Marcos

You can use WinDirStat to find out which folder contains files that occupy most disk space. Knowing what files they are should give a clue as how to proceed further.

First of all, it's necessary to distinguish between active and unresolved threats. Active threats are those that could not be cleaned for some reason, e.g. if a potentially unwanted application was detected and the user selected "No action" upon detection. Active threats can only be cleaned by running a scan task from ERA using the In-depth scan profile. Prior to running the scan, you might want to apply a policy that will set strict cleaning for the In-depth scan profile so that all threats and PUAs are cleaned automatically without waiting for user's interaction. If there are no active threats, you can mark the threats as resolved. Currently this can be done only manually but this will be improved in ERA v7 which is going to be released this year.

That shouldn't be caused by replacing a computer component. Did you try uninstalling ESET and installing the latest v11 from scratch?

The fact that web access protection is in non-functional state cannot halt the server or cause any serious issues. It just means that http and pop3/imap communication will not be filtered and scanned. On servers, web and email protection is disabled by default. Please provide me with the archive generated by ESET Log Collector, maybe it will shed some light.

Do you experience this issue when you just open Word or when you open a document and the system launches Word and it opens the document? Please use ESET Log Collector for Mac to generate logs for further analysis as per the instructions at https://support.eset.com/kb3404. When done, supply it to customer care so that the case is properly tracked. You can also upload it to a safe location and drop me a private message with a download link so that I can check the logs myself in case there's something obvious which is causing the issue.

Please open a new topic and provide more information, including hashes of the malicious files. It is not true that ESET is bad at protecting against ransomware, quite the contrary. Of course, if you have a weak overall protection and an attacker with admin rights manages to remotes in, no matter what security software you you since with admin rights the attacker can do virtually anything, including disabling the security sw prior to running ransomware. Again, no security software detects 100% of threats and if you claim the opposite, we could prove you to be wrong.

Deactivating the unit via the ELA portal and re-activating it should fix the issue. Please read https://support.eset.com/kb6636/ for more information.

This is not possible since dynamic groups are evaluated by agent. Membership in dynamic groups must be independent from connection to ERA Server. For instance, if a user is traveling with a notebook and has no connection to ERAS and a threat has been detected, the appropriate policy or action will be taken automatically when the machine falls into the appropriate dynamic group. If dynamic groups were evaluated on the server, this would not be possible and agent would be fully dependent on connectivity to ERAS.

First of all, open the advanced setup -> HIPS -> Advanced options and disable logging of all blocked operations. Also make sure that logging verbosity is set to Informative under Tools -> Log files. It appears to me that you enabled debug logging and now wondering about what is being logged. Following my advice should stop logging the records that you don't understand and which are only intended for ESET's staff when troubleshooting a particular issue.

First of all, we kindly ask you to post in English since this is an English forum. Otherwise moderators and most of users will not understand you and will not be able to help or answer your questions. As for Edge, integration is not possible because of protection techniques that it utilizes, especially the sandbox.

Had it been a definition-based alert, HIPS wouldn't have triggered an AMS scan based on internal rules and the alert wouldn't have read "The threat was detected in memory". This indicates it's a HIPS-AMS detection which also utilizes DNA detections which are in fact a sort of descriptions of malicious behavior. Again, the detection was purely HIPS-AMS based and I had real-time protection completely disabled. For more information about DNA detections and Advanced Memory Scanner, please refer to https://cdn1-prodint.esetstatic.com/ESET/INT/Docs/Others/Technology/ESET-Technology.pdf.

It depends on how the license was extended. Windows products use new licensing and activation mechanisms but Linux products are older. To my best knowledge, if the existing username and password was extended, it may take up to 24 hours for the change to take effect. Should the problem persist, let us know. Drop me a personal message with the username belonging to the ESET for Linux license and also contact your local customer care.

I doubt that you run malware on your machine which is why you don't see any pop-ups from HIPS. In such case it's expected that HIPS doesn't alert you. Here are 2 examples of HIPS-AMS alerts on files shown upon execution that I've found among new malware. Had to turn off real-time protection since it's extremely difficult if not impossible to find new malware that wouldn't be detected by real-time protection:

Please drop me a private message with your license key enclosed so that we can check if everything is ok on the server's part.

Definitely not a result of using Anti-Theft.

We don't have any special recommendations for SQL server or Quickbooks server. After reviewing the settings applied by the "Antivirus - Maximum security" policy, it should be ok to apply it. The only thing I'd recommend to change is strict cleaning mode. I'd suggest using standard cleaning instead. As for reverting to default settings, we'll be releasing a brand new Endpoint v7 and ERA v7 (ESMC) in a few months which will use default settings if not overridden by a policy. Currently settings remain set even if a particular policy is not applied any more, until overridden by another policy. That said, currently the fastest way to revert to default settings is by uninstalling and reinstalling the security product which is a problem on servers.

That is the problem - LiveGrid isn't working for you for some reason so you'll need to wait for the next update to get this fixed. I'd recommend creating a new topic with this issue where we will assist you with further troubleshooting. Also according to the screen shot you are using EAV v8 which lacks several protection features supported by Windows 10. I'd strongly recommend upgrading to the latest v11.

As for the problems with LiveGrid, they are not related to the issue discussed in this topic in case that the Username and Password values are present in the registry and the license is valid. It'd be related only if you are also getting the message "The credentials used to access LiveGrid servers are not correct" below the warning "ESET LiveGrid is not accessible". The best would be to discuss these issues in another topic so as not to mix different issues here. On the client you can test LiveGrid by downloading the CloudCar test file. If it's detected as "Suspicious object", LiveGrid is working at the moment alright. To determine how often a problem accessing LiveGrid servers occur, temporarily set the minimum logging verbosity to Diagnostics in the advanced setup -> Tools -> Log files. You'll subsequently see unsuccessful connection attempts in the ESET Event log. For troubleshooting we'd need a Wireshark log from time when Endpoint is failing to connect to LiveGrid servers. Regarding the username/password issue, we have a Configuration Engine for the ERA agent ready which will import the username and password from the license file to the registry which will eventually fix the issue for users who are still having this issue and haven't deactivated/reactivated the license nor uninstalled/reinstalled Endpoint on troublesome units yet. Also we expect a fixed version of Endpoint to be released next week (probably on Wednesday).

No problems here. It could be that you have LiveGrid disabled or it doesn't work properly. Is CloudCar detected as "Suspicious object" upon download?

This was likely resolved almost 2 hours before you had posted. Please check it out again.

Try clicking Refresh to enforce syncing of the product with ESET's servers:

Please see my response above.

I don't mean the IP address but the hostname REDACTED since it can't be probably resolved by your DNS server.

Make sure to select particular settings, ie. the dot icon or the flash icon must be selected in order for the setting(s) to be applied by the policy.

Are you able to ping the host REDACTED from that machine?