Marcos

I don't mean the IP address but the hostname REDACTED since it can't be probably resolved by your DNS server.

Make sure to select particular settings, ie. the dot icon or the flash icon must be selected in order for the setting(s) to be applied by the policy.

Are you able to ping the host REDACTED from that machine?

Since this is not a channel for disputing detections and address blocks, please follow the instructions at https://support.eset.com/kb141. Having said that, we'll draw this topic to a close.

Please provide status.html generated by the ERA Agent. You've posted a table which we removed since it didn't resemble status.html but now I've realized it could have been that.

Then you could contact the customer care in the country where you purchased the license and ask them to transfer it to your local distributor.

This likely happens because v8 is not compatible with the build of Windows 10 that you have installed. If you have a problem with activating v11, please contact your local customer care.

It's a Deceptor (https://customer.appesteem.com/deceptors). If you think that benefits of using the application outweigh possible risks, you can exclude the application from detection and add the domain / url to the list of allowed addresses.

Please provide me with the following information from a computer where deactivation from ELA and subsequent reactivation (manual or done from ERA) didn't help: - seat ID (HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId) - information if a license file is present in the "C:\ProgramData\ESET\ESET Security\License" folder - information if the Username and Password values are missing in the key HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000400\Settings It is not clear why this doesn't work sometimes since it's considered a solution that should work. Anyways, the good news is that we should have a ultimate solution ready tomorrow; a Configuration module for ERA Agent which will import the username and password from the license key to the registry. After some of you confirm that it resolves the issue for you, we'll release it for all users.

Thanks for the heads-up. It's an older block but now we've unblocked the IP address. The change should take effect within a couple of minutes.

This is unfortunately not possible and it's not safe either. Calculating all possible hashes for files would have a big impact on performance. Even calculating SHA1 is performed asynchronously to avoid bigger impact on performance.

As already mentioned in other topics on this forum, ESET released an update on Jan 4, a few hours after Microsoft announced the availability of the patch. I was referring to the concern of the user above that with v10 installed he is not as well protected against possible malware exploiting the recently discovered vulnerabilities as he would be with v11.

If upgrade fails, the installer rolls back to the last installed version. A computer restart is necessary to complete upgrade since running new kernel with old drivers for a longer time can cause various issues.

Neither Meltdown nor Spectre vulnerabilities have nothing to do with the version of the ESET product that you have installed. All ESET products would protect you equally in case there's an actually malware exploiting the vulnerability.

If you could experiment a bit, when the issue occurs are you able to start Windows in safe mode? If so, try renaming the following drivers, one at a time, but at both locations C:\Windows\System32\drivers and C:\Program Files\ESET\ESET Security\Drivers\%drivername%: - eamonm.sys - ehdrv.sys Let us know if renaming either of them makes the issue go away.

Please let us know the actual path that you used as %path_to_the_cfg_xml%. Couldn't it be the issue with spaces in the path that was mentioned above?

For the very same reason why the firewall doesn't create a separate rule for each visited website. If learning mode was to generate very specific rules, the user could end up with hundreds of thousands rules.

Do you mean that after installing ESET Mail Security for MS Exchange any sent email was not actually sent and disappeared somehow somewhere ? What server roles are installed?

We don't know what OS you use. It appears that on Windows 7 quite a lot of users got BSOD after installing the update.

Endpoint should deactivate within 5 minutes after being deactivated in ELA. It may take another minute until ERA Agent connects to ERAS and reports Endpoint as not activated in the console.

You can reactivate clients from ERA for instance, by sending a Product activation task.

I can assure you that the issue is being treated with highest priority at ESET. Currently it appears that the most reliable way of resolving the issue is by deactivating the affected units from the ELA portal and re-activating them. We are currently testing a newer version of Endpoint 6.6 which will prevent this issue. For now I'd postpone upgrade to Endpoint 6.6 (upgrade to v6.5. is safe) until we release the new version. We believe that the issue can be worked around by not selecting a license while creating a software install task but this has not been confirmed to be a 100% solution yet. Theoretically that should do the trick as in such case no deactivation and reactivation during upgrade should be performed and therefore there's no reason for the issue to manifest.

Please elaborate more on what kind of exceptions administrator users should be able to make so that we better understand your use case and can better address all the inconveniences. Is it only exclusions of files or also something else?

I've seen less than 5 cases with this error since v11 was released. At least in one case it was Windows Search which was indexing ESET files that the program needed to rename. We'd need a special Procmon log from time when the issue occurs for analysis. I'd suggest contacting Customer care since further logs will be needed and the case should be properly tracked.

Try capturing the network communication during update to a pcap file as follows and then post it here: tcpdump -s 0 port http or dns -i eth0 -w update.pcap If too big to attach, try to compress it or upload it to DropBox, OneDrive, etc. and post a download link.