Marcos

If you check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html, is there an error logged or everything is green? Does trace.log contain any errors?

Unfortunately, you didn't mention what version of ERA and Endpoint you use. While Endpoint v5 communicates with ERA v5 directly, as of ERA v6 it's the ERA Agent which communicates with ERA Server.

We'd appreciate if you could elaborate more on why you prefer that AV to ESET.

It would help if you could temporarily uninstall EEA and install ESET Endpoint Security to troubleshoot this issue. If you are willing to do that, I can provide you with a trial license for EES. It has an option to generate advanced firewall logs which is needed to determine the source of the issue. Also it appears you have diagnostic logging enabled. It should only be enabled when instructed by customer care while tackling particular issues. Please change logging verbosity to informative.

If you are able to reproduce the issue, configure Windows to generate complete memory dumps. When the system freezes, crash the system so that a memory dump is generated. Then compress it, upload it to a safe location and drop me a message with a download link.

Please refer to https://support.eset.com/kb6382/.

Do you get a different result if you check such website through https://www.ssllabs.com/ssltest/ ?

It's a download wrapper which fall in the group of potentially unwanted applications. This detection is optional. If detected and you are prompted for an action, selecting "clean" will delete the PUA.

If you block "*youtube.com*" (without quotation marks), are you still able to access https://www.youtube.com ? Did you try blocking it via the URL address management in the Web access protection setup?

No, IDS is another kind of protection which doesn't use network signatures to recognize specific attacks. Older products, such as Endpoint Security v5, contained IDS but did not have the Network protection module yet. Server and Endpoint Antivirus products will support full Network attack protection once they receive a limited firewall module next year.

Some business users still stay with Endpoint 6.5 for whatever reason (e.g. in Japan v6.6 has not been released yet). Since Microsoft has released Fall Creators Update (RS3), it's important that also v6.5 supports it. Hence the new version.

Check the scan log details under Tools -> More tools -> Log files -> Computer scan.

This is a correct and intentional behavior. The progress bar was highly inaccurate since it could go quickly to 99% and then stall for a long time to scan the last 1% that were folders with most files in them. We don't plan to change this.

Please do not use msi installers to install consumer products, otherwise you may encounter unforeseeable issues, e.g. with uninstallation. No technical support will be provided by customer care for issues with hacked msi installers. Instead run the bootstrapped exe installer as follows: eis_nt64_ENU.exe --silent --accepteula --language 1034

How long did you wait for the export to complete? For instance, in case of a very large email address whitelist or blacklist, it could theoretically take even a few minutes to export them.

That is correct. ESET Endpoint Antivirus (EEA) also has a limited functionality of the Network protection module which uses network signatures to stop malicious communication at the network level. In EEA it's restricted to supported application protocols HTTP(S), POP3(S) and IMAP(S) because EEA doesn't contain the firewall. As a result, EEA could not protect against exploiting vulnerabilities in network protocols, such as SMB1 which was exploited by WannaCry to spread over LAN to unpatched systems.

Please provide a Wireshark log from time when you get this error and the Internet connection otherwise works.

Try running chrome.exe with the "--disable-http2" parameter.

DuckDuckGo is not malware but a search engine that doesn't track the user.

Did you try uninstalling v11 and installing it from scratch?

I'd recommend contacting customer care via the built-in form and let logs to be submitted as well. This will need to be looked at by developers since I haven't come across such issue.

Try https://www.eset.com/me/.

Please post the whole record (line) from the Detected threat log so that we know the full path as well as the detection name.

Then please create a Wireshark log from the time when the error occurs and you think the Internet connection is working alright.

Also take into account that there's nothing like 100% malware detection. Moreover, if you don't know details about the sample set and the methodology used, you shouldn't make hasty conclusions. For instance I mean if CoinMiners were included in the test set and a particular tester scanned samples with default settings, they would be undetected even if otherwise recognized with the detection enabled.