Marcos

Please drop me a message with you activation key enclosed so that staff from ESET ME can identify your ticket and check the status of the activation key.

Does temporarily pausing real-time protection make a difference? It doesn't make much sense to me that an image viewer would save files automatically after rotating an image and that real-lite protection could somehow intervene in this. I'd suggest contacting customer care and creating a support ticket with step-by-step instructions to reproduce the issue enclosed. Also ELC logs as well as a Procmon log from the time of issue replication will be needed.

Did you also try running the ESET Uninstall tool in safe mode to remove all leftovers, just in case? It's likely an issue with ekrn or with loading the Configuration engine module. Should the problem persist, collect logs with ELC and drop me a message with the generated archive attached.

Re. 19eee9336a4527eb76cd2ac69321727f159ad057, 0xDEADBEEF reported in on Nov 10. The detection was added indeed on Nov 10 in update 16388 which was the next update after he reported the sample if I remember correctly. Moreover, it's a jar archive, ie. Java needs to be installed in order for the file to run and therefore jar files have lower potential to do harm. Also the jar file in question has been seen on 5 computers worldwide so far.

If this computer has access to the Internet, it must not be activated with an offline license file. Make sure to activate with with the license key or as a security admin.

Speaking about network protocol exploits, next year all our products will receive network protection, not only those that contain a firewall (ESET Internet Security, ESET Smart Security Premium, ESET Endpoint Security). We also plan to significantly improve update in all new products to react even quicker to new threats and more effectively than the current LiveGrid system. Also administrators will be given new tools and methods to prevent and combat malware and make management easier and ESMC, EDTD, ECMP, EIS, ECA, EBA, etc. will become more than just letters in the next few months.

Do not disable SSL filtering or ESET won't be able to filter malicious https addresses. It is pretty normal that quite a lot of files cannot be scanned; they are either exclusively used by the operating system or you don't have permissions to access them even if the scan is run under an elevated administrator account.

Yes, it is. The detection engine is from Dec 17 and v11 is the latest one.

In the main gui, select Help and support -> Details for customer care to display information about your license. As of v11, you can manage your licenses via my.eset.com.

We kindly ask you all to stay on topic and refrain from personal attacks. I think that all who know more about malware will agree that ~99% detection in tests is excellent and even products that constantly achieve 100% detection in tests do not protect against 100% of malware in reality. Not detecting about 4 out of several hundreds of million of malware samples that exist is just a tiny fraction. In reality, what matters is if you have been hit by malware or not. If you get hit by malware you don't care if the AV you've had installed has constantly achieved 100% detection. It is a matter of fact that what one vendor detects, the other may miss and vice-versa. That said, a product with let's say 70-80% detection rate in tests might have protected and saved you from the malware that you got infected with despite having the most awarded AV installed. Against "poor" results speaks also the award level achieved in many AV-Comparatives tests. A product with a poor detection would not be awarded the maximum Award+ (***) prize.

First make sure that you have SSL/TLS filtering enabled. Then remove the two addresses from the list of blocked addresses and add just the following: *cfs.uzone.cf.com*

What is the url of the page that is open after clicking "Optimization report"?

If temporarily disabling real-time protection makes a difference, please use Process Monitor to capture operations that are being carried out as per the instructions at https://support.eset.com/kb6308. Leave it logging for at least one minute when the issue is manifesting. Then save it as an unfiltered log and compress it. Collect logs with ELC, upload both archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.

This coin mining script is loaded by other websites, usually to gain some profit instead of displaying ads to the user. You can add the logged domain to the list of blocked websites in the url management setup.

1, What purpose do you use micro updates for? Do you use them on ships with an expensive satellite connection? 2, What block policy do you mean? Also what do you mean by "clearing local cache"? Do you want to block particular urls via the url management or Web control?

Is there any problem with updating EES?

Probably sometimes next year.

1, My mirror is 740 MB in size. It's created by Endpoint 6.6 and therefore contains both dll and nup update files so that both older and newer versions of ESET's products can update from it. 2, The dll files are downloaded by Endpoint 6.6 and newer. 3, We strongly recommend using an http proxy to cache update files instead of using a mirror. In this case, only files that are actually needed by clients will be downloaded. Moreover, they will be cached so if another client will request them, they will be provided from the http proxy cache. You can use a v6.5 product which does not mirror dll update files but newer products won't be able to update from it. We have only a comparison of http proxy vs direct update at https://support.eset.com/kb3639/. I would like to emphasize that this test was performed with Endpoint 6.5. Now the number of files downloaded to the mirror has virtually doubled due to the new format of update files that Endpoint 6.6 started to use: When to start using Apache HTTP Proxy? Based on our practical tests, we recommend you deploy Apache HTTP Proxy if you have a network of 37 or more computers. Review the simple comparison below of downloaded update data in a month's time using direct internet connection in comparison to Apache HTTP Proxy: Number of PCs in your corporate network 15 36 50 100 500 1000 Direct connection to internet (MB/month) 375 900 1250 2500 12500 25000 Apache HTTP Proxy (MB/month) 30 50 60 150 600 900

It's detected as a potentially unsafe application since it's also used by malware to clear its traces. The detection is optional and is disabled by default. You can exclude the file from detection or the detection itself by its name.

1, It's a good practice to have a 2nd opinion scanner on clients since there's no security solution that would detect 100% of threats. A threat that a particular AV misses may be detected by the other and vice-versa. 2, If you disabled email plug-in integration, you can suppress notifications in the advanced setup -> user interface -> application statuses. 3, As for the issue connecting to the Exchange server, make sure that you use the very latest version 6 of Endpoint that is downloadable from ESET's website. Also make sure that cached Exchange mode is enabled. 4, With ESET Security Management Center (ERA v7) and Dynamic Threat Defense, email protection will play even more important role in protecting users from threats coming via email.

We kindly ask you to refrain from posting announcements about the availability of new versions. It's against rules of this forum: https://forum.eset.com/topic/76-rules-of-the-eset-security-forum/ 17. Do not pre-announce releases. Due to differences in scheduling, it may sometimes take several hours after a release has appeared on ESET's web site for the release announcement to appear here in the forum.

If those are poor results, then how come I virtually never hear from users that they got infected with ESET installed. Of course, there are users who do get infected but they usually have RDP enabled and a user has a weak password which can be easily bruteforced, allowing an attacker to remote in and disable or uninstall antivirus. Another type of users who get infected are those with an older version that lacks some protection features or have ESET misconfigured (e.g. the whole c: drive is excluded, some protection features are disabled, etc.). But I virtually never come across cases when users who practice secure computing and have the latest version of ESET installed get infected.

You can switch to strict cleaning so that you won't be asked about an action to take if a PUA is detected.

This happens if you have syncing of extensions enabled in Chrome. The file indeed existed when it was detected but since it's just a temporary file, it may no longer exist when you select the desired action.