Marcos

Please answer my question - does pausing firewall from gui make the issue go away? If so, then all you need to do is to set up the appropriate rule as all non-initiated inbound traffic is blocked in automatic mode. Do not remove "ESET firewall" from network properties or you will disable the firewall completely.

Beta versions of Mac OS are not supported by ESET products. However, we plan to provide beta versions of ESET CyberSecurity (Pro) but currently we do not have any new version for beta testing.

Do you mean that temporarily disabling firewall from gui doesn't make any difference?

But why do you disable LiveGrid for offline machines? Leave it enabled even if they don't have Internet access. Do these computers update from a mirror?

Where did you see such statement? I don't think it's true.

Would it be possible to temporarily install the 30-day trial version of EIS on this machine at least to generate the advanced firewall log? With EAV, enabling etw logging would require disabling self-defence and importing specific reg files to enable/disable logging.

First of all, applications must be thoroughly analyzed before they are classifies as PUA, adware or whatever. As for the app you've pointed out, it's on the verge between legit app and PUA but so far we haven't got sufficient proofs for PUA detection.

I don't think that in Canada they restrict licenses for use in CA or NA.

If it's due to sender's IP address being on the blacklist, contact your local customer care and provide them with an example of an email (eml or msg) that was incorrectly evaluated as spam.

Please carry on as follows: 1, Download EpfwWfpRegV10.1.3.exe. 2, Run "EpfwWfpRegV10.1.3.exe /unreg" as an administrator and reboot the computer. Should the problem persist and you have ESET Internet Security or ESET Smart Security installed: - enable advanced firewall logging in the advanced setup -> tools -> diagnostics - reboot the computer - disable logging - collect logs with ELC If the generated zip archive is too large to attach here, upload it to a safe location and pm me a download link.

Hello, 1, It depends on the license. A distributor can generate licenses which will be restricted for use in the particular country. Check it with the reseller from whom you purchased your license. 2, Yes, we also issue licenses without the country lock as well.

Yes, we plan to have a new version of the mirror tool but it will take some time. Isn't an http proxy an option for you? With http proxy much less data should be downloaded with each update compared to using a mirror.

Please clarify the use case. Wouldn't caching installers on an http proxy be an option? Or specifying a local address for the msi installer in a software install task.

Unfortunately, this is not currently possible.

During install, ESET registers to Windows Security Center and Windows itself disables Defender's real-time protection. Try uninstalling ESET and installing it from scratch.

Please create a Procmon log as per the instructions in the FAQ section at the right-hand side at the time when the issue occurs and leave it logging for at least one minute. Afterwards save the log, compress it and upload it to a safe location. Also collect logs with ELC, upload the zip file as well and provide me with download links.

How can you know that a particular file should be detected if you didn't analyze it? Please submit undetected files to samples[at]eset.com and pm me the email address from which you will send it. As for a separate product just for adware detection, this is a very bad idea. Then we could have plenty of product, one for virus detection, another one for Trojans, another one for ransomware, another for potentially unsafe applications, another product for adware... There's no sense in that. If something should be detected it should be detected by the current integrated solutions. It makes no sense to split detections with the same effect in terms of detection.

https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/

This test doesn't show how effective AVs are against encryption. Firstly, there are many ways how encryption can be done. The simulator simulates the behavior that can happen when files get encrypted but it cannot cover all ways of encryption. Secondly, legitimate software may also work in a way that is utilized by ransomware. Encryption as such is not always malicious and it's been used for perfectly legitimate purposes for ages. It is necessary to correctly distinguish between malicious and innocuous applications which may be a daunting task.

Not sure what you mean by "LiveGrid heuristics". As for internal analysis, samples are run on replicators and we use various systems, including machine learning to asses if a sample is malicious or innocuous.

Enpoint v6.6 can currently only from a mirror created by another Endpoint v6.6. We strongly recommend using HTTP Proxy to cache update files instead of using a mirror. We plan to update the command line Mirror tool but this will most likely take longer time.

Try running "EpfwWfpRegV10.1.3.exe /unreg" as an admin, especially If you had v4 installed some time ago and then reboot the computer. Does it solve the problem? If not, try disabling the following, one at a time: - automatic start of real-time protection followed by a reboot - HIPS followed by a reboot - protocol filtering If that doesn't make any difference either, you can try renaming drivers in safe mode to narrow it down further: 1, "C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm\eamonm.sys" and C:\Windows\System32\drivers\eamonm.sys 2, "C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys" and C:\Windows\System32\drivers\ehdrv.sys. If that doesn't change anything either, configure Windows to generate complete memory dumps as per http://support.eset.com/kb380/. When you encounter the issue, manually trigger a crash so that a complete memory dump is generated. Please compress it, upload it to a safe location and pm me a download link.

Please provide MDM trace.log, ideally after setting the logging verbosity to Debug or Trace via a MDM policy, restarting MDM and reproducing the issue.

It will be staggered release so not all users will update at once. Some users might receive it next week and the rest of users afterwards. Also thank you for pointing out this scary warning. We'll likely replace it with the description from Endpoint help: Pre-release updates are updates that have gone through thorough internal testing and will be available to the general public soon. You can benefit from enabling pre-release updates by having access to the most recent detection methods and fixes. However, pre-release updates might not be stable enough at all times and SHOULD NOT be used on production servers and workstations where maximum availability and stability is required.

For instance, network adapters, keyboards and mice cannot be blocked.