Marcos

After the trial period ends, you can either purchase a license or uninstall ESET.

If you don't have any issues with v10.0.390, there's no need to upgrade to v10.1, especially if you pause protection from time to time.

Are you able to reproduce it every time after a reboot? On my machine, v10 ekrn takes about MB of RAM and egui of RAM. Do you do something specific, e.g. run an on-demand scan of the disk when the memory usage by ekrn goes up?

Microsoft has released a patch for the MS17-010 vulnerability also for older otherwise unsupported systems. For Windows XP SP3, the patch can be downloaded from http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=9e189800-f354-4dc8-8170-7bd0ad7ca09a

No, it's a bug in 10.1 that this option doesn't appear in the menu. It's already there in the latest internal v10.2.

In terms of detection you are protected. However, in order to stop attacks at the network level you would need to have ESET Endpoint Security v6 installed which contains firewall and network protection module. ESET NOD32 Antivirus nor ESET Endpoint Security v5 do not protect you from malware exploiting CVE2017-0144 at the network level. Since we have an ongoing topic regarding Wannacryptor at https://forum.eset.com/topic/11948-massive-ransomware-attack/, we'll draw this one to a close.

It is but the release is staggered so not all users will get it at the same time.

It's a Win32 malware so it doesn't pose a risk to Mac users.

It's Filecoder.NLI. We are currently analyzing it and therefore it's impossible to tell now if decryption will be possible or not. Make sure that: - the latest version of ESET (v6) is installed on all machines in LAN - LiveGrid is enabled - HIPS, Advanced Memory Scanner, Exploit Blocker and Self-defense is enabled - no dangerous exclusions are set - all Windows hotfixes are installed I'd also recommend protecting ESET settings with a password and disabling or at least securing RDP.

Actually ESET Endpoint Security v6 and ESS v9+ (probably v8 too but I'm not 100% sure) have protected users from malware exploiting the SMB vulnerability to spread via LAN since April 25 with the network protection module. Since the vulnerability is in SMB, NOD32 Antivirus cannot protect against exploitation at the network level due to missing firewall. The detection of an exploit exploiting the SMB vulnerability CVE-2017-1044 looks as follows. Apologize for not posting English version: I would also add that a WannaCrypt memory detection was added in update 15403 which was released at ~10:30 CEST, about the time when the outbreak started.

Since you probably don't have the CA certificate backed up, you'll need to re-deploy agent while using the current CA and agent certificates.

It appears that malware has been removed from the website. We've unblocked it. A proper way how to report url blocks is described at http://support.eset.com/kb141.

Did you upgrade from v9 or you performed a clean install of v10? If you've upgraded to v10, uninstall it and install it from scratch to make sure that a proper upgrade group is written to the registry.

Not really, already detected 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 - a variant of Win32/Filecoder.WannaCryptor.D trojan Detected as of update 15404 that was released about 2,5 hours ago. It appears that VirusTotal is still not using the most current detection engine module even after that quite long time. Allegedly it exploits a vulnerability in SMB for spreading in networks. Microsoft released a hotfix addressing the vulnerability on March 14th: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Please post a screen shot of the alert that you're getting from ESET as it's not clear what detection or alert you mean.

What version of Endpoint did you have at the time Windows updates were installed?

You initially reported a different website with the com TLD. The Brazilian one should be unblocked within a few minutes.

The website does not seem to be blocked by ESET. Please make sure that your ESET product is up to date. If that's not an issue, post a screen shot of the alert, with the IP address visible.

After discussing it with a colleague from ESET, LLC, you were sent the following response on the same day (May 8) when you submitted the ticket: Did you receive this response? Micro Center sells retail (boxed) versions of ESET products so they should be assist you with this. Since you have purchased the license just recently, it should also be possible to return the product in the shop where you purchased it and get EIS for a small fee. Also I've received a confirmation that colleagues from ESET, LLC have re-sent you their last response on your email.

Regarding the error "Adding root certificate to all browsers on your PC failed ", please continue as follows: - make sure that you have Internet protection module 1303 installed (see the About window) - disable SSL/TLS filtering - restart the computer - without launching any application, re-enable SSL/TLS filtering - launch Firefox and check if the issue is resolved. Should the problem persist, download Process Monitor, repeat the steps but before re-enabling SSL/TLS filtering start logging with Process Monitor. When done, stop logging and provide me with the generated Procmon log (in a compressed form) and ELC logs. Internet protection module 1303 should solve issues with the import of a root certificate for Firefox 53.

You can try asking here. I'm sure that with the help of moderators, ESET staff and advanced knowledgeable users you'll have it answered.

It was the IP address which was blocked. It will be unblocked momentarily. Next time please report possible false positives as per the above instructions,

Please provide the appropriate record related to the detection from your Detected threats log.

Check the detected file(s) for "eval(String.fromCharCode(". If that code is not intentional, remove it. Otherwise we'd strongly recommend replacing it with unobfuscated version of the code.

You have posted a screen shot of an agent's policy. However, the missing OS updates are reported by the security product. In order to disable these notifications in Endpoint, set up and apply the following policy: