Marcos

Home version does not support installation using msi file; there are operations that can only be performed by the bootstrapped executable which is mainly the reason for not providing msi installers for consumer products.

it could be that you're experiencing temporary network outages as it's highly unlikely the problem would be with ESET's servers. Turn on diagnostic logging in the advanced setup and then monitor the event log to find out how often the failures occur. Install Wireshark and capture the network communication at the time when the error occurs. When done, save the pcap log and compress it. Run ELC, collect logs and upload both the Wireshark log and ELC logs to a safe location and pm me download links.

Is the error reported only shortly after starting the OS?

Check the Filtered websites log or Detected threats log for information about the application that accessed the blocked url.

I was able to reproduce the detection as per the instructions above and submitted the detected file to ESET's Security Research Lab. The author of the signature (it's from 2011) will look into it on Monday at earliest.

Please uninstall ESET in safe mode using the ESET Uninstall tool as per the KB https://support.eset.com/kb2289.

Did you upgrade from v9 to v11 by downloading and running the Live Installer from ESET's website? For some reason, v11 attempts to update from a v9 update folder which contains incompatible update files. Please uninstall v11 and install it from scratch.

First of all, Apache HTTP Proxy is a stand-alone product by Apache Software Foundation and there's virtually no correlation to ERA except that it's a part of the All-In-One ERA package. To list files in the proxy cache, run "htcacheclean -A -p%path%" where %path% is the patch to the cache folder. See https://httpd.apache.org/docs/2.4/programs/htcacheclean.html for available options.

Real-time protection is not supposed to scan email. As for email servers, we have products for Microsoft Exchange, Lotus Domino, Kerio and then ESET Mail Security for Linux/FreeBSD. Other mail servers are not supported.

If the issue occurs with the firewall disabled, what about temporarily disabling protocol filtering in the advanced setup?

I reckon this happens in automatic mode when an uninitiated inbound communication for which no rule exists is attempted. If the firewall was to notify about every blocked packet, many users would be constantly flooded with notifications.

How do you know it was IDS which blocked the communication?

There's a link to show details about the blocked communication. If you are having issues with DVR because of this blocked communication, you should allow it. If you don't experience any issues, I'd leave it as is.

I don't think these connections were blocked by IDS. Click Unblock (Odblokuj) to create an allow rule for the blocked communication.

The firewall doesn't ask about communication unless you use interactive mode or have a custom firewall rule with the action set to ask created. Try removing all custom firewall rules and make sure the firewall is set to work in automatic mode.

No problems here. Make sure you didn't select "Delete all". When I selected only specific records and then selected Delete, only selected records were deleted.

Are these servers physical or virtual machines? Couldn't it be that the MAC address of the network adapter changes for whatever reason? Are there more network adapters installed?

So the ERA agent is not installed and running on these machines at all?

Strict cleaning - all detected files are cleaned automatically, regardless of whether they are PUAs, files infected with uncleanable malware, etc. The user is never prompted for an action. Standard cleaning - the user is asked for an action if an uncleanable virus or PUA is detected. No cleaning - the user is always asked for an action before cleaning.

I don't see anything wrong. If you manually quarantine an undetected file, it will be also removed from its location so you cannot quarantine it again. Even if you somehow re-create the very same file at the same location, it won't be placed to quarantine again and only the count will be increased in quarantine.

Are those Endpoints managed by ERA? If so, couldn't it be that they fall into a dynamic group with not activated Endpoint and activation is triggered automatically?

I'd need logs collected by ESET Log Collector.

What is so complicated? If malware is detected, it's cleaned automatically and a copy of the original file is placed in quarantine. It's as simple as it gets. One does not need to open quarantine unless a false positive was reported and the original file needs to be restored.

It enables the user to quarantine an arbitrary file, ie. even a file that is somehow suspicious to the user but is not detected.

Please collect logs with ELC, upload the generated zip file to a safe location (e.g. Dropbox, OneDrive,...) and drop me a personal message with a download link.