Marcos

We already track it as an improvement for future versions. However, we don't cover the class "Network Adapters" in Device Control. There is a chance to block mobile network sharing if there is a virtual Port or Modem created. If it isn't, then we won't be able to block such device.

Please enable advanced update engine logging in the advanced setup -> tools -> diagnostics and run manual update. Then collect logs with ELC. When done, upload the generated archive to a safe location and pm me a download link. Alternatively you could attach just the updater*.etl log created in the Diagnostics folder.

Do you update from ESET's servers? If so, do you connect via HTTP Proxy? Or you update from a mirror? If from a mirror, is the mirror created by Endpoint v6.6? Older products don't support creation of a mirror for Endpoint v6.6.

In the web console, navigate to Help -> About and make sure that the version of the Configuration module is 1526.2. It's currently only available on pre-release update servers so you'd need to go to Admin -> Server settings -> Updates and select "Pre-release".

But why not to use additional protection? ESET's modules are interconnected and disabling protocol filtering also affect behavior in-memory detection by Advanced memory scanner. What issues do you run into if protocol filtering is enabled?

Could you please clarify why you need to keep protocol filtering off? It will make computers with Internet connection vulnerable to threats coming from the Internet. It also affects Advanced memory scanner detections.

The OP didn't say he or she wants to continue using v8 until EOL. The reasons why I suggested upgrade are as follows: - v10 provides better protection against malware, especially ransomware and script malware - v10 has many bugs present in older versions fixed - troubleshooting of update issues is much easier with v10 and possible issues can be solved quicker @maudio If you want to keep using v8 for whatever reason, what error message do you get when attempting to update? Have you tried uninstalling v8 and installing it from scratch with default settings?

If you had v9 installed before and upgraded to v10, it could be that v9 update servers remained set in the registry. I'd suggest uninstalling ESET, deleting "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" and then installing v10 from scratch.

I would try the following: 1, If you had an older product (v3/v4) installed before, download and run EpfwWfpRegV10.1.3.exe as an administrator with the "/unreg" switch. 2, If there's a problem related to secure connections and certificates: - restart the computer - without launching any application, disable SSL/TLS scanning in the advanced setup and click OK. - re-enable SSL/TLS scanning and click OK - launch Chrome and try to reproduce the issue. Should the problem persist, let us know if any of the following makes a difference: - temporarily disabling firewall in gui - temporarily disabling protocol filtering in the advanced setup - temporarily disabling automatic start of real-time protection and restarting the computer - temporarily disabling HIPS and restarting the computer. What operating system is it? What platform (32 or 64-bit)? Does the issue occur with IE and Firefox as well?

If you want to exclude a particular PUA from detection, you can accomplish it via a policy:

If you are able to reproduce the "freeze", I'd suggest configuring Windows to generate complete memory dumps (see http://support.eset.com/kb380), restarting the computer and, if the system freezes, manually trigger a crash as per the instructions in the KB article. After rebooting the computer, compress the dump and supply it to customer care. I would be grateful if you drop me a pm with a download link as well as I could check it out quicker.

It removes obsolete callouts registered by v4 version. These used to cause memory leaks after installing v10.1.

Not all devices can be blocked. Please contact your local Customer care and provide them with: - ELC logs - a Procmon log from the time of connecting the phone to a computer For instructions, see the FAQ section at the right-hand side of this forum. Customer care will properly track the case and relay the logs to developers for analysis.

Not sure if it will help but try downloading EpfwWfpRegV10.1.3.exe and running it as an administrator with the "/unreg" parameter. Finally reboot the computer.

Install Apache Proxy on the server with Internet access and configure the other ERA servers or computers to update through it. If you want to manage all computers from one ERA console, leave just one ERA server installed and replace the other instances of ERA servers with ERA Proxy if there are also Endpoints in particular office branches that you want to manage via ERA.

It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection.

Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand.

Since v8 will reach EOL next year, I'd strongly recommend uninstalling it and installing the latest v10. Should the problem persist with v10, let us know.

I would strongly recommend contacting your local customer as the issue needs to be tracked and further logs will be needed for analysis.

Besides the two logs from EpfwWfpRegV10.1.2.exe which you can attach to a post, also do the following: - in the advanced setup -> Tools -> Diagnostics, enable advanced firewall logging and select "Full dumps" from the drop-down menu - restart the computer - disable logging - create a dump via Tools -> Diagnostics -> Create (dump) - collect logs via ELC - upload the generate zip file to a safe location and pm me a download link.

1, In the first case the user probably didn't run it as it was detected only upon execution by AMS at that time. 2, The file was not detected when the user reported it but it was already detected when I replied in the forum. 3, The topic was about a vulnerability, not about detection of specific malware. It was not easily exploitable, at least not without admin rights. Plus on Windows 8.1 and newer, it was not possible to exploit it whatsoever because ESET kernel runs as a protected service on these systems.

Please clarify what you mean by that you're unable to open the main program. Do you see the ESET icon in the right-hand lower corner by the clock? What happens if you attempt to open it from the Start menu? As for your license, contact your local distributor or reseller from whom you purchased it. You will need your registration / license details when purchasing a renewal anyways.

Those are detected by default and cover files protected by packers or protectors that were often seen to have been abused for protecting malware to evade emulation and detection.

In safe mode or with Self-defense disabled, import the attached reg file to enable heap tracing for ekrn. Then restart the computer. Make sure that Full dumps are enabled in the advanced setup -> Tools -> Diagnostics. When you notice a high memory use by ekrn, generate a dump via advanced setup -> Tools -> Diagnostics -> Create (dump). When done, collect logs with ELC, upload the zip file to a safe location and pm me a download link. Finally you can disable heap tracing by importing the appropriate reg file. ekrn_heap_tracing.rar

I don't think they have the bug listed somewhere publicly.