Marcos

Please temporarily uninstall ESET NOD32 Antivirus and install ESET Internet Security. Activate a 30-day trial version after installation. Then enable advanced firewall logging under Tools -> Diagnostics and reboot the computer. Next disable logging and collect logs with ELC. When done, upload the generated zip archive to a safe location and drop me a private message with a download link.

Please refer to this alert: Spectre/Meltdown mitigations cause errors on macOS 10.13.2 and earlier with ESET Cyber Security and Cyber Security Pro.

Currently this is not possible but it will be improved in ESMC (ERA v7). I'd recommend upgrading Endpoints gradually, not at once.

50,000 and more is way too many threats. If new threats are continually being detected on endpoints, it's important to solve that first. If running a scan with strict cleaning mode as suggested by MichalJ doesn't resolve the issue, please collect logs with ELC on such Endpoint and provide me with the generated archive for perusal.

Please email the file to samples[at]eset.com in an archive protected with the password "infected" and provide more information about the purpose of the application, vendor's website, official download link, etc. Ideally the file should be digitally signed.

We'll need advanced firewall logs from ESET Endpoint Security. Please temporarily install it on one of the troublesome machines instead of ESET Endpoint Antivirus and create an advanced firewall log as per my instructions above. I'll generate a temporary EES license for you and provide you with details in a personal message momentarily.

The payment instructions are dropped by ransomware usually after encrypting files in a particular folder, therefore it's likely you also had encrypted files with the wallet, btcware or another unusual extension in these folders. Running a disk scan should detect all files with instructions and offer you an option to delete them at the end of the scan.

You have a permissive fw rule for ccmeval.exe created and detection of application modification is turned on. You can disable detection of application modification completely or exclude the app from monitoring if you want to keep the permissive firewall rule.

There are currently no such plans.

Unfortunately, files encrypted by Filecoder.BTCWare cannot be decoded. Most likely attackers carried out a bruteforce RDP attack, disabled ESET and ran the ransomware. I'd strongly recommend hardening RDP, e.g. by limiting RDP connections to specific users, IP addresses or ranges, using strong passwords and installing all Windows updates that address vulnerabilities especially in RDP.

There's no difference in priority. Please provide me with the logs that I asked for above.

Re. error ACT.33 during activation, it's necessary to contact the distributor or reseller from whom you purchased your license. Most likely the license was issued in another country and is locked to it. The distributor should be able to tell what's going on and suggest the best way how to resolve it. Did you contact ESET DE? Do you have an ID assigned to your support ticket?

Please provide the logs that I asked for and we'll see what the issue is.

Please read https://support.eset.com/kb2155/. Also this has been discussed here in the past, e.g. at https://forum.eset.com/topic/14119-100s-of-files-unable-to-open-message-after-scan/,

It never happens that all update servers are down. There must have been an issue between your computer and your ISP or between your ISP and ESET's update servers.

If you click 'Show all modules" in the Update panel, do you get a list of installed modules or it's empty? If empty, after rebooting the computer ekrn should load alright and upgrade should finish alright as well.

Please drop me a private message with a download link enclosed.

Please enable advanced firewall and update engine logging under Tools -> Diagnostics and run manual update. When done, disable logging, collect logs with ELC and supply me with the generated zip archive.

No problems here. What action do you have set for this bank website in the Protected websites setup? Firefox 57.0.4 32-bit, Windows 10 RS3: Same with Chrome:

Information about the address may not be always available, especially if it doesn't pertain to http communication. We'll see if this could be improved in the future. Currently the following alert is displayed to the user upon detection: Please collect logs with ELC and provide me with the generated zip file via a personal message. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link.

No problems with paypal.com here. What browser / version do you use and what version of the BPP module do you have installed?

Please contact ESET ME who is the official distributor for the region. We don't have information about their partners in particular countries.

I see only 10 mobile devices named Android (something) in your screen shot. Have you had only one Android device connected to the network? Couldn't it be that you don't have the Wi-fi network password protected and many other users could have connected through your router?

The following is an official website of the distributor for the ME region: https://www.eset.com/me/.

Please answer my question, otherwise we won't be able to verify.