.0 with the latest modules included. If you don't upgrade manually, you should already have the latest modules installed so you won't gain any benefits by installing the latest install package.

You can only manage licenses for ESET products, meaning that you can add them to ERA and then used them for activation as needed.

If the url categorization provider didn't fix a miscategorized website, please contact your local customer care that will reach out to the provider and ask them for re-categorization.

In order to troubleshoot this issue, we'll need: - A Procmon boot log created as per the instructions at https://support.eset.com/kb6308/. - ELC logs. Upload both archives to a safe location (e.g. DropBox, OneDrive, etc.) and drop me a private message with download links.

The minimum interval for cheching for updates is 60 minutes so it's perfectly ok to keep default update settings.

Only applying the appropriate OS update can protect you from Meltdown and Spectre variant 1. For more information, refer to https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help and https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/ for instance. So far no malicious exploits have been seen that would exploit the vulnerabilities and only benign PoCs exist. We strongly recommend upgrading to the latest Endpoint 6.6 to stay protected to the maximum extent against current threats and receive support for the latest updates of operating systems as well.

Could you retry the procedure with disabling SSL filtering but now also deleting C:\Users\%user%\AppData\Roaming\Mozilla\Firefox\Profiles\%ProfileNamer%\cert8.db before re-enabling it?

Please provide: - a screen shot of your exclusion list - a complete record of the detection from the Detected threats log

If you have the latest version of the Detection engine installed, your ESET updates alright.

Please provide a couple of example of such websites. Also try the following: - Disable SSL filtering. - Reboot the computer. - Without launching any application, re-enable SSL filtering. - Launch a browser and check if the problem persists.

Do you have the latest version of the Detection engine 16811 installed?

The issue with activation servers has been resolved. We apologize for the inconvenience.

We are currently experiencing an issue with activation servers, however, they should be up and running momentarily. Please try to activate again in a couple of minutes. We apologize for the inconvenience.

We are currently experiencing an issue with activation servers, however, they should be up and running momentarily. Please try to activate again in a couple of minutes. We apologize for the inconvenience.

We are currently experiencing an issue with activation servers, however, they should be up and running momentarily. Please try to activate again in a couple of minutes. We apologize for the inconvenience.

I assume you have one license for 2 devices. All you need to do is use the activation key to activate ESET on each of the devices if not already activated. When upgrading from an older version, activation will not be needed. Only if you uninstall ESET and install it from scratch, the product will deactivate and re-activation will be needed.

Yes but this is an automated detection, not one created intentionally by a malware analyst. Since it's not triggered on a file that somebody would complain about if detected, we usually don't remove such detections.

Correct. I've scanned it with my Endpoint 6.6 and it's detected: Log E:\test\a9e11807f3cccd52f5476956f96d853e794ced2d - a variant of Win32/Packed.VMProtect.M suspicious application As for the SMSBomber.L, it will be reclassified later. It's not malware.

As far as I know, those samples from AV-Test are just innocuous POCs and we were not going to detect them. Regarding the sample above, the verdict is: It is already detected as a variant of Win32/Packed.VMProtect.M suspicious application. After the next update it will be detected as Win32/RiskWare.GameHack.CB application.

What expression(s) did you use for the dynamic group without ESET installed?

Not really. We have always kept even older installers in the repository, however, if we discover a serious issue with them, we need to remove them and thus prevent users from installing a version which might cause serious issues, such as BSOD in this case.

Please read my posts above. If you have ESET NOD32 Antivirus installed, temporarily uninstall it and install ESET Internet Security for easier troubleshooting (activate a 30-day trial version). With EIS installed, enable advanced firewall logging, reboot the computer, disable logging and collect logs with ELC. Upload the generated zip archive to a safe location and drop me a private message with a download link.

I'd suggest capturing the network communication while attempting to create an AiO installer. When done, compress it, upload it to a safe location along with the server trace log and post here the download links.