Marcos

The threat name must be entered as @NAME=Win32/Auslogics.F We plan to improve this in future versions (likely in v7) so that the detection name does not have to have "@NAME=" prepended.

In the advanced setup, navigate to Tools -> Diagnostics and enable advanced update engine logging and manually run update. Finally collect logs with ELC and provide me with the generated zip file (upload it to a safe location and pm me a download link if too big to attach).

The setting should not be visible to users. Please tell us in which product and version do you see this setting? Is the product fully updated? Does it update from pre-release or regular update servers? Also post information about installed modules from the About window.

It's already possible to prevent notifications about activation of presentation mode from being displayed to the user or in the ERA console. All you need to do is to disable the appropriate notifications via a policy (User interface -> Application statuses (Edit) -> General:

Please enable advanced update engine logging in the advanced setup -> Tools -> Diagnostics and then run manual update. Next disable logging, collect logs with ELC, upload the generate zip file to a safe location and provide me with a download link.

Please see my previous reply.

And why should we detect it? Just for the sake of having detection on an artificial file? What about "format c: /q" ? There are many system commands that can be misused and many of them can be used for legitimate purposes. If you known malware of which part is that batch file, please email to samples[at]eset.com and we may reconsider detection.

According to the screen shot, you've checked results from 22 hours ago. If you re-scanned the url, you'd get different results: https://www.virustotal.com/en/url/16202aa14c404c52180040105b3cf3ca67e716b3dbb3a1df0eb0df882a8000b9/analysis/1499768276/ The application has been analyzed and PUA detection added. However, since this forum does not serve as a means for disputing PUA detections, we'll draw this topic to a close.

I assume you are still using ERA v5 and not ERA v6, aren't you? The error means that the appropriate blob with scan details was not found. This can happen if the ERA db is migrated but blobs are not copied to the new machine.

Please drop me a pm with the original email saved as eml or msg file attached.

The certificate appears to be ok. Make sure that you have a correct system date set.

"Detect proxy server" will check IE settings for the address of proxy server. It appears that IE doesn't connect through a proxy on your system. What error do you get if you attempt to update? I would strongly recommend upgrading Endpoint and EFSW to v6 for better protection.

If you have many clients with a slow Internet connection, you can use an HTTP proxy to cache update files so that in an ideal scenario only one client downloads them and the others will download them from the proxy cache. However, since ESET uses very small update files for clients who update on a regular basis, I don't think that there would be a problem even if more clients were updating at a time.

Please contact your local customer care who will pass your request to antispam developers. We do not disclose our internal blacklists.

It's under Antivirus -> Paths to be excluded from scanning (Edit) -> Add.

Since this forum does not serve as a means to dispute blocks or PUA detections, we'll draw this topic to a close. Please follow the instructions at http://support.eset.com/kb141. And no, it's not a clear false positive.

ESET products search for new module updates on an hourly basis by default.

Please contact your local customer care. What IP address was found on the cloud blacklist?

You can exclude a particular PUA by name via a policy:

Has ESET recently detected and cleaned some malware or PUA? Otherwise we do not write to other than ESET registry keys at all (except installation).

Why do you think there's a correlation with ESET? I would say that even completely uninstalling ESET would not change anything. Could you confirm?

We plan to release a new build of v10.1 later this week. Switch to pre-release updates in the advanced update setup to receive the program update among the first. There's no way to get this option in the menu with the current version.

We will consider hiding the system process from the list as its reputation cannot be obviously determined. The blue icon with a question mark means that no cloud information about the process could be determined and should not normally be displayed for other processes than system.

Is Endpoint v5 configured to update from ESET update servers or from a local mirror that was previously created by ERA v5? As of Endpoint / ERA v6, we recommend using an HTTP proxy for caching update files instead of using a local mirror. ERA v6 can no longer create mirror. After deploying agent on workstations, send a software install task to a couple of machines to upgrade them to Endpoint v6. If everything goes well, upgrade all the remaining machines too.

No, it's not possible. Modules must be loaded at the start of a scan which takes some time. Esets_scan is intended for on-demand scans which are not run frequently.