Marcos

If it's just a benign crack that shouldn't be detected, I don't think it would be evaluated as risky.

The only possible explanation would be that these clients had an older version of the detection engine installed.

Please follow the instructions from my post above. The logs must be from an update attempt that failed with the error.

As far as I know, Auslogics apps are detected as potentially unwanted applications. This is an optional detection and you can also exclude particular PUAs from detection if you think that benefits of using it outweigh possible risks.

No, you don't need to report possible FPs here but rather report them to ESET as per the instructions in the above mentioned KB next time.

First of all, this is in no way related to this topic so we kindly ask you to always create a new topic for different issues. As for possible FPs, please refer to https://support.eset.com/kb141/ for instructions how to report them to ESET. Regarding the IP address, it's an Amazon server that has recently hosted malware . On my system, api.browser.yandex.ru doesn't resolve to IP addresses of Amazon servers and nobody else has reported api.brower.yandex to be blocked.

Hard to say if it would be detected. As I wrote, they have been very active in evading detection. It's a PUA so even if it was present on a computer, it wouldn't pose a risk since it's not malware. If you know that it's there, you can try to uninstall it via the Control panel or remove it manually.

InstallMonster is not a trojan but potentially unwanted application. They have been actively trying to avoid detection by AVs for a long time.

EFSW 4.5 is quite old and is not suitable for modern server systems. Please uninstall it and install EFSW 6.5. Let us know if it helps.

Please create logs as follows: - download Process Monitor from this link - enable advanced update engine logging in the advanced setup -> tools -> diagnostics - run Process Monitor, select Filter -> Enable advanced output - clear the existing log and start logging from scratch - manually run update - disable logging - save the Procmon log as unfiltered pml file and compress it - collect logs with ELC - upload both archives to a safe location (e.g. Dropbox, OneDrive, etc.) and provide me with download links.

What I meant was that if the splash screen appears when launching ESET from the Start menu, egui.exe was not running. If it doesn't appear and gui appears right away, egui.exe was running and just its icon was not visible in the system tray for whatever reason. Of course, ekrn.exe is the crucial process which is responsible for providing protection. Egui.exe does not need to be running and the computer will be protected though.

Since the splash screen appeared when launching EIS from the Start menu, it wasn't running beforehand. I would suggest generating a Process Monitor boot log as per the instructions at https://support.eset.com/kb6308/. When done, compress it, upload it to a safe location (e.g. OneDrive, Dropbox, etc.) and provide me with a download link. Also enclose logs collected by ELC.

BPP has been updated with info about LastPass plug-in on a regular basis which is likely why you haven't noticed any issues.

To remove computers not connecting to ERAS, run a "Delete not connecting computers" or "Static group synchronization" task.

You should not disable any of the protection modules either for a test or permanently. Ransomware protection is a part of HIPS which communicates with and receives important information about file operations from real-time protection. Also Advanced Memory Scanner is a part of HIPS and works as the last layer of protection after file execution when already unpacked malware in memory is scanned. AMS is very effective when it comes to detection of new malware variants. Performing a test by disabling various protection modules substantially reduces protection capabilities and such "tests" will never tell you even a bit about how effectively ESET can protect you from new malware or specifically ransomware.

Support for the latest version of the 1Password plug-in will be added in the Banking payment and protection module 1115.

For the purpose of encrypting files, folders or whole disks we offer the Secure Data module which is part of ESET Smart Security Premium.

Note that on modern OS "shut down" doesn't really shut down the computer but only snoozes it. If you select "Restart" from the Start menu, I assume the message about restart required will disappear after an actual restart.

You should be able to deactivate it via the ELA portal. Alternatively you'd need to install 6.6.2052 (e.g. locally on the computer) as the previous version 6.6 didn't send a correct seat ID to activation servers which resulted in the mentioned error.

Do you have the latest Endpoint 6.6.2052 installed? If not, install it and then try to deactivate it.

It should. Try using Google DNS servers 8.8.8.8 or 4.4.4.4 since some routers may have problems with DNS TXT responses. There's no such list available. Taking into account how many websites exist, I don't think that would ever be possible. Plus it's a website categorization provider that is responsible for website categorization.

Right. It was not caused by v11, it was an issue on LiveGrid servers. However, only newer versions (v10 and v11) notify the user if there's a problem with LiveGrid.

Please read https://support.eset.com/kb2949 for instructions how to unlock your phone. There are several options, including a scenario when the mobile phone has no Internet connection.

Firstly, this forum does not serve as a channel for reporting samples or blocks to ESET. See https://support.eset.com/kb141/ for instructions you should follow. Secondly, if you do something that is not in concordance with law, don't be surprised if you end up on the blacklist. Having said that, we'll draw this topic to a close.

I'd suggest uninstalling ESET and installing the latest version right after the operating system starts to ensure that no email client or browser is running which would prevent the root certificate from being imported. Also the fresh install will default settings will ensure that SSL filtering will be enabled, ports will be set up correctly and no applications or addresses will be excluded from filtering.