Marcos

It could be that permissions to the ESS folder were changed. Make sure that the Administrators group and system account have full permissions granted. If that doesn't help, you can try removing ESET in safe mode as per http://support.eset.sk/kb2289/ and installing the latest version from scratch.

Does the ESET splash screen appear at all when Windows starts? Personally I've seen at least one similar case with an older version of Endpoint where a standard API function turned out to have been failing. I would suggest contacting your local customer care to ensure the case is properly tracked and providing them with the following stuff for investigation: 1, ELC logs, 2. A Procmon boot log.

Please drop me a pm with your my.eset.com portal registration email address as well as with the name of the device on which the AT test hasn't finished.

Are you positive it's still detected? To my best knowledge, the detection was fixed about 2-3 before you posted.

Running "EpfwWfpRegV10.1.3.exe /unreg" as an administrator (mentioned on the previous page) and rebooting the computer should fix it.

I'd create a restore point when everything works and then: - remove all security programs that you may have installed (you've mentioned Spybot at least) - uninstall ESET and then also run the ESET Uninstall tool in safe mode If Internet connection works, download and install the latest v10.1. Let us know if the problem persists.

Probably a problem with the proxy (192.168.240.5:3128). I'd need a Wireshark pcap log from an update attempt for investigation (ideally 2 aligned pcap logs from the same time, one from the proxy and the other from the client). Did you try to update directly from ESET's servers?

If you've upgraded from v9, I'd suggest uninstalling EAV, removing "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" from the registry and then installing it from scratch. Alternatively you can run the ESET Uninstall tool in safe mode as per the instructions at http://support.eset.sk/kb2289.

Do the problematic computers update from ESET's servers or from a mirror created by another Endpoint 6.6? If the former, do they connect directly or through a proxy server? What we'd need you to do: - enable advanced update engine logging under tools -> diagnostics in the advanced setup - start logging with Process Monitor (for instructions, see the FAQ section at the right-hand side of this forum) - run manual update - stop logging (both) - collect logs with ELC - compress the Procmon log and upload it along with the zip archive generated by ELC to a safe location and pm me the download links.

That's correct. It's because ekrn.exe runs under the local system account.

Yes, ESET is able to detect fileless malware in the registry. Personally I've come across several cases where REG/something was detected in the registry.

It's a potentially unwanted application. A detection for the first variant (JS/Mindspark.A) was added in 2015 so the last one seems to be more popular than the previous ones. If there's a problem cleaning it even with strict cleaning set, provide me with ELC logs from the particular computer. You can also choose to keep the extension and not to detect this particular PUA anymore. This is possible either via the advanced options in the yellow alert window (Exclude from detection), or via an ERA policy (Exlusions).

Answered in https://forum.eset.com/topic/13072-web-and-mail-protocol-filtering-is-non-functional/ : Make sure that the Security Center service is started and it's set to start automatically,

No logs were attached. Please drop me a pm with the archive generated by ELC attached. If too big to attach, upload it to a safe location an pm me a download link. Also make sure that the Security Center service is started and is set to be started automatically.

I have no clue what Trusteer Endpoint Protection consists of but Banking and payment protection is not compatible with Trusteer Rapport.

During installation a copy of the msi installer is stored in c:\windows\installer. I assume that if this msi file is removed, the installer attempts to search for it in the user temp folder when you attempt to install a newer version over an older one or uninstall the existing version. If the installer was removed from both foldersyou are prompted for the path to the installer. Please use the Uninstall tool in safe mode to remove the existing version as per http://support.eset.sk/kb2289 and install the latest v10.1 from scratch.

No, it's not possible. What will be possible is blocking files by a hash with ESET Enterprise Inspector.

What about disabling notifications about Gamer mode activation in the Application statuses setup?

I assume the above was not taken from a computer that hasn't been connecting to ERAS, wasn't it? I'm referring to your statement: ""Also some clients are not connecting to the Eset Remote Administrator to get the updated settings." As for the problem with settings not being applied, please shoot a video or provide screen shots to illustrate what exactly you did and what doesn't work.

No, this is not possible as the file name does not tell anything about whether it is malicious or innocuous.

See my reply above. The bug will be fixed in the next Endpoint v6.6 release. I assume you should be able to set up url groups via an ERA policy.

Do you use ERA v5 or ERA v6? If the latter, does C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html show any error on clients that ceased to connect to ERAS? As for the scans, do those client still connect to ERAS? Did you change settings for the on-demand scan profile that you actually used for the scan task?

Please enable advanced update engine logging in the advanced setup -> tools -> diagnostics. Then run manual update and disable logging. Next collect logs with ESET Log Collector and attach the generated zip archive to a pm for me. If too big to attach, upload it to a safe location and pm me a download link.

Just uninstall ESSP and install ESET NOD32 Antivirus. You should be able to activate it with a valid license fine.

If you renew / extend your license, it will work for any of the supported versions of the product that you purchased.