Marcos

If you are referring to email communication, then blocking the IP address of the email server from which you download email is not what you want.

Unfortunately, you didn't mention what operating system you use. For instance, on Windows XP v9 is offered as the latest. To start off, please post a screen shot of the error that you're getting. If it's a different error than "Server not found", please report it in a new topic so as not to mix different issues in one. If you are getting that error, please provide a Wireshark log and ELC logs as I've asked above.

One thing you could check - make sure that the Security Center service is set to start automatically and is already started.

Try uninstalling ESET so that unregistration from WSC is performed and installing it from scratch. Should the problem persist, please contact customer care so that the case is properly tracked.

What you can do is to provide unrecognized spam sent to customer care in the eml or msg format. Blacklisting sender's IP address is possible only in server mail security products.

Because it was network protection that detected and blocked a specific communication. The remote IP address is indeed logged.

Please provide me with a Wireshark log from an attempt to update as well as wth logs collected by ELC.

That's weird. I'll check with devs what settings are used in the initial scan. Thunderbird mailboxes are not scanned unless "mailboxes" are explicitly selected in the on-demand scanner profile. This setting is disabled by default.

This is weird. What about the modules in the Update panel -> Show all modules? If you click that link, do you get a list of installed modules or it's empty?

Without a restart, old drivers remain loaded when a new program version is already running. This may cause unexpected behavior if the product is left in this state for a long time. Normally the product should withstand this state, however, issues are likely to occur if an upgrade from an older major version (e.g. v4) to a new one (e.g. v6) was performed.

Thunderbird is not supported as an email client so there's no ESET plug-in that could corrupt it. Didn't you run an on-demand scan after which it got corrupted? You could try repairing folders as per the instructions at https://www.lifewire.com/repair-folders-thunderbird-1173102. If that doesn't help, also try temporarily disabling protocol filtering and receiving new email.

By default, Gamer mode activates automatically if an application running in full-screen mode is detected. If VR games do not automatically activate gamer mode, then there's nothing you do do than activate it manually. By the way, as long as you use default settings and notifications about successful updates don't pop up and you don't have any scan task scheduled, you shouldn't notice any difference with and without Gamer mode activated.

I don't think that an official representative of the company in question would state that there's no toolbar embedded in the installer. It's easy to prove the toolbar's there - the installer contains both PF-Toolbar-2016.exe and PF-Chrome-2016.exe with GoogleUpdateSetup_1.3.21.169.exe inside.

Installing any newer version of an older one is a supported and tested scenario. If you want to keep settings, just install v11 over v10, or use the built-in product upgrade feature in the Update panel.

I'd suggest generating the following logs if you can reproduce the issue: - enable advanced protocol filtering logging in the advanced setup - start logging with Wireshark - start logging with Procmon - reproduce the issue - disable logging and save logs (make sure to include "protoscan_on" in the Wireshark and Procmon log file names) - collect logs with ELC - disable protocol filtering - start logging with Wireshark - start logging with Procmon - make sure the issue doesn't occur - disable logging and save logs (make sure to include "protoscan_off" in the Wireshark and Procmon log file names) - re-enable protocol filtering - upload the Wireshark, Procmon and ELC logs to a safe location and drop me a personal message with download links. Also try running Chrome without extensions by using the --disable-extensions parameter when launching it to see if it makes a difference.

This has nothing to do with real-time protection but rather with self-defense and a weird state of ekrn that can happen under certain circumstances on machines where the issue manifests. Normally you shouldn't do anything but reboot the machine. Are you getting the same error about starting ekrn even right after a reboot?

@IT_BEE @ITHoneyBadger Please check if information about installed modules is displayed after clicking "Show all modules" in the Update panel. If no modules are shown, then ekrn is in a bad state and upgrade would likely fail. Try restarting the computer first. Let us know if it helped.

The detection comes from the Network protection module which is a part of the firewall. According to the detection name, the user attempted to access parked domains where the registrant exploits typosquatting, typically for monetization purposes.

On one of the computers, please uninstall EP6.5 and install the latest v6.6.072. If you are able to reproduce the issue with the latest version, enable advanced firewall logging in the advanced setup -> tools and then reboot the computer. Next disable logging, collect logs with ELC and provide me with the generated zip archive. If too big to attach to a personal message, upload it to DropBox, OneDrive, etc. and send me just a download link.

Never heard of an issue when Thunderbird was blocked after installing ESET. I, too, use TB on a VM and never run into an issue. If you are able to reproduce it, we will help you with troubleshooting it. I'd start off by uninstalling ESET and installing the latest v11 from scratch to rule out issues caused by possible misconfiguration or custom rules that might block certain operations or communication.

If you had a support case opened, please provide me with the ticket ID so that I can inquire colleagues from ESET LLC about that. If it's really Web Control and not Web Access protection which slows down browsing, this usually happens if there's a problem with receiving response to DNS TXT queries and a simple tcpdump pcap log should confirm that. Changing the DNS to Google's 8.8.8.8 or 4.4.4.4 would likely resolve the issue. If you want discuss different issues that you have run into, please create a separate topic(s) in the appropriate product forum.

I would suggest: 1, Installing ERA v6.5 (the all-in-one installer) or deploying an ERA 6.5 virtual appliance. 2, Creating a Live ERA Agent installer and deploying it via GPO. The machines will start reporting to ERA Server. I'd strongly recommend upgrading Endpoint to the latest v6.6.2072; start with a small group of machines and gradually send a Software install task to the others. Should you need help in case something is not clear and the online documentation or KB articles cannot answer the questions you might have, feel free to ask.

Yes please. The best would be if I could also get logs collected by ELC in case there are related records in the system event log.

Please provide me with an install log created as per the instructions at https://support.eset.com/kb406/ and logs collected with ELC. Does rebooting a computer prior to upgrading to v6.6.2072 make a difference? What happens if you try to unistall ESET in normal mode? As for the Uninstall tool, it can be run only in safe mode.

I'm happy to announce you that we have released Endpoint 6.6.2072 which ultimately addresses the issue with the username and password being deleted from the registry as well as all further issues stemming from that. On behalf of ESET I'd like to apologize for the inconvenience. We have adjusted QA test cases and included upgrade with a license selected in the Software install task to prevent issues like this from occurring in the future.