Marcos

There's no communication with ESET's servers in the log whatsoever. If you have Endpoint Security installed, enable advanced firewall logging besides advanced update engine logging and run manual update. Then disable logging, collect logs with ESET Log Collector, upload the generated archive to a safe location (e.g. OneDrive, DropBox, etc.) and drop me a message with a download link. If you use Endpoint Antivirus, instead of enabling advanced firewall logging capture the network communication with Wireshark while attempting to update. Make sure that a firewall is not blocking ESET from accessing update servers. If you connect through a proxy server, make sure it's configured properly in the advanced setup -> tools -> proxy server. If you don't use a proxy server, make sure it's disabled in the advanced setup.

If ESET is installed properly, installing the MS updates should not cause any issues. However, if the registry value allowing the updates was not created because of ESET being in a weird state for instance, it's hard to tell what could happen after installing the updates. Personally I don't expect any issues, however, but who knows. If you are unable to uninstall ESET, try using the Uninstall tool in safe mode. I'm afraid that the move to Webroot was not smart. Just the fact that they are unable to make a simple registry change via a module update and require users to add the registry key manually doesn't show them in good light . On the contrary, ESET responded immediately to the announcement from Microsoft and prepared, tested and released the appropriate module update within a couple of hours. I'd like to bring into your attention a whitepaper describing ESET's multilayer protection technology: https://cdn1-prodint.esetstatic.com/ESET/US/docs/about/ESET-Technology-Whitepaper.pdf. Within the next few months we will be introducing new and improved products for enterprise, SMB and MSP users, such ESET Enterprise Inspector (a solution that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints), ESET Threat Intelligence (provides access to our threat intelligence data to enterprise users, e.g. to botnet reports, targeted phishing reports, certificate reports, etc.), new Endpoint security solutions with new threat detection and response technologies, a new security management tool with cloud support, etc. We have a lot to offer to both small, medium--size and even big enterprise customers and I believe that the company you work for will return to ESET in the future.

If users visit a lot of untrusted websites because of self-signed certificates they use and neither adding them in the exception list manually nor blocking them automatically is an option, then disabling SSL/TLS filtering is the only way to go:

First of all, this is not an issue on ESET's part. The problem is with the certificate used by the server that you have accessed. In particular, the certificate was issued for 89.185.136.145 (CN) but it's used by cdn.talksport.com. Also the certificate is self signed which is another reason why it's not trusted. You'll continue to get warnings from your browser even if you disable SSL/TLS filtering which will also expose the computer at risk since encrypted communication will not be scanned by ESET.

I could do that but I think it'd cause more hassles if you had to uninstall EP6.6, reboot the computer and install EP6.5 than if you wait for the process of re-generation of license files to complete which should be in 1-2 hours. It's also likely that your license is among those for which a license key was already re-generated and the clients are now activated and updating fine. Did you upgrade to the latest Endpoint 6.6.2068 after Dec 21-23 from an older version of Endpoint 6.6? You can provide me with some of the troublesome seat IDs so that I can check if they have already re-downloaded a new license file.

The process of re-generating license keys for clients with Endpoint 6.6.2068 should complete within 1-2 hours. More than a half of the license keys have already been re-generated so it's likely that your license is already among them. Such clients should re-activate automatically without your intervention. Those who have experienced the issue, I wonder if you could confirm that you upgraded and older Endpoint 6.6 to the latest version sometimes after Dec 21-23 and not before that date. Should the problem persist, please provide the seat ID from the troublesome computer ( HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId).

We have found out that the issue should now concern only those who upgraded from an older Endpoint 6.6 to a newer one (latest) version of Endpoint after Dec 21-23 (depends on when the license key for a given license was re-generated on our servers). Within one or two hours we will start enforcing a license key to users with Endpoint v6.6.2068.* installed which will should definitely fix the issue. Towards the end of this month we are going to release a new build of Endpoint 6.6 which will prevent these activation issues from occurring after future upgrades. We sincerely apologize for the inconvenience.

You can disable notifications about available Windows updates in the advanced setup -> tools -> ms windows updates and change it either to "no updates" or "critical updates". You may decide not to install any Windows updates at your risk since critical updates usually address vulnerabilities that can be exploited by malware.

If only ERA agent was left installed (ie. Endpoint is not installed any more), the registry won't be modified. It's a module used by Endpoint which performs the modification. If you are having issues uninstalling ESET, feel free to contact our customer care. You can also create a new topic in our forum and ask for assistance. I'm also very interested in knowing what made those users remove ESET. Was it due to some issues that the users ran into?

@Jaroslav Mixa Your post along with our response was moved here: https://forum.eset.com/topic/14271-future-changes-to-eset-remote-administrator/

Hello, The goal of this message thread is to provide ESET with specific feedback on changes and new features you would like to see in future versions of ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator). Please use the following format when providing feedback: Description: A very specific one line description of your feedback. Detail: A more detailed explanation of your feedback. Please feel free to make this any length, but be sure to use terms everyone can understand. If your suggestion is an extension or update to an existing discussion, please include a link to it in your message. Here is an example: Description: OS/390 support Detail: We use an IBM System/390 at work to run line of business apps and heat our office during the winter. I think ESET should make a version of ESET File Security for OS/390. You are welcome to discuss the merits of each and every suggestion, but keep your comments on topic, concise and thoughtful. There are other parts of the forum to discuss issues. NOTE: When making your requests do not make general statements such as "better gui". If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information. Thank you for your understanding. Regards, Marcos

Please read the initial post in this topic. Microsoft instructs AV vendors to create / set the Data value to 0 if their product is compatible with January Windows updates / patches.

1, Besides preventing access to sensitive files, Anti-Theft also serves to locate a device in the case of a theft or loss. That means a missing device must connect to the Internet and send its location which is not possible if the person who finds the device cannot start the system because a PIN is required by BitLocker to continue with the boot process. 2, I enabled Secure startup and Anti-Phishing at the same time but didn't encounter any issues after a restart.

We've added the necessary registry value on all Windows systems. However, to my best knowledge Microsoft has released a patch only for Windows 10 so far.

Information about available Windows updates is gathered from the operating system.

There's no repository content shown if a different version of the ERA Server is installed than what was officially released. However, this doesn't seem to be the case since the officially released version is 6.5.522.0 according to https://support.eset.com/kb3690/. I'd suggest generating a Wireshark log from the time when the repository is accessed during creation of a software install task. Also check if you have the proxy server configured properly in ERAS and if a firewall is not blocking communication with the repository. Are you able to open / download the file http://repository.eset.com/v1/info.meta via a browser using the same proxy settings as you have in ERAS?

Endpoint v6.6 should activate within 5 minutes after upgrade. How much time has elapsed since the upgrade? I assume you previously activated Endpoint with a license key or with a security admin account, didn't you? I'm asking because the same message appears if a product is activated with an offline license file which is intended to be used only on computers that never connect to the Internet. How many seats with Endpoint 6.6 are currently not activated? Please let me know the seat ID of at least some of the affected seats that you can find in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId. If you have more seats affected, provide me with your public license ID and we'll enforce the download of a license file for all seats that belong to your license.

I'd suggest contacting your local customer care since the issue doesn't seem to be easy to tackle via this forum and further logs will be needed.

It is. Please refer to the existing topic https://forum.eset.com/topic/14256-eset-product-compatibility-with-meltdown-fix/ that deals with that. To prevent having duplicate topics on the same subject, we'll draw this one to a close.

Since this is an English forum, please post only in English or ESET staff and most of users will not understand you and will not be able to help. I'd recommend uninstalling ESET in safe mode as per the instructions at https://support.eset.com/kb2289/ and installing it from scratch.

After updating the modules, you should receive Antivirus and antispyware module 1533.3 which adds the above mentioned registry value. The module will be updated automatically typically within one hour so no action is required from users.

Currently you'll need to open the desired website in a browser and then wait for an hour until a report is generated. From the report you can blacklist the website.

Please post the etl log here and I will check it out. It can be read only be ESET staff since symbols are required in order to open it in a readable form.

Until 2 or more players connect. You can then review the rules and make them more general. You can also enable advanced firewall logging and reproduce the issue. Then disable logging, collect logs with ELC and provide me with the generated archive.

What about switching the firewall to learning mode for a while until all necessary rules are created? Then you can review the rules and adjust them, if necessary.