Marcos

Only currently available installers contain current modules. If you installed an older package, it could happen that Windows would start crashing because of an issue with the Anti-Stealth driver and a recent Windows update. As of ESMC (ERA v7), installation tasks will be invalidated automatically so that they cannot be re-used to install a version which is no longer available in the repository.

Not if ekrn could not trust the new installer for some reason. It must have been a rare issue since I've never seen it reported from users for a very long time.

Please create a new topic for this issue and clarify what you mean. Also provide a handful of examples of urls that you encountered some classification issues with.

Version 6.5.600.2 is exactly same as 6.5.600.0. The only difference is that it has the latest modules included so that they are used immediately from installation without the need to update. If you have v6.5.600.0 or 6.5.600.1 and it has already downloaded the latest modules, it's equal to installing v6.5.600.2.

Only English version has been replaced so far. If you have v6.5.600.0 or v6.5.600.1 and have updated modules, there's absolutely no reason to upgrade. V6.5.600.2 is actually v6.5.600.0 or v6.5.600.1 with the latest modules included.

If you check the details, is it reported by ERA agent or by the security product? If the former, create or edit an existing agent's policy and disable monitoring of the appropriate feature in the advanced settings section:

Try running the bootstrapped installer with the following syntax: EIS: --silent --accepteula --language 1033 --msi-property-ehs PRODUCTTYPE=eis EAV: --silent --accepteula --language 1033 --msi-property-ehs PRODUCTTYPE=eav Optional parameter: --msi-property ADMINCFG="%path_to_the_cfg_xml%"

Unfortunately, the etl log didn't contain records about loading drivers on system startup. Please re-enable advanced firewall logging, reboot the machine, disable logging and then collect logs with ELC again.

It was just a typo. The latest version of the installation package is 6.6.2072.2.

V6.6.2072.2 is identical to v6.6.2072.0 except that it contains the latest modules. That said, if you already have 6.6.2072.0 installed and updated, there's no reason to upgrade to 6.6.2072.2.

I'm not saying that. If you read the alert article I referred to, it reads exactly the same what ESET support did: 1, Start macOS in Safe Boot Mode (hold Shift during startup). 2, Open Terminal. 3, Execute the following command in Terminal: sudo rm -rf "/Library/Application Support/ESET/esets/modules/em040_32.dat"

Probably there are some "zombie" computers that no longer connect to ERAS. You can use a "Delete not connecting computers" server task to remove them or deactivate them via the ELA portal.

Did you purchase the license from your local (Asian) distributor and contacted him? Please drop me a personal message with your license key enclosed.

We support all versions of macOS that have been released, ie. the two you've mentioned are supported as well.

Imagine a popular application updates and ESET would start asking millions of users whether to allow it to run. That is not the approach we want; all decisions must be done in a smart way, ideally without user's interaction and without excessive nagging or false positives. LiveGrid works fully in the background and the program utilizes the data that it receives from LiveGrid servers. Both. However, LiveGrid is not about notifying you about unpopular files as you probably understand it. Also the program doesn't ask LiveGrid servers each time you execute an application, otherwise it would significantly slow down the execution and would unnecessarily nag users since there are very many new executables and dlls distributed on a daily basis. LiveGrid is also used for blacklisting urls. If a particular file is highly suspicious and submission of samples is not disabled, the file is submitted to ESET, replicated on ESET's servers and, if it turns out to be malicious, it gets blacklisted and this information is shared with other users. For blacklisting we use DNA hashes which enables us to blacklist files with a similar behavior. For more information about ESET's technologies, please read https://cdn1-prodint.esetstatic.com/ESET/INT/Docs/Others/Technology/ESET-Technology.pdf.

It is v11.0.159.0 with current modules included.

We've already released an ERA Configuration module to several dozens of users which fixes the issue for those who haven't upgraded to v6.6.2072 yet. After a computer restart Endpoint should work alright.

On the computer with ERA Server installed please capture the network communication with Wireshark at the time you attempt to add the license to ERA and provide me with the generated pcap log. Does the machine connect directly to the Internet or through a proxy server?

After running a full disk scan you should be prompted for an action. Selecting Delete or Clean should remove the detected text files. Also we don't recommend using MBAM together with ESET. With versions 1-2 there were no issues as long as its real-time protection was kept disabled but allegedly v3 clashes with ESET.

Please temporarily uninstall ESET NOD32 Antivirus and install ESET Internet Security. Activate a 30-day trial version after installation. Then enable advanced firewall logging under Tools -> Diagnostics and reboot the computer. Next disable logging and collect logs with ELC. When done, upload the generated zip archive to a safe location and drop me a private message with a download link.

Please refer to this alert: Spectre/Meltdown mitigations cause errors on macOS 10.13.2 and earlier with ESET Cyber Security and Cyber Security Pro.

Currently this is not possible but it will be improved in ESMC (ERA v7). I'd recommend upgrading Endpoints gradually, not at once.

50,000 and more is way too many threats. If new threats are continually being detected on endpoints, it's important to solve that first. If running a scan with strict cleaning mode as suggested by MichalJ doesn't resolve the issue, please collect logs with ELC on such Endpoint and provide me with the generated archive for perusal.

Please email the file to samples[at]eset.com in an archive protected with the password "infected" and provide more information about the purpose of the application, vendor's website, official download link, etc. Ideally the file should be digitally signed.

We'll need advanced firewall logs from ESET Endpoint Security. Please temporarily install it on one of the troublesome machines instead of ESET Endpoint Antivirus and create an advanced firewall log as per my instructions above. I'll generate a temporary EES license for you and provide you with details in a personal message momentarily.