Marcos

I was able to download adsbypasser.full.es7.user.js without being blocked by ESET. Also comparing the code with what we detect as JS/Iframe.EY didn't yield any similarity. Could you confirm that it's no longer detected?

History of visited websites is not logged by ESET. Although it's technically possible via a Web Control rule for instance, the amount of records generated and subsequently sent to ERAS could cause significant performance issues with the database and the server itself.

We do not normally restore files from quarantine automatically. If a file is restored, it will be removed from quarantine as well.

Deploying agent to machines that don't report to ERAS or don't have Endpoint installed yet should do the trick. Once agent is installed and starts reporting to ERAS, you can send a software install task to it to install Endpoint. Alternatively if agent is already installed but doesn't report to ERAS, you can reinstall it and enter the CA and agent certificate during reinstallation. If the latest version of agent is not installed, you'd need to reinstall it twice as the first reinstallation will upgrade it to the latest version while the second one will be actual reinstall with an option to enter certificates. As for deactivating licenses, you can accomplish it via the ELA portal (ela.eset.com).

Files in quarantine were detected by ESET so they are malicious unless a false positive was detected. I don't see any problem with the patch and file name being the same. Normally users should not touch files in quarantine and if other files on disks are not detected, they should be considered clean.

Is protocol filtering and http scanning enabled? What other errors are reported in gui besides Anti-phishing?

Please install and run Wireshark and capture the network communication while attempting to update ESET. When done, save the log (pcap) and post it here or send it to me via a personal message. I assume that update.ver is somehow corrupted or replaced with an html notice from a proxy or whatever.

The files would not be identical since the one in quarantine would be infected while the one at the original location would be clean.

It is not clear from your report what application started to crash after installing ESET. You could try temporarily uninstalling it to confirm or deny that it's somehow involved in the issue.

Is it real-time protection that must be disabled in order for the issue to disappear?

We are not aware of any issues with German customer care. Right after creating a support ticket, you should have received an email with the ticket ID. Did you receive it? How did you contact German customer care?

If you check the list of firewall rules, is a rule for Firefox already created? Please collect logs with ELC and provide them to me via a personal message so that I can check your firewall rules.

The error means that the http connection was interrupted. Does deployment on that system keep failing with the same error ? If so, could you try connecting through another ISP to the Internet?

Before an action is taken (clean or delete), a copy of the original file is stored in a safe form in quarantine. This is exactly what "quarantine" means.

We, at ESET HQ, respond to partners' ticket within one day and they have an option to rate the response. Likewise Slovak customers can rate response from our local support. Please send me a private message with more details about the ticket, especially the ticket ID and your email address so that I can check why it took longer to provide a response.

It's not possible just to make a copy of a file in quarantine without taking an action (clean/delete).

Duplicate IP addresses were detected in the network. Make sure that each computer has a unique IP address. Do you have a server with two or more network adapters for redundancy in the network?

Firefox Quantum supports only add-ons that utilize WebExtensions API (https://www.bleepingcomputer.com/news/security/upgrading-to-firefox-quantum-expect-some-add-ons-to-no-longer-work/). Currently Password Manager does not have a compatible add-on for the new version of Firefox.

As far as I know, this is not supported and only a plain-text message can be sent.

To clean a file means to: 1, sanitize the virus code in the file (in case of viruses) 2, delete the file in case of other malware, PUAs, etc. 3, reset changes made by the malware in the registry.

Only v8 can be provided on demand if you are having some issues with the latest v11. Please provide more information about what prevents you from installing v11.

Does temporarily disabling real-time protection or another protection module make a difference? What about temporarily disabling automatic start of real-time protection and rebooting the computer?

Please create a Procmon boot log as per the instructions at https://support.eset.com/kb6308/. When done, compress it and upload it to a safe location (e.g. Dropbox, OneDrive, etc.) along with a zip archive generated by ELC and pm me the download links.

Don't disable HIPS in ESET. By doing so, you will also disable: - Self-defense - Advanced Memory Scanner - Exploit Blocker - Anti-ransomware protection.

First of all, v11 is not yet offered as a program update in gui but has to be downloaded from ESET's website and installed manually. We do not provide program updates to users with older versions from the product immediately but after some time after the release. As for the issue with Anti-Theft, please provide a screen shot of what you are seeing. Also drop me a pm with your registration email address for the portal my.eset.com in case I'd need to check your account status.