Marcos

What about temporarily disabling protocol filtering completely?

Do you mean that you completely uninstalled ESS/EIS first and then installed the latest version from scratch?

Let's start off with enabling the display of default built-in rules and putting this custom rule at the top.

Does installing ESS/EIS v10.1 from ESET's website make a difference? If not, what about switching to pre-release updates in the advanced update setup?

The reasons are legal; the detection must be optional as the user must explicitly agree with detection.

Of course, update files are signed so integrity is ensured.

What do you mean by "connecting to the ESET web" ? What application shows the error 20512000 ? Any chance of posting a screen shot of it?

Does temporarily disabling SSL/TLS filtering make a difference? When re-enabling it, make sure that no browsers or email clients are running. What about switching to pre-release updates in the advanced update setup? Doesn't it make a difference either?

OSX/Spy.Dok.A, detection added on April 27. Detection from 5 hours ago: Detection ratio: 5 / 56 Analysis date: 2017-04-28 09:20:20 UTC ( 5 hours, 30 minutes ago ) ESET-NOD32 OSX/Spy.Dok.A 20170428 Fortinet MAC/Nion.A!tr 20170428 Ikarus Win32.Outbreak 20170428 TrendMicro OSX_DOK.A 20170428 TrendMicro-HouseCall OSX_DOK.A 20170428

I think there should be no problem to use the ESET Mirror tool to create a mirror, transfer it to a computer running EEA for Linux and to update it.

We plan to release it for all v10 users next week. However, as I have already mentioned, I'd strongly recommend using pre-release updates on non-production systems, especially if you use a non-standard configuration (interactive mode with custom rules for instance). Pre-release updates are not beta updates; they are carefully tested in our environment both by QA and then also on hundreds of production machines before they are put on pre-release servers. The problem is that only very few users enable pre-release updates. As a result, you often receive the very same modules if nobody reports issues with pre-release updates and seldom they may cause issues like you have recently encountered with firewall rules. An advantage of pre-release updates is that you can switch to release updates at any time you encounter an issue and this way solve it until ESET comes up with a fixed module. Once a module has been released to all users, you won't be able to fix it yourself as switching between pre-release and release updates will not make any difference and we will have to replace the module on update servers ourselves.

This should be possible by editing the report template and adding a new filter "Static group".

Users can still disable LiveGrid completely if they feel uncomfortable with sending hashes to ESET's servers and if they are willing to sacrifice safety (ie. quick reaction to new threats) in favor of not submitting any data (in this case hashes) either. Changing the protection status can be suppressed in the Application statuses setup. If submission of files and statistics is disabled, then no data except hashes will be transmitted to ESET servers.

Is it so even if you disable/remove all filters?

Ransomware protection is part of HIPS and is planned for Endpoint v7. The problem with the current implementation in the home version is that it asks the user for an action if a suspicious behavior is detected, however, in corporate environment decisions must be done automatically and accurately. One of the biggest advantages are dynamic groups. Membership in dynamic groups is evaluated by ERA agent on workstations so even with no visibility of ERAS different policies can be applied to Endpoint based on various dynamic group conditions. E.g. it's now possible to automatically disconnect a computer from network if an active threat has been detected, run a full disk scan and connect it back to network only after the threat has been cleaned. Last but no least, it's important to keep in mind that only the latest versions of ESET's products provide maximum protection against newly emerging threats and that they cannot be managed by ERA v5.

As for LiveGrid reputation system, it's enabled by default in ESET's products as it's vital for ensuring quick response to new threats. When enabled, your ESET products will query ESET's servers about hashes of particular objects (files, urls). The reputation system does not transmit any files or statistics except hashes. If disabled, your ESET products may not detect new borne threats and recognition of such threats will be added in one of the next updates, ie. with a delay of several hours which may be too late if malware has already encrypted files for instance. Having the reputation system enabled does not only significantly improve detection of new threats but it also makes scanning faster as trusted / whitelisted files are not scanned again and again. LiveGrid information also helps us terminate suspicious processes. Regarding the LiveGrid feedback system, it sends suspicious files to ESET where suspicious undetected files are replicated and a detection may be created automatically if a file turns out to be malicious. As a result, a brand new malware potentially running on your computer may be recognized and cleaned automatically within a couple of minutes. Note that sensitive files, such as Office documents, are excluded from submission by default. In environments with a strict policy not allowing to submit files, you can disable the LiveGrid feedback system while still keep the reputation system enabled and thus benefit from what LiveGrid brings.

Since this is an English forum, most of moderators and users won't understand you unless you post in English. As for ESS v7, we strongly recommend uninstalling it and installing the latest v10 to get maximum protection against newly emerging threats.

Unfortunately, you didn't mention what message you get if you click "Update database". If ESS says it's up to date and you've upgraded to v10 from an older version, try uninstalling ESS v10 and installing it from scratch. Before you do so, do the following: - in the advanced setup -> Tools -> Diagnostics, enable advanced update engine logging - run manual update - disable logging - collect logs using ELC as per the instructions in my signature. Drop me a pm with the generated zip archive attached. If larger than 2 MB, upload it to a safe location and pm me a download link.

Please don't compare ESET to Webroot We use dependable techniques to avoid serious false positives on files, especially system files. Also LiveGrid contains information about trusted files that is shared worldwide with users plus we trust signed system files. Endpoint and server products allow for choosing deferred updates in the advanced update setup but I would never do that given the speed how new malware can disseminate and what damage it can cause.

You'd also need to switch updates to pre-release. I recommend this to be done on any non-production system as in case you come across an issue connected with a module update in the future, you'll simply be able to switch to regular updates, report it to ESET and wait until the issue is fixed. Otherwise it could happen that nobody will report us issues and a module will be released to all users. In such case, switching between update types wouldn't obviously help and the problem can only be solved by ESET replacing the module on update servers.

Also a small portion of v10 users with regular updates have received the new modules. We will gradually release it for other v10 users as well as for older versions of ESET products.

Filter negation is not currently possible. You can filter PHP malware for instance but filtering out by PHP in this case is not possible. We'll see if this can be improved in future versions of ERAS.

Conditions for dynamic group membership are evaluated by agent, ie. regardless of whether the ERA Server is accessible or not.

As of ERA v6.5, you can export/import cfg via ecmd.exe provided that this option is enabled in the advanced setup.

The new firewall module is going to be released to pre-release update servers today. @SlashRose There's no need to write in German. Probably none of ESET moderators speaks German and also not many German users are registered in our forum either. Also your English is very good so we don't need to translate from German to English ourselves.