Marcos

Please provide more information about the use case. Why do you need to temporarily disable even email protection remotely? There's a security risk as malware might infect the computer while protection is disabled. Re-enabling protection should also trigger a full disk scan to ensure that no malware is found in memory or on the disk.

Do you mean ERA components, ESET Security products or operating system by "software"? Only these can be updated via a task from ERA.

We have only one or two year or monthly billed licenses. Licenses valid for 30-90 days are typically trial licenses and are not sold for money.

What tasks are you having issues with?

What is the name of the potentially unsafe application? This detection is optional and is disabled by default. It covers legitimate tools that can be misused in the wrong hands. If an administrator uses a specific pot. unsafe application on purpose, he can exclude it from detection. Also in ERA it's possible to make exclusions by detection name regardless of the location of such files.

It's not clear to me what notifications of changes to hardware you received. ESET does not generate any such notifications. Please post a screen shot for clarification.

Only v10 contains anti-ransomware protection. We strongly recommend upgrading to the latest v10.1 or better uninstalling v7 first and then installing v10.1 from scratch.

Again, that's because we don't use localized tag messages that are appended to email and English text is used, hence "virus" which is an English word. What you did is you changed default text to custom which is possible but it wouldn't work correctly with special Polish characters.

Currently this is not possible because the time is converted to Unix time when saving a task. We'll track it as an improvement for future versions.

Also please follow MMx's advice to redirect the system temp folder and possibly also user's temp folder to a hard drive or virtual RAM drive as there are many applications that write into these folders.

A, This cannot be fixed easily plus it's been so since NOD32 v2 at least. We don't support local encoding in tag messages and the text displayed uses strings with detection types that are globally used in the whole product which is why there can be a mix of English and localized strings in the detection name in notifications. B, I don't understand what the issue is and how it's related to ESET.

3. It's expected as we don't support local encoding. Otherwise special Polish characters would not appear correctly, hence English text is used. Notifications to email are not added by default.

1, Why should the icon change? To me it works correctly. 2, It's worked like that since the beginning if I remember well. Not sure if this behavior can be changed, will ask developers about it.

Yes, it's possible. However, once you have moved to ERA v6 I don't see any reason not to upgrade to Endpoint v6 on clients and get better protection.

I was talking about Web access protection which is part of all ESET security products for Windows. Some remarks: - I/O operations also include communication with drivers. That said, the amount of data read/written from/to a disk cannot be determined from Process Explorer and you'd need to use Process Monitor instead. - Browsers do not need to keep data from streams; they read the data, process it and do not keep it any more or ditch it right away, if not needed. However, antivirus programs need to see the whole content in order to be able to evaluate if it's malicious or not and therefore the data must be temporarily stored which is not the case of browsers. - We keep 1 MB of data in memory and the rest is saved to a disk. Antivirus programs cannot allocate too much memory in order to to store all data they need to scan. It's possible to exclude a particular url or IP address from protocol filtering in the Web access protection setup - URL management to prevent the http communication from being scanned. Edit: I've just received your Procmon log from colleagues in the US. The log contains information about operations performed in approx. 2 minutes. During this time, ESET read 4,5 MB from the disk and wrote 0 bytes to the disk which appears ok to me. Reading 4,5 MB in 2 minutes is not excessive. It appears that no media was streaming while the log was being created, otherwise ekrn would have likely created htt*.tmp files in a temp. folder.

I'm sure that your current license can be transferred to EIS seamlessly. Please contact your local distributor or ESET office to arrange that. The price of the remaining EAV license period should be subtracted from the price of EIS.

Does the problem persist after a clean install of v10.1 and successful activation and update? If so, please provide me with logs collected by ELC as I asked above.

Please generate install logs as per the instructions at http://support.eset.com/kb406/. Also collect logs with ELC by following the instructions linked in my signature. When done, drop me a pm with the logs attached.

If you use an IP camera to stream video and if it causes a lot of data to be written to a disk,you can exclude its IP address from protocol filtering. I'd bet that Windows writes much more to the swap file than Eset does. Please provide a Procmon log (ideally a boot log created as per the instructions linked in my signature) so that we can check what operations were performed.

Do you really mean Windows Defender or ESET?

Obviously you cannot prevent software from writing to SSD unless you store temporary and user profile folders on a HDD. If larger archives or http streams are scanned, the data is saved to temp files on a disk. We cannot allocate additional hundreds of MB of RAM when needed and we have to work with RAM in an optimal way. Also when update is being performed it requires quite a lot of data to be prepared for compilation of modules which is again something that cannot be accomplished solely in RAM. I guess it wouldn't be a problem to not write to a disk at all if it was common to have dozens of GB of RAM installed on users' systems but this is not something that's gonna happen in the near future.

https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine/ It appears that ESET Endpoint Security v6 was again able to protect from the exploitation of the EternalBlue vulnerability by network attack protection.

Check process exclusions. A full path to executables must be entered, otherwise HIPS will report that error.

Do you have that pdf so that we could use it for testing? I'd suggest contacting customer care and creating a regular support ticket for this as more iterations will be needed. You can also provide the pdf file along with ELC logs to me too via a pm.

I assume the issue is not fixed after a computer restart, is it? If you haven't restarted it and only shut it down (ie. put it into hibernation mode on Win10), restart it. Let's start off with collecting and providing with ELC logs. For instructions, read the appropriate KB linked in my signature.