Marcos

This has been already fixed in newer versions v10.1. An update to a newer version will be downloaded automatically soon.

Did you also read https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/? You would have found out that ESET was one of 3 products to have proactively protected against malware exploiting the EternalBlue vulnerability. WannaCryptor files were gradually blacklisted in LiveGrid on May 12 so running a test with an older engine on an offline computer would not reflect real-world protection of users. Also the fact that we've been reported only 2 cases of files encrypted by WannaCryptor, one of which was from a user with an old Endpoint v5, says something.

Do you mean that if you navigate to Admin -> Installers -> Create all-in-one installer and select Product, there are only products for Linux listed even if no filter is enabled? ,

I don't think it's possible. Plus there are several updates (I reckon different ones for certain OS) and the fix is part of rollup updates too. Haven't checked them out but the following updates are said to be related to MS-2017-0144: KB3205409 KB3210720 KB3210721 KB3212646 KB3213986 KB4012212 KB4012213 KB4012214 KB4012215 KB4012216 KB4012217 KB4012218 KB4012220 KB4012598 KB4012606 KB4013198 KB4013389 KB4013429 KB4015217 KB4015438 KB4015546 KB4015547 KB4015548 KB4015549 KB4015550 KB4015551 KB4015552 KB4015553 KB4015554 KB4016635 KB4019213 KB4019214 KB4019215 KB4019216 KB4019263 KB4019264 KB4019472 KB4015221 KB4019474 KB4015219 KB4019473

What version of ERA server do you have installed? Please check the About window and post the version number.

We have offered you help and assistance with troubleshooting the issue. Please provide us with the requested logs.

V10.2 will come with current modules included so the issue will not occur then. In the mean time, temporarily disabling protected service for the time necessary to activate your ESET product should work just fine in cases like this.

V10 is indeed much better. However, including antiransomware does not make it the first perfect solution that would detect 100% of threats and ransomware. If there was a security solution that would detect all threats while keeping the number of false positives very low, it would make no sense to updating security software on a regular basis. Also see https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/.

This is unlikely to be FP. Please continue as follows: - enable advanced firewall logging in the advanced setup -> Tools -> Diagnostics - restart the computer - reproduce the detection - stop logging - collect logs with ELC as per the instructions linked in my signature. When done, upload the generated zip archive to a safe location and pm me a download link.

The installation msi file is copied to c:\windows\installer and it's also stored in "C:\ProgramData\ESET\ESET Smart Security\Installer". If it's not there, use the Uninstall tool in safe mode.

ESET has protected unpatched systems from exploiting the CVE-2017-0144 vulnerability since approx. April 25. As for detection of malware samples, we reacted quickly to it and the detection was added in a morning update 15403 (in-memory detection) with file detection following in update 15404.

Unfortunately, the description of the issue is quite vague so we have no clue what the issue is. Please elaborate more.

What do you mean by disabling the device?

No. Both we and Dropbox must make changes in our apps. We're in touch with Dropbox developers regarding the issue.

To upgrade ERA agent on clients, send an ERA Component upgrade task to them. To upgrade Endpoint to the latest version, send a Software install task.

As I wrote, currently only the whole repository can be mirrored. If possible, use ESET's repository with an HTTP Proxy for caching downloaded files.

Not sure what you mean by adding a license and typing information as you only enter a license key in the activation window. A screen shot might shed more light.

Could you please attach C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html ?

There are plans to improve this but the required changes are not trivial. Currently only a complete repository can be created. However, you can use an HTTP proxy through which clients would download updates and installers. Once a particular file has been downloaded, it will be served from cache for other clients requesting it.

Please provide an unfiltered Wireshark log from an attempt to open a not recently visited website (to avoid using cached results). There might be an issue receiving TXT DNS responses in your environment.

As for malicious, phishing, scam and suspicious websites, ESET has strong web protection, meaning that new malware is often blocked at the network level before it reaches a computer.

You can try temporarily uninstalling ESET if neither disabling advanced scanning of browser scripts in the advanced setup -> Web and email -> Web access protection nor disabling protocol filtering make any difference.

Please create and provide us with logs for perusal as follows: 1, Open the advanced ESET setup, navigate to Tools -> Diagnostics and enable advanced update engine logging. 2, Run manual update. 3, Collect logs with ELC as per the instructions linked in my signature. 4, Upload the generated zip file to a safe location and pm me a download link. If the zip file is smaller than 2 MB, you can attach it directly to a pm.

Please do not reply to such old topics. I'm positive that the OP is not seeking an answer any more. Especially do not advise users how to substantially deteriorate ESET's protection against malware.

Please provide me with: 1, Install logs created as per the instructions at http://support.eset.com/kb406 2, ELC logs collected as per the instructions linked in my signature. Also I would strongly recommend installing Endpoint v6.5. and not the older version 6.4.