Marcos

Are you having the issues when launching browsers or when opening websites? Does it make a difference if it's an http or https website? Does temporarily disabling protocol filtering in the advanced setup make a difference? You can also try switching to pre-release updates in the advanced update setup in case the issue was caused by an ESET module and was fixed in the latest version of the module which hasn't been distributed for the general public yet.

So you would like to ask user to allow access for word.exe or excel.exe if he or she wants to open a document from a protected folder? I was talking about protection from ransomware that injects into legitimate processes so the path to the executable will be standard and the file will have good reputation even if the malware injected in it could do malicious actions, such as encryption.

Has somebody has tested this feature with ransomware injecting into word.exe or another Office process or with VBA ransomware included in a document to tell how immune it is against encryption in such case?

Then nobody would be able to read or modify files in that folder.

Since this is an English forum, please re-post in English or contact your local Customer care for assistance.

As for ELC, see my signature for a link to a KB with instructions how to use it. Also I've uploaded the tool here: https://we.tl/RjB97PfkW2

What if ransomware is injected into an Office process or if it is run as a VBA macro? Do you know know these solutions protect the folder in such case? It's not much difficult to implement a simple protection but it could be relatively easily bypassed. And that is also the reason why we don't use just simple HIPS rules in antiransomware but instead it's a complex HIPS-based system for monitoring suspicious behavior of processes.

Eamonm.sys is renamed only during an upgrade, not during a clean install. I can only think that it was not a true clean install but eamonm.sys already existed in the windows\system32\drivers folder.

@Eta76 Please uninstall v10 completely and install it from scratch. In your case the problem with upgrade is caused by having the system temp folder located on other than the system volume which causes issues when replacing the eamonm.sys driver during upgrade. A workaround for such scenarios will be implemented in future builds.

Right, there's no home-type license for server products.

There are issues that can be fixed easily and then there are those that require a change of design or substantial changes under the hood. While the first type of issues / bugs can be fixed quickly, the other type of issues may take weeks or months to implement. Also it's necessary take into account time needed for QA tests as well as other resources. Even Microsoft doesn't release changes immediately but aggregates them into service packs and Windows updates that are released twice a year.

Please post information about installed modules from the About window. Do you have some errors logged in the ESET Event log?

The problem is that malware could drop psexec under a different name to bypass such HIPS rules with wildcards. Only a true application control would be the ultimate solution. We've been working on HIPS which is also why wildcard support has not been added yet. We want to deliver true and complete solutions, not just partial ones and therefore some tasks have lower priority than others.

See https://forum.eset.com/topic/12590-eset-windows-home-products-versions-101219-have-been-released/:

Enpoint v6.6 will not be accompanied with a new version ERA. The next version of ERA (v7) is scheduled towards the end of the year.

The firewall should not interfere with web browsing unless some custom block rules are applied. It's rather protocol filtering that affects HTTP(S) communication so you can try temporarily disabling it the next time the issue occurs to see if it makes a difference.

Switch to pre-release updates in the advanced setup and then check for a newer product version in the Update pane to get v10.1.219 installed. Or you can wait a few more days until it's distributed to all v10 users.

You'd need to install ESET File Security or ESET Mail Security v6.5. Consumer products will not install on server operating systems.

This is problem with v9 update servers not removed after upgrade to v10. Please uninstall v10 and remove "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" manually before installing v10 from scratch. Before you do that, please uninstall v10, do not remove anything from the registry yet but run Process Monitor as per the instructions linked in my signature and install v10.1 from scratch. When done, stop logging and provide me with logs collected by ESET Log Collector as well as with the Process Monitor log.

What website did you attempt to open? Please provide some screen shots. SSL filtering can be disabled but it's not recommended as any https communication would not be scanned and you could get infected with malware that is downloaded via https.

Please provide more information the website you are visiting as well as a screen shot of the certificate details. ESET warns about certificates that your browser would warn you about if ESET was not scanning secure communication.

ESET NOD32 Antivirus version 10.1.219 has been released. Update to the new version is now available to all users in-product with an older version 10 and installers are available from https://www.eset.com/download/home/. Changelog Improved: Screen reader improvements including product user interface text-to-speech and tab key navigation Improved: Ability of in-product upgrade to install cross-line products to support Smart Security to Internet Security migration Fixed: Minor bug fixes and localization updates Internal improvements and fixes (e.g. "Pause protection" option is back in the tray icon menu) Known Issues Update progress indicator does not refresh automatically. This is a known issue of the current v10.1 but it will be fixed once you upgrade to v10.1.219.

ESET Smart Security Premium, ESET Smart Security, ESET Internet Security, and ESET NOD32 Antivirus versions 10.1.219 have been released. Update to the new version is now available to all users in-product with an older version 10 and installers are available from https://www.eset.com/download/home/ Changelog Improved: Screen reader improvements including product user interface text-to-speech and tab key navigation Improved: Ability of in-product upgrade to install cross-line products to support Smart Security to Internet Security migration Fixed: Minor bug fixes and localization updates Internal improvements and fixes (e.g. "Pause protection" option is back in the tray icon menu) Known Issues Update progress indicator does not refresh automatically. This is a known issue of the current v10.1 but it will be fixed once you upgrade to v10.1.219.

It's not possible to select an action for scans run from ERA. You can: - create a policy that will set Strict cleaning mode for the In-depth scan profile and wait until it's applied on clients - run an on-demand scan task with in-depth scan profile All threats and PUAs will be cleaned automatically. You can review the quarantine in case you'd like to restore some files.

Those are either potentially unwanted or unsafe applications, or archives that also contain other than detected files. In such case, action selection is required in the standard cleaning mode. If you want to clean PUAs automatically, set strict cleaning mode for web access protection, real-time protection and startup scans. As for on-demand scans, I'd be cautious with using strict cleaning as it would also remove archives that also contain other than detected files, or files infected with a virus that cannot be cleaned at the moment. For instance, if you have an archive with tools of which some may be detected (e.g. tools for finding serial numbers), the whole archive would be removed. If you run an on-demand scan with strict cleaning, it's a good practice to review what files have been removed / quarantined.