Marcos

Upgrades-v2.pdf contains a link to a non-existing domain with phishing. Since it doesn't pose any risk any more, we'll unblock it as well as the link blocked in the other PDFs. In less than 30 minutes the files should not be detected. In case you come across possible FPs, please report them to samples[at]eset.com.

Yes, that's correct. PDF files with functional links to phishing are detected as PDF/Phishing.A.Gen. It's not possible to turn off the detection but you can exclude particular files from scanning. What's the purpose of having PDFs with phishing links deliberately on a machine?

Please contact your local ESET customer care for more information about why your ticket was closed.

When there's some public new about new versions available, we'll let you know.

Please post a screen shot of the setting where you changed the port. If you did it at a wrong place, you could disable web access protection.

Please create a Process Monitor boot log as per the instructions linked in my signature, compress it, upload it to a safe location and pm me a download link. Also enclose logs from ESET Log Collector. As for Epfwlwf.sys, this driver is not supposed to be installed if you use Windows 8 or newer and have ESET v10 installed.

Please see my signature for a link to instructions how to collect logs with ELC.

If downloading files larger than 1 MB, with Web access protection enabled ESET will create temporary files on a disk that will be subsequently scanned for malware. If it's a very large archive, it can take some time to scan which will also take some cpu resources.

Since this is an English forum, please post in English or better contact your local customer care as this appears to an issue that we won't be able to help you with without deeper investigation.

ESET doesn't provide freeware products. For home users, we provide 30-day trial versions. After the trial period, users must either uninstall it or purchase a license. For mobile devices with Android, we provide ESET Mobile Security that can work with certain limitations in freemium mode or you can purchase a license to activate advanced features.

You can have only 1 ERA Server. In branches install ERA Proxy that will act as a mediator between distant clients and the ERA server. See http://help.eset.com/era_install/65/en-US/remote_branches_with_proxies.htm.

Switch to pre-release updates in the advanced update setup so that you receive a new v10.1.219 among the first soon.

Please collect logs with ELC as per the instructions linked in my signature, upload the zip archive to a safe location and pm me a download link. This issue can be caused by ESET not being activated, by corrupted engine or by insufficient free RAM to name some reasons that have occurred me.The logs should reveal more info so we'll see. I'm quite optimistic about that we will be able to figure out the culprit.

The detection is ok. I assume the toolbar is detected as a potentially unsafe application which you've had disabled until recently.

As far as I know, this is not possible. However, I've noticed that you used "CFG_LIVEGRID_ENABLED=0" which disables one of the most important protection layers. LiveGrid not only significantly improves detection of new-borne malware but also improves performance and cleaning of malware.

There are currently no plans to use it in home products as administrators are usually technically savvy enough to be able to handle increased number of false positives which cannot be said about majority of home users.

To start off, please provide me with ELC logs as well as with the output from the attached tool. Run the tool as an administrator with the following syntax and provide me with log.txt: EpfwWfpRegV10.1.2.exe /unreg EpfwWfpRegV10.1.2.exe /reg > log.txt

No, there are no plans for that so far. I'm sorry for the confusion. I confused the abbreviation WSL with RSC in another ticket. We plan to add support for determining WSL applications.

You can simply disable shares on particular computers or limit permissions to read-only to prevent encryption if ransomware happens to run on a computer in your network. It often happens that in larger networks users have shares shared for Everyone with full permissions which is not secure. It's better to grant Everyone only read permissions and full permissions only to specific users who really need them and are protected to the maximum possible extent.

Please disregard that info. Agent will decide automatically whether a 32-bit or 64-bit version of EFSW will be downloaded and installed. The thing is the description of the file in repository that is displayed is for the 32-bit version (Windows Server 2012 and 2016 are only 64-bit) but as I wrote it doesn't matter as it's agent that will decide which to download.

It's a feature that is being fine tuned to reduce false positives and was not supposed to be seen by users yet.

We take liberty to remind you that this forum is not a means for disputing PUA detections. To report a false positive or to dispute PUA detection, follow the instructions at http://support.eset.com/kb141/. Having said that, we'll draw this topic to a close.

It sounds like you didn't export the CA and agent peer certificate before uninstalling ERA. Therefore you'll need to re-deploy agent on clients with the current CA and agent peer certificate.

Those files are not a part of Windows and do not pose any risk. Files are submitted only once; if somebody else had already submitted them, they would not have been submitted again. Simply ignore these records or better disable logging as users tend to worry they are infected if some files get submitted just because they were interesting or suspicious to ESET for some reason.

These are not warnings, only notifications about submitted files that are not logged by default. You can disable logging under Tools -> ESET LiveGrid and turn off "Enable logging" .