Marcos

I reckon that in gamer mode all connections for which no rule exists are allowed in interactive mode.

AV-Test results have nothing or very little to do with changes between v10 and v11. If you compare the methodology, you'll find out that the one employed by AVC is more realistic and users' experience confirms this as well.

So the problem is with Windows firewall and temporarily disabling it allows EAV to update?

It should be Win32/TrojanDownloader.Autoit.OJA trojan. I wouldn't worry about CoinMiners or malware being sent via FB messages since the user must explicitly click the file to open/run it. More worrying is malware or CoinMiners that are run through malwaretising. For instance, yesterday we encountered a brand new variant (detected by ESET's javascript scanner) that was loaded by certain pages on the website of the Slovak Railways. Although it was a link to a legitimate ad server, in fact the ad contained a redirect to a server with the coin mining script. The same script has been seen to be loaded also on a lot porn sites.

Did you perform a clean install of v11? Do you use default settings? Do you observe high cpu usage immediately after Windows starts or when performing some specific operations? Please create a Procmon log and leave it logging operations for at least 1-2 minutes. Then save it (without any filters), compress the log, upload it to a safe location and pm me a download link.

We are aware of this and will probably change the default focus to the name of the application in future versions.

That won't be before ERA v7 and probably not in the very first version of it.

If you click the desired client and select "Manage policies", is the policy listed there? Are there any other ESET Security product policies applied on that client? If so, I'd suggest using the 3rd Force state indicated by the flash icon for the proxy settings to make sure they are always applied regardless of possible other policies.

What firewall allows creating rules based on the hostname instead of an IP address?

All v6.6 are affected by this. We are testing a new build of Endpoint 6,.6 that will have the issue fixed. It appears to be a matter of timing and the issue hasn't manifested until recently and doesn't manifest always. We've upgraded all Endpoints at ESET HQ without encountering any issue with activation that is being discussed in this topic. We'll keep you posted.

I was unable to reproduce it. Try the following: - remove all custom rules and have the firewall in automatic mode - launch the browser and clear the cache completely - quit the browser and make sure it's not among running processes - switch the firewall to interactive mode - launch the browser and attempt to open an arbitrary website - when the interactive mode dialog pops up, keep clicking Deny. Is the website eventually displayed though?

Please collect logs with ELC and drop me a message with the generated archive attached.

Try deactivating the clients via the ELA portal and re-activating them via ERA.

Please copy and paste the appropriate record from logs (the entire row so that no important information is missing).

Does temporarily disabling real-time protection or another protection module, such as HIPS (requires a reboot) make a difference? Also please collect logs with ELC and drop me a message with the generated archive attached.

Modules are shared across ESET's products and product versions.

I don't think so. (De)activation should work without a reboot.

We've found out that under certain circumstances Endpoint 6.6 may not receive a license file during re-activation after upgrade via ERA. Also it appears that only a small fraction of Endpoint v6.6 is affected for an unknown reason. We continue with the investigation and expect to come up with at least an interim solution soon. As a workaround, deactivating the units via ELA and reactivating them via ERA should work. As a last resort, you can uninstall Endpoint 6.6 and install it from scratch. The issue doesn't occur with a clean install.

Please collect logs with ELC and drop me a message with the generated archive attached. Also I'd suggest running the ESET Uninstall tool in safe mode and installing the latest version of ESET Internet Security (v11) from scratch. Should the problem persist, we'd need a complete memory dump to determine the root cause.

Yes, system variables are supported.

Proxy server can be configured at 2 places: in general proxy config under Tools -> Proxy server. Make sure that "Use proxy" is disabled and the setting is forced, just in case. The second place is the particular update profile where you can specify if general proxy settings or custom ones should be used. Make sure that proxy is configured properly in the update profiles that are applied on clients.

Couldn't it be that the scheduled scan was created with the time as DST and now in winter it's run one hour earlier? If so, this will be fixed in Endpoint v7. For now you can remove the the scan task and create it again.

There's a problem with ekrn service and modules were probably not loaded: 19. 12. 2017 13:52:55 ESET Kernel A serious application error occurred. Virus scanner initialization failed. Antivirus protection will not work correctly. Could you try installing Endpoint 6.5 instead just to see if it makes a difference?

1, Disabling inheritance is not possible, but I assume it should be possible to work around it by avoiding assigning a policy to the "All" group and using several static groups or multi-level static groups. Maybe if you could describe the exact scenario and static groups that you use we would be able to provide you with instructions how to achieve what you want. 2, Merging policies with custom settings should be possible as of ERA v7 and Endpoint v7 to my best knowledge. 3, Users without administrator rights cannot change settings. It's worked this way since NOD32 v1. It would be very dangerous if it was possible to disable protection or change settings of a security program without administrator rights.

What happens if you click "Activate the product" and enter your license key?