Marcos

Please create a new topic as our experience based on users' feedback and seeing how well new variants of Filecoders are detected by us and other AVs are quite the opposite. We'll need more details about Filecoders that you think ESET did not detect. Ideally provide samples or at least hashes as well as ELC logs from a machine with encrypted files. We've seen quite a lot of cases when an attacker bruteforced credentials, remoted in via RDP, disabled antivirus and then ran ransomware. As for the other issue, please create a new topic for it. Egui is started automatically and virtually nobody has reported issues with that.

Please see my reply above. You can try installing Comodo firewall but in case of issues deactivate its HIPS or behavior monitor component, if applicable. However, I'd recommend upgrading to ESET Internet Security which also contains a firewall with IDS, Network protection and Connected home monitor.

First try enabling pre-release updates in the advanced setup and check if the problem still occurs. If so, enable advanced protocol filtering logging in the advanced setup -> tools-> diagnostics and reproduce the problem. Next disable logging, collect logs with ELC and drop me a pm with the generated zip archive attached.

We are aware of it, it is likely a bug and errors opening files should be reported in blue.

Yes, we've restored files under the account of the currently logged user and not under the system account. When attempting to exploit the vulnerability, you'd get an error like this from ESET's products:

I would use one policy with 2 update profiles for updates. For information how to create dual update profiles, see https://support.eset.com/kb3621/. In the general proxy setup, there's an option to use direct connection if the proxy server is not available. Note that if a policy is assigned to a dynamic group, settings won't be changed to defaults once a computer loses membership in that group.

Are you talking about ERA v5 and not about ERA v6? Please provide some screen shots to clarify what the issue is.

First of all I'd check the disk for errors by running chkdsk. Attrib won't work as the characters are obviously garbled in the command-line window.

It's a password-protected gzip. I was unable to find the correct password and scan the exe file inside.

Those rules improve protection from any malware. On the other hand, you won't be able to run legitimate scripts either.

1, Most likely because it's also used for legitimate purposes with user's consent. 2, I don't know of such limitation. If it's there, then it's not possible to remove it other than by installing another language version.

We don't guarantee providing a feedback but we usually let the user know the verdict. For instance, no feedback would likely be provided if somebody sent a clean file without any further description. As for large files, I reckon that even 10-15 MB files should go through alright. Submit only sample in an email unless more samples are related to each other.

No problem here: Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 11/12/2017 8:38:30 PM;HTTP filter;file;hxxps://coinhive.com/lib/coinhive.min.js;JS/CoinMiner.F potentially unsafe application;connection terminated;DESKTOP-5JIJ6V4\Admin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe It's been detected for a month already.

Instructions for proper submission of samples are available at https://support.eset.com/kb141/. Only samples (not jar files) submitted this way are replicated and blocked automatically if malware is matched / detected. Although it's possible to submit samples via gui, the most of such samples are junk, multimedia files, other clean files, etc. They are not processed with as high priority as samples submitted to samples[at]eset.com.

I've checked samples that we have received and the jar file in question was not submitted to samples[at]eset.com. I submitted it on 10. 11. 2017, 12:37 and a detection engineer replied 20 minutes later that the detection would be added in the next update.

Since this is an English forum, we kindly ask you to post in English as most of moderators and users do not speak French. As for compatibility with Comodo firewall, I'll leave it for other users to comment on it. If I remember correctly, there was a conflict between ESET's HIPS and Comodo in the past.

Unfortunately, it is not clear what you mean. I'd strongly recommend contacting your local customer care.

There are currently no plans to support RSC.

Have you tried uninstalling v11 and installing it from scratch? If that doesn't make any difference, create a Procmon boot log as per https://support.eset.com/kb6308 and compress it. Next collect ELC logs, upload both archives to a safe location (e.g. Dropbox, OneDrive) and pm me the download links.

I just don't understand why it is so important for the icon to change the color as long as you don't see any impact on performance when using applications in full-screen mode.

It is hard to say what's going on without analyzing further logs. Please contact your local customer care and carry on troubleshooting the issue via a support ticket. If possible, try installing the latest v6.6 on at least one of the computers, at least to see if it makes a difference. With v6 troubleshooting issues like this is much easier.

If upgrading to the latest version 6.6.2052 is not an option, please contact your local customer care. I'd strongly recommend considering upgrade to the latest v6.

I'd expect that you had noticed a change in performance because it is the aim the gamer mode to pause tasks and updates when running applications in full-screen mode. Honestly, if the change of the icon color is the only problem then there's no need to use gamer mode. Anyways, it is a known issue that will be fixed in the next release of v11.

How did you find out that it's not activating?

Please refer to https://support.eset.com/kb3690 for information about the version of particular components that belong to a particular release of ERA.