Marcos

MSIL/Filecoder.HC trojan

Do you use home version or Endpoint? In case of Endpoint, is the update server set to automatic selection? Do you have proxy server configured properly? If you don't use any, it should be disabled both in the update profile configuration (there you should use the global proxy config.) and under Tools->Proxy server. Last but not least I'd like to ask you to post in the appropriate product forum next time.

Do you have protocol filtering as well as HTTP scanning enabled in the advanced setup?

You can specify a list of servers in an Agent policy. If connection to the first server list fails, agent will attempt to connect to the second server in the list. I'd suggest checking the server certificate if it was generated with "*" in the host field. If not, make sure that the new IP address or hostname is added and the updated certificate is pushed via a policy to clients. Once connection to the new server's IP address is ensured, edit both Endpoint and Agent policy and configure the proxy server to point to the new IP address.

Live Installer should download and install v10.1.210. Offline installers will be updated with the next v10.1 update.

This is not currently possible but I reckon this should be improved in ERA v7 (which will not be called ERA by the way :)).

If you want to have v10.1 asap, download and run the installer from ESET's website. Upgrading v10.0 users to v10.1 will take some time and will probably not happen before the option to pause protection is brought back to the tray icon menu.

V9 users will receive the mentioned module soon. I'd recommend downloading the ESET installer from www.eset.com and installing it over v9. In case of any issues, uninstall v10 and install it from scratch.

ESET does not use the string "saturation computer" so I'm not sure where you see it. Many legitimate applications utilize ICMP in a non-standard way to send some data so it might not have been an actual attack that was detected and the problems with emails are likely caused by something else.

Microsoft has recently had a problem with expired certificated used for OCSP response. Allegedly they have already fixed it. Are you still having issues? In the mean time, we have also released version 1010 of the Cryptographic protocol support module for v10 users which falls back to CRL if certificate validation via OCSP fails.

Check the About window for a list of installed modules. V10 users should have version 1010 of the Cryptographic protocol support module installed.

There must have been a problem verifying the certificate if this warning was shown. For instance, Microsoft would send an expired certificate used to sign OCSP response earlier today. I've tried to reproduce the issue with www.googleapis.com to no avail. Are you still getting the warning despite having the system time and date set correctly? Check the About window and confirm that you have version 1010 of the Cryptographic protocol support module installed.

If there's a French ESET forum, we are not aware of it but maybe the French partner runs one. As for the warning, I assume you've made a typo and you meant the server outlook.live.com. The issue used to occur earlier today as the certificate used by Microsoft to sign OCSP response was expired. As I understood, Microsoft fixed this earlier today so the issue should be fixed by now. We've also released a new version of the Cryptographic protocol support module 1010 which fixes certificate validation so that if OCSP validation fails, we use CRL as a fallback.

I can confirm that renaming Windows Defender's service executable "C:\Program Files\Windows Defender\MsMpEng.exe" before upgrade solves the issue. During upgrade, WD activates which is fine and expected, however, for some reason it holds ESET's files for too long which prevents ekrn from starting. We are investigating if there's something we could do about it on our part.

Been getting this error until I renamed "C:\Program Files\Windows Defender\MsMpEng.exe" (Windows Defender service executable) before starting upgrade. It appears that WD activates during upgrade (which is fine and expected) but it holds some files for too long that it prevents ekrn from starting. We are investigating if there's something we could about it on our part.

Is the protection status green on the client or some errors are reported?

Check if firewall is deactivated in the advanced setup. You can enforce it via a policy in case it was overridden by another policy. If users have administrator rights, protect the settings with a password to prevent users from disabling firewall or changing Endpoint settings.

Theoretically you could use HIPS rules to block access to certain folders for browser executables. However, users could install a new browser or use a portable version of a browser to circumvent the block.

The answer is simple - home users don't have a problem to pick an option if antiransomware detects a suspicious behavior. In a corporate environment, the action must be taken automatically without causing false behavior detections if performed by legitimate applications. We plan to encorporate antiransomware protection to Endpoint v7.

All features have been there for ages: 1, It's called Smart mode (can be set in the advanced HIPS setup). 2, ESET has employed advanced heuristic, an emulator for running code in a virtual environment for more than 10 years. 3, Set Strict cleaning mode for the appropriate on-demand scanner profile. 4, Available in the on-demand scanner setup since NODv1 if I remember well.

Unfortunately, I have no clue what you mean by " An Eset firewall alert pops up about an insecure firewall being created with an option to revert back to secure default rules". A screen shot might shed more light. I, for one, have no clue how this could happen except that a configuration with this pre-configured and hidden rule disabled was imported.

It sounds like you are rather looking for Data leak protection system. ESET doesn't offer any at the moment.

By default, Parental Control uses PIN 1111. If you haven't changed it, it should work.

1, The progress bar was replaced with moving points since it was misleading. It could go to 90% quickly due to folders with only few files inside and to scan the remaining 10% it took ages because of large Windows, Users and Program Files folders. 2, The information about available updates comes from Windows Update. I reckon this happens when you choose to be notified about optional updates as well. You can configure ESET to be notified only when critical Windows updates are not installed. 3, The numbers mean how many changes to default settings were made. Some settings, such as drivers allowed to load, are configured automatically after installation.

1, Endpoint does not contain the antiransomware feature like v10 for home users does. 2, The Antiransomware feature is not a kind of thing that would magically protect against 100% of ransomware. It's similar to having no security solution that would detect 100% of threats. Therefore education of users matters. 3, When speaking about ransomware and encryption, it's also necessary to take into account that attackers often remote in via RDP, disable AV and then run ransomware manually. Therefore disabling or securing RDP is crucial.