Marcos

It appears that you have your license purchased from Swedish distributor.

Also don't forget to upgrade to EMSX v6.5 which provides much better protection especially thanks to LiveGrid. Ideally do not install it over but uninstall v4.5 first.

Authorization failed sounds like a bad username or password entered in the update setup. I'd suggest contacting your local customer care. Also I strongly recommend upgrading to ERA v6 / Endpoint v6 and using an HTTP proxy for caching update files.

The solution is to disable Defender prior to installing ESET. Microsoft made a sudden change in the behavior of WD which started to cause issues with various AV products. We'll be releasing Endpoint 6.5 with a workaround next week. As for consumer versions, it will take longer as more complex changes need to be done. As I wrote above, the solution is to disable WD manually if you encounter issues.

Please explain what issue you are attempting to solve. Is it that the update progress is stuck in Endpoint v5? If so, does Endpoint update from ESET's servers? Is the proxy server configured properly? I'd strongly recommend using ERAv6 but you may want to test it in a smaller environment and get familiar with it before replacing ERA v5. There are plenty of documents, videos, KBs as well as this forum which will help you understand and master ERA v6.

We have a set of anti-ransowmare HIPS rules available for administrators that they may apply but only after testing them thoroughly in their environment as they may cause various issues. Please provide a Filecoder.Jaff sample (or at least its SHA1) along with the date when you received it and the time when it began to be recognized by ESET. The detection of Filecoder.Jeffo was added on May 11, B variant on May 22 which was adjusted on June 2 to cover even more variants.

I have a different experience. AMS and anti-ransomware protection seem to be very effective and detect malware in memory even if authors re-pack it to evade detection. While it works to evade detection by most of other AVs, ESET would still detect it by HIPS (AMS). As far as I know, only Microsoft uses a similar technology.

Again, ESET is a pioneer in using advanced detection and protection methods and we indeed employ machine learning as well. One should understand that no matter what methods are used, it's not possible to prevent attackers from targeting specific vendors and modifying malware until it becomes undetected, especially if a user relies only on the AV and doesn't practice safe computing. The special thing about WannaCry was the method it utilized for spreading. Since ESET protected unpatched computers from the exploit, we were able to protect not only from WannaCry but also from other malware that exploited it. Again, it's normal that not 100% malware is detected and especially detected proactively. A detection for WannaCry was added immediately as we got the necessary data from LiveGrid. There are myriads of examples where ESET detects malware, especially Filecoders that are not detected by any other famous vendor. In a nutshell - there's nothing like 100% malware protection. If there was a security product that would detect 100% malware without FPs and the need to update, there would be no other AV vendors as everybody would go for that product. The point is to detect as much as possible proactively without FPs and to react very quickly if a new threat emerges. In my opinion, ESET does very well and the very low number of malware incidents reported by users of new product versions compared to the number of reports from older versions supports my opinion.

Does the high cpu usage occur only while opening a web page or all the time while the browser is running? What are the hw specs of the machine? Are you able to reproduce it with other browsers as well? Does the problem occur even if you run Chrome without extensions? Does temporarily disabling advanced scanning of browser scripts in the advanced setup -> Web and email -> Web access protection make a difference?

If all technologies employed by ESET are traditional for you, including anti-ransomware that monitors the behavior of running processes for ransomware behavior, then I don't know what you would expect. Please provide some examples where ESET failed to protect a system while other AV prevented the infection. There's nothing like 100% malware detection but ESET with all the different protection layers and technologies comes very close to it from my observation. Also the fact that users of new versions report ransomware incidents extremely rarely compared to users with older versions is an important indicator that advanced technologies employed by recent versions of ESET products are very effective.

ESET is actually a pioneer in utilizing new techniques For example, we developed ThreatSense.Net system before the term "cloud" was introduced by Google CEO in 2006. At https://www.eset.com/int/about/technology/ you can read more about advanced protection modules developed and utilized by ESET. Machine learning is used in the process of analyzing malware by Cloud malware protection system. The samples collected are subjected to automatic sandboxing and behavioral analysis, which results in the creation of automated detections if malicious characteristics are confirmed. ESET clients learn about these automated detections via the ESET LiveGrid® Reputation System within minutes without the need to wait for the next detection engine update. Speaking about WannaCry (WannaCryptor), ESET was one of 3 AV vendors to have proactively protected unpatched systems from EternalBlue exploit at the time of testing (https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/). In fact, ESET had already protected users for 2 weeks when the WannaCry outbreak occurred on May 12.

The module was not released as a response to that article The code handling cryptography had been part of the Internet protection module for ages until we decided to make it a separate module for easier updating.

Should anybody else have issues updating v10 after upgrade from v9 and have v10.0 installed, try downloading and installing the latest v10.1 which should handle obsolete update server records properly.

According to the log, you had v9 installed before and v10 now attempts to update from v9 update servers which fails. I'll drop you a pm with instructions momentarily.

Please post the updater etl log found in "C:\ProgramData\ESET\ESET Security\Diagnostics".

Why not to use an http proxy to save a lot of traffic? When using a mirror, you download a huge portion of files to the mirror that clients will never need.

Please enable advanced update engine logging in the adv. setup->Tools->Diagnostics, then run manual update. Then disable logging and post the updater etl log here. Did you install v10 over an older version or it was a clean install? Or you performed in-product upgrade from an older version?

If you download the eicar test file, is it actually detected by web protection and not only by real-time protection on a disk? V10 reports errors that v9 didn't even if web protection could not be registered in the system.

First of all, ESET takes information about available updates from Windows itself. In the advanced setup -> Tools -> MS Windows Update, make sure that Critical updates are selected. These are selected by default.

For now a 100% reliable solution is to disable Windows Defender prior to installing ESET. The problem here is that WD doesn't turn off instantly when we send a signal that we are going to enable real-time protection.

I can't seem to reproduce it with EPv6.5. If I enter the path to a file manually and click OK, it's added in the list. Do you have the option to require full admin rights enabled in the advanced setup -> User interface -> Access setup? If so, do you get an UAC prompt when saving changes?

Check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html on a client (Windows Server) for possible errors. Are there any? Also checking trace.log might shed more light.

Check the content of the file. It could be that it was renamed but its content wasn't encrypted.

Is it an email which is detected by EMSX or the link is blocked after clicking it in the email? Does it work after temporarily disabling web protection on clients?

Please read http://support.eset.com/kb3527 for a list of AV products and versions supported by AV Remover.