Marcos

No. ESET products can be uninstalled by users with administrator rights. Only password protection can prevent users from uninstalling the security product. However, there's a possibility to enter override mode if defined by a policy and change settings during a limited time period.

First of all, it doesn't have to be necessarily a coinminer or other malware that is causing the heavy cpu load. In the past also the standard svchost.exe process used to cause this when Windows update was running. Please drop me a private message with the archive generated by ESET Log Collector attached.

EFSW does not filter network communication since it has no firewall. Does temporarily disabling real-time protection make a difference? Ekrn definitely does not connect to any databases.

Please clarify whether you still need assistance with the issue or if you have already resolved it according to what you wrote.

Please post the seat ID (HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId) from that machine.

Which of the following makes a difference? - disabling real-time protection - disabling protocol filtering - disabling HIPS and rebooting the computer

This is not possible since update files are digitally signed. That said, "compromised" modules would not install.

1, Yes, that update rollup contains also fixed for the Meltdown vulnerability. 2, It appears that for quite many users this update has caused more harm then good: http://news.softpedia.com/news/microsoft-s-windows-7-meltdown-and-spectre-patch-kb4056894-failing-with-bsod-519264.shtml. 3, Hard to say. We believe that the crashes are not caused by ESET. We recommend configuring Windows to generate complete memory dumps as per https://support.eset.com/kb380 prior to installing the updates so that we can determine the cause of a crash if something goes wrong.

Check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html for a list of issues on the troublesome machines. Also we kindly ask you to post in English since this is an English forum and most of moderators and users may not be able to understand and help if you post in another language.

This looks like a slightly different issue since a username and password is present in the registry. Please enable advanced update logging in the advanced setup -> tools -> diagnostics, run update, then disable logging and provide me with the updater*.etl log created in the Diagnostics folder.

Endpoint with an ultimate fix will be released towards the end of Jan. Today we've been testing a workaround on update servers which will go live tomorrow morning, ie. in approx. 16 hours. We'll also release an update of the antivirus and antispyware module to ensure that the username and password is correctly added to the registry once a license file has been downloaded. A weird thing is that the issue was not solved in your case after a fresh install of Endpoint since the issue is supposed to occur only during upgrade via ERA and only under specific timing circumstances. If you don't perform an upgrade, the product will always receive a license file from activation servers the first time it contacts them and the username and password is added to the registry.

If you don't receive a message that the license key does not contain a username/password to authenticate against LiveGrid servers, then it's highly unlikely to be related to the issue discussed in this topic. We'll need a Wireshark log from time when you get the message about LiveGrid servers being not available.

We've eventually pinpointed the issue. It will be addressed by the firewall module which will be put on pre-release update servers next week.

Please carry on as follows: - in the advanced setup -> tools -> diagnostics enable advanced firewall and advanced update engine logging - run update - disable logging - collect logs with ELC and supply me with the generated archive via a personal message (if too big to attach, upload it to Dropbox, OneDrive, etc. and provide me with a download link).

The AV & AS scanner module 1533.3 added the necessary registry key as required by Microsoft to enable January Windows updates regardless of the version of Endpoint or other ESET security product that users have installed. I would strongly recommend considering upgrade to the latest version 6.6 which provides better protection and has many issues present in Endpoint v5 fixed. By the way, v5.0.2126 is really old and the latest version of Endpoint v5 was 5.0.2271.0.

I would recommend contacting your local customer care since further logs will be needed and the case (ticket) will need to be properly tracked.

With http scanning enabled are you unable to open any website regardless of whether it is http or https? Please enable advanced protocol filtering logging in the advanced setup -> tools -> diagnostics and open an http website. Then disable logging, collect logs with ELC and supply me with the generated archive via a personal message.

Copying the shortcut to ESET Internet Security from the Start menu on your desktop should work.

Please locate the executable "Attribuite Utillty.exe" and upload it to www.virustotal.com to find out if some other vendors detect it.

Since ESET Internet Security is actually ESET NOD32 Antivirus with firewall (also includes IDS and network attack protection), Antispam, Parental Control and Anti-Theft, upgrading to it should not make any difference in terms of impact on performance. If you are interested in learning more about ESET protection technologies, please read https://cdn1-prodint.esetstatic.com/ESET/US/docs/about/ESET-Technology-Whitepaper.pdf.

If you don't see any license.lf file in the License folder, please provide me with the seat ID of that machine so that I can check in our logs if a license file has been downloaded recently. @A C @Gamtat If you attempt to run update manually, do you see a notification "Module update failed. Your license file does not contain a username and password. You can update only from an update mirror" or there's no additional notice besides "Module update failed" ? Do you have "Username" and "Password" values under HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000400\Settings on these troublesome machines? Can you confirm or deny that the issue is gone after uninstalling Endpoint, installing it from scratch and activating it?

Do you actually have a license file (license.lf) in C:\ProgramData\ESET\ESET Security\License ? If so, please send it to me via a personal message.

Are these errors reported even after rebooting the computer in the last 2-3 hours? Currently it's 20:27 (8:27 PM) CET, ie. the license file was last time downloaded about 2 hours ago. Do you have a license file (license.lf) in C:\ProgramData\ESET\ESET Security\License ?

I see that a license file was downloaded by this Endpoint today: 2018-01-05 17:43:34 and 2018-01-05 18:46:47 (CEST). What issues are you having after rebooting the computer?

Not sure what you mean because we fully support Chrome. In one of the recent BPP module updates we even added support for Chrome 63 beta and Chrome 64 dev.