Marcos

Why do you think the disk activity is caused by ESET? Please create a Procmon log from time when the issue is manifesting and leave it capture operations for at least 1-2 minutes. When done, compress the log. Also collect logs with ELC, upload both archives to a safe location (e.g. Dropbox, Onedrive, etc.) and pm me download links.

Not sure what dictionary you mean. Maybe the ESET Outlook plug-in clashes with another one that is installed on those machines. If the issue occurs with the very latest Endpoint 6.6, I'd suggest contacting customer care and providing them with an Outlook email plug-in debug log for perusal. Customer care will provide you with instructions how to generate one.

How much time has elapsed since you've upgraded to EP6.6 and the issue occurred? Did you also reboot the computers to enforce requesting of a license key?

Yes, we have seen that somebody coded a keylogger and complains that it is not detected. If security software was to detect any future malware without updates, then why every AV would need to get updated on a regular basis to provide maximum protection? We kindly ask you to stop this as your behavior will be considered trolling and appropriate measures will be taken. You have a free choice in selecting the security solution that fits you best and that you are satisfied with.

I don't know if there are security solutions that would have the behavior blocker that would not ask users about the action to take if a suspicious behavior is detected. It it crucial to not ask users, especially in corporate environment. The fact that we don't have a behavior blocker doesn't mean that we are unable to monitor the behavior of files. In fact, advanced heuristics runs them in a virtual environment. In the past it also used to detect the behavior (detections known as "probably NewHeur_PE) but this has already been replaced with DNA and XDNA smart detections that are based on code emulation results. The fact that a particular feature found in other solutions is not implemented in ESET products in a similar way like in some competitive products does not mean at all that the protection provided by ESET is worse. Competitive products miss a lot of features that ESET products have and still provide good enough protection to users. You have a plenty of security products out there and it is only your choice which one fits you best and will use on your system.

This should not be needed because a license file has been re-downloaded by EPv6.6 users and therefore the issues discussed in this topic should not manifest any more. You can check if the values Username and Password exist in HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000400\Settings.

Do you have the latest v11.0.159 installed? Does disabling automatic gamer mode activation if an application running in full-screen mode is detected make a difference?

It has been fixed automatically for EP6.6 users during the last few days. Does the problem persist after a reboot and update? The computers should have received a new license file which would have prevented the issue from occurring. If possible, drop me a message with a list of seat IDs of the troublesome machines.

Please collect logs with ELC, upload the generated archive to a safe location and drop me a message with a download link. I'll check the logs to find out if there's something obvious why the install is failing.

We don't perform behavior blocking. In interactive mode, if you block all operations the application should not run. You can submit it to samples[at]eset.com so that a detection can be added. If nobody else on the world will ever get the keylogger then it doesn't pose any risk to other users.

As long as you keep ESET installed and activated on one computer, it's ok. If you would like to use it on both at the same time, you'd need to extend your license to 2 computers.

If you have a paid version of ESET, email several encrypted Office documents along with the log from the decoder and logs from ESET Log Collector to samples[at]eset.com.

I've used several browsers, including Chrome and never noticed any difference in performance. If an issue cannot be easily reproduced 100%, you cannot expect the vendor to troubleshoot it without user's assistance. Anybody who is experiencing performance issues with Chrome or other software, first narrow it down to the particular protection module. Create a Procmon log from time when the issue is manifesting and compress it. Also collect logs with ESET Log Collector. When done, upload both archives to a safe location and pm me download links along with information disabling which of the protection modules made a difference.

What version of the detection engine do you have installed? The latest one is currently 16627.

Please collect logs with ELC and drop me a message with the generated archive attached.

Information about the taken action is found either in the Detected threats log or in the appropriate on-demand scanner log. It cannot be listed in quarantine because there's only one instance of each detected file although in fact there might have been several instances of the file detected and the action that was taken may differ from file to file (e.g. some might have been locked and could not be cleaned). All these actions are logged in the appropriate log and quarantine is not the right place for this information. I'd like to emphasize that we are open to constructive and reasonable suggestions and listen to our customers when it comes to deciding about new features or changes for new versions.

1, Users should not look into quarantine unless they know that the AV detected a false positive and need to restore it. 2, The current system of quarantining files has been in place since NOD32 v1 or v2, ie. it's worked that way for at least 15 years already. Alternative options would be dangerous: a) A file infected with a virus would be deleted and we would not attempt to clean it. The original infected file would be placed in quarantine. As a result, the oper. system might stop working due to a critical file missing. b) The infected file would be cleaned but the original copy would not be placed in quarantine. As a result, if the file was cleaned improperly, the oper. system could stop working or crashes would occur. There would be no option to restore the original file from quarantine and to check why cleaning failed. In my opinion, the current system is the best and most reliable in terms of cleaning and restoring original files if something goes wrong. Would you rather prefer option A or B? Or what do you expect from cleaning and quarantining files given that you don't like the way it's worked for ages?

It was likely an older Filecoder.Crysis that encrypted the files. That said, you probably either don't have ESET configured properly (e.g. some users inadvertently exclude typical malware locations from scanning), or an attacker managed to guess or bruteforce a U/P, remoted in, disabled ESET and then ran the ransomware. This decoder should work for ".wallet" files: https://support.eset.com/kb6274/

Did you try retrieving your license details via this form? https://www.eset.com/us/support/lost-license/

Pressing Ctrl+U in Endpoint v6 should display a window with your PLID like this: I'd strongly suggest contacting the distributor or seller from whom you purchased your license.

1, The statistics are based on the data gathered since the last system start. I don't see much sense in having a graph showing the number of trojans, worms, etc. What is important to the user is the total number of malicious and cleaned files that have been detected. 2, There are just 3 options: "Scan your computer", "Custom scan" and "Removable media" scan. "In-depth scan" can be selected as a profile when running a custom scan. It's not important in consumer products and it's mainly used for cleaning active threats reported in ERA in business products. 3, A dial-up connection can also be DSL. There are still dozens of thousands users with very slow dial-up connections nowadays. It doesn't make sense to remove that option just because it's 2018. As for scheduled scans, personally I don't run any. Even if it was recommended, something that is recommended must not be enforced. 4, Without a deep knowledge of malware it is not possible to tell if a particular file is safe or not. I don't see any sense in making it possible to rate processes just for themselves. If I saw a process with a poor reputation, it wouldn't help me if I marked it safe on my computer. It wouldn't affect anything except telling me that I can ignore it because I marked it as safe in the past. 5, System cleaner is a tool that should be run to reset changes made by certain malware to the system. It should only be run when instructed so by ESET staff. This feature is subject to change and a little bit more details will be reported in future versions. 6, As of v11, we have an all-in-one product where the functionality depends on the license key and the product that the user selects to install. That said, all drivers must be present. However, if I recall correctly, drivers not used by the installed product should not be loaded and running. 7, Windows firewall lacks in features. If we were to use it, we would not be able to block network exploits that exploit vulnerabilities in network protocols. In particular, we wouldn't have been able to protect users against the infamous WannaCry among the first for instance.

Please collect logs with ESET Log Collector and drop me a message with the generated archive attached. Make sure that: - You use default update settings. - If you connect through a proxy server, make sure it's configured in the advanced setup -> tools -> proxy server. If you don't use any, make sure it's disabled.

Please drop me a message with your license public ID. Your license entitles you to download and activate any version of the product that you have purchased and no additional fee is required in order to use newer versions.

Why would you need to run ELC on many machines? ELC should be run only when instructed so by customer care when tackling a specific issue on a particular computer.

Please contact the distributor from whom you purchased the license. The username you've listed belongs to a consumer product and expired years ago. Also Endpoint v5 doesn't require an activation and a working U/P is enough to update it. I'd strongly recommend upgrading to Endpoint 6.6 as soon as possible.