Marcos

We do not provide offline updates for home version. Only Endpoint products support offline update.

Please remove keygen.exe from the root of the j: drive. Then create a Procmon log while attempting to restore the file from quarantine. When done, save the log, compress it and post it here.

There are 2 things you could try: 1, Reinstalling Endpoint (ie. installing the latest version over the current one), rebooting the pc and then uninstalling it the standard way. 2, Using the ESET Uninstall tool in safe mode.

Rules require a full path to an application. If they were based just on file names, one could enter "svchost.exe" for instance but since it's a typical name of malware it would also allow the communication for both the system and malicious processes.

Home versions require Internet connection. Also it doesn't make much sense to have EAV installed but with modules not updated to the latest version.

It is impossible that ESET would warn on non-existing files. Please provide a screen shot of such an alert, ideally along with the appropriate complete record from the Detected threats logs.

In the advanced setup -> diagnostics -> tools, enable advanced firewall logging. Then reboot the computer and reproduce the issue. When done, disable logging and post the pcapng log from the Diagnostics folder.

That doesn't rule out an issue with a firewall or proxy. Try to create a Wireshark log from the time when you attempt to access the repository.

If you are willing to cooperate on troubleshooting the issue, please continue as follows: - configure Windows to generate a complete memory dump as per https://support.eset.com/kb380/ - after the system starts and ESET reports a problem with HIPS, trigger a crash so that a memory dump is generated - after a reboot, compress the memory dump - collect logs with ELC - upload both the memory dump and the archive generated by ELC to a safe location and drop me a message with download links.

Could you please provide us with step-by-step instructions how to reproduce this scenario? We don't provide / display any pop-up offer with an upgrade to ESET Smart Security Pro for a 30-day trial period. At least we'd need to see a screen shot of that offer for clarification.

If the attacks are coming from a trusted device, you can exclude the device's IP address from port scan detection in IDS exceptions.

It could be caused by insufficient permissions. Are you able to manually create a file j:\keygen.exe ? E.g. by renaming and copying another file there.

Also try switching to pre-release update and test it with the very latest modules. Should the problem persist, enable advanced protocol filtering logging in the advanced setup -> tools -> diagnostics and reproduce the issue. Then disable logging, collect logs with ELC, upload the generated archive to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with a download link. Do you know what software is used as the email server?

If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.

If you have purchased ESET through a distributor or reseller and it was not provided as a monthly-invoiced product by a carrier for instance, you always renew manually to my best knowledge. Please contact your local ESET distributor for more information.

I'll need to consult this with developers. Will let you know as soon as I have some news. To me it looks like a bug that there's no way to enter a U/P for authentication against the system that creates the mirror.

Not sure what you mean. However, "GET /mobile-sta/" in your log indicates that the update was downloaded from an ESET update server and not from a mirror.

I've created a mirror with Endpoint 6.6 and the file is indeed there: [MOBILE_SCANNER2] platform=arm build=13752 versionid=9486 category=engine type=mobile_scanner version=9486 (20171212) group=mobile_modules level=2 base=13724 size=42338 file=nod25DC.nup

Please enable basic authentication in the product that creates the mirror and enter a username/password into EMS to authenticate against that computer.

Do you have so many threats detected on computers that the size of quarantine grows quickly and occupies a lot of disk space? Normally no or only very few threats should be detected so the quarantine shouldn't take up much disk space (a few MB at most).

If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.

There should be basically nothing special to configure. Automatic exclusions are only applied by server product when installed on a server operating system. I'd suggest to not use any exclusions and test how SQL Express works with default configuration. I, for one, don't expect any issues.

I'm unsure if deploying business applications on mobile phones has anything to do with ESET.

On Mac OS we don't scan encrypted SSL/TLS communication which is why the test phishing web page is not blocked.

Please contact your local customer care as it will take several iterations and further logs will be needed for analysis. To my best knowledge, Scheduler will be reworked as of Endpoint v7 to prevent issues with scheduled tasks. I can't tell for sure now but it's likely that this issue would not occur with the new Scheduler.