Marcos

According to the developers, the error should not occur after a reboot. Does it? Also according to the configuration, you have HIPS disabled. Does enabling it and rebooting the computer make a difference? Could you provide fresh logs collected after enabling HIPS and restarting the computer?

Please generate a Process monitor log during installation and also collect logs with ELC as per the instructions linked in my signature. When done, compress the pml log, upload it together with ELC logs to a safe location and pm me download links.

Since this is an ESET forum intended for discussing ESET's products and malware and security issues and your query seems to be unrelated to ESET products, I would strongly recommend asking users in another more appropriate forum.

Also check if the Windows Firewall service is running, .e.g. by running "sc query mpssvc" as an administrator.

If temporarily disabling firewall via gui solves the issue, please carry on as follows: - in the advanced setup -> Tools -> Diagnostics enable advanced firewall logging - reproduce the issue - disable advanced logging - collect logs using ESET Log Collector as per the instructions linked in my signature. When done, send me a pm and attach the generated zip file. If it's bigger than 2 MB, upload it to a safe location and pm me the download link.

Are there any errors in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or trace.log on the computers that do not appear in the ERA console?

Do you mean that the browser window opens too long or what you mean by that it takes ESET to verify something? Dashlane is a password manager. Does it have to connect to vendor's servers and this is what takes long? Does temporarily disabling protocol filtering make a difference?

This is a known bug that will be fixed in the next product update.

10.1.210 was already built and being tested when the missing Pause protection option was fixed. It will be fixed in the next hotfix 10.1.X release.

That is correct. CloudCar is not detected locally, only upon download (it's not blocked by a DNA hash and also it's old). However, actual malware blocked by LiveGrid would also be blocked locally when scanned.

Please provide me with logs collected with ESET Log Collector as per the instructions linked in my signature as well as with export of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ehdrv.

Please collect logs with ELC as per the instructions linked in my signature and provide me with the generated zip archive. Then uninstall v9, download the installer from ESET website and run it. It will install the latest v10. Should you encounter an issue during install, collect logs with ELC and provide them to me for perusal.

Agent does not require activation so it can't eat a seat from your license. Please clarify what you mean as you basically wrote "they have ERA Agent installed but the ERA Agent is not installed" so the statements contradict each other.

I'd prefer having both "active threat" and "unresolved threat" statuses. A concrete example: Malware has managed to run and changed local system policies (e.g. disabled task manager). Although the malware was then cleaned and no longer was deemed active threat, some of the modified local policies might have remained misconfigured. Ie. something that might not be obvious immediately but what an admin might want to look into when users report it.

Please check and remove any ESET keys from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services In particular eamonm, edevmon, ehdrv, ekrn, epfw, epfwwfp, epfwwfpr, epfwlwf. Also run "pnputil -e" and make sure there is no ESET driver listed. If there's one even if ESET is not installed, jot down the published name and run "pnputil -f -d %PublishedName%". E.g. running "pnputil -e" may output several records like Published name : oem76.inf Driver package provider : Eset spol s r. o. Class : Unknown driver class Driver date and version : 01/26/2017 6.5.2091.0 Signer name : Microsoft Windows Hardware Compatibility Publisher where ESET is listed as the package provider. To remove it from the store, you would run "pnputil -f -d oem76.inf".

This is not possible. Policies assigned to superior groups are automatically inherited.

Please provide me with ELC logs as per the instructions linked in my signature.

Did you run the ESET Uninstall tool in safe mode to remove it completely? The thing is that a v9 update group is set in the registry for some reason and therefore v10 can't update. Please try uninstalling ESET the same way as before but before installing v10 from scratch check if the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" exists. If so, do not remove it manually yet as we'd be very grateful for being able to troubleshoot the issue and find out what went wrong.

We are definitely interested in learning what issues administrators encounter with ESET Endpoint Security in their network compared to competitive solutions and what makes them go for ESET Endpoint Antivirus because of that and thus losing one important protection layer. According to a test carried out by MRG Effitas, ESET Endpoint Security v6 was one of 3 security products to successfully protect unpatched systems from the EternalBlue exploit exploited by the recent WannaCry ransomware and other malware too. If you would like to try out ESET Endpoint Security, we can issue a temporary license for your so that you can deploy it on a handful of machines and report us your findings. We will welcome any constructive feedback as our goal is to make security products that not only provide maximum protection but also fulfill your expectations and work flawlessly in your environment.

With EEA you can only apply a policy that will block access to all http(s) websites but you can't block communications via other protocols. Also please let us know what made you choose EEA over EES which provides additional protection against network attacks like EternalBlue exploited by the recent WannaCryptor.

On Windows 10 Defender should deactivate automatically after ESET has been activated. Only when ESET is uninstalled or the detection engine becomes outdated, Defender will re-activate.

Most likely, The issues started after enabling WPR.

The crash is caused by stack exhaustion, however, ESET's eamonm takes only very little of the stack. The stack seems to have started to grow after enabling ETW logging (25 ffffdb01`77b14200 fffff800`4d81b3ae nt!EtwpTraceHandle+0x150) so the solution would be to stop logging.

I meant a module update, ie. an update of the detection engine too. Not re-scanning files would be a huge security hole as previously scanned and undetected malicious files would not be detected after a detection has been added.

Please provide me with logs collected by ESET Log Collector as per the instructions linked in my signature. You can also check if the Windows Firewall service is running as it could be one of the reasons why ESET's firewall doesn't start.