Marcos

Do you have ESS or EIS installed? Is everything in ESET's gui green and you're not getting any red sign of an issue either in the protection status or setup pane?

If you change the operation to NAND and the condition to "in", does it work?

If you have already Endpoint v6 installed, install or deploy ERA and then use it to deploy ERA agent remotely on those machines.

If also manual installation of Endpoint on clients fails, generate install logs as per the instructions at http://support.eset.com/kb406/. When done, you can post the logs here and we'll check them out.

Please continue as follows: - close any unnecessary applications that communication over network - download and install Wireshark - in the advanced ESS setup -> Tools -> Diagnostics, enable advanced protocol filtering logging - start logging with Wireshark - launch a browser and reproduce the issue - stop logging in Wireshark, save the log as a pcap file and compress it - disable advanced logging in ESS - collect logs with ELC as per the instructions linked in my signature - upload the Wireshark log as well as the output archive from ELC to a safe location and pm me download links.

If your license is for 2 devices, simply install ESET on the second device and activate it. If your license is for 1 device, uninstall ESET from it, install it on the new device and activate it.

This issue is already being discussed at https://forum.eset.com/topic/11669-eset-internet-security-v101204-firewall-bug/. However, the information that it started after a recent Windows update is new to us.

Not sure why's that, I have it there.

Please collect logs with ESET Log Collector as per the instructions linked in my signature. When done, drop me a pm with the generated archive attached. If too big to attach, upload it to a safe location and pm me a download link.

Please continue as follows: - in the advanced setup -> Tools -> Diagnostics, enable advanced firewall logging - restart the computer - when the issue occurs, generate a dump of ekrn by clicking the appropriate button in the advanced setup -> Tools -> Diagnostics - disable advanced logging - collect logs with ESET Log Collector (see my signature for a link to instructions) - upload the generated archive to a safe location and pm me a download link.

That's how it's supposed to work. What issue are you having after uninstalling ESET from the former device and installing it on a new one and activating it?

Switch to pre-release updates in order to receive a fixed firewall module at the beginning of the next week.

The problem is with your preferred language. You have "French" selected but it must be "French (Canada)". If you use a different language version that the preferred system language, ECS will be in English as the language would not match.

Does any of the following make a difference? - temporarily disabling web access protection from gui - temporarily disabling protocol filtering in the advanced setup Please provide me with the output archive generated by ESET Log Collector by following the instructions linked in my signature.

I was told that Specialized cleaner is not open automatically. The panel in your screen shot can only be accessed by clicking Help and support -> ESET Specialized cleaner.

The issue is not related to a particular version of ESS/EIS and it's caused by the firewall module which is same for all versions. A newer firewall module with a fix is planned to be released next week. I would strongly recommend keeping pre-release updates enabled on non-production systems. This way you will be able to switch between the previous and current version of a module in case you encounter an issue and report it to ESET, giving us enough time to fix it before the module is released for all users.

We don't sell on Amazon and it's against EULA to re-sell ESET's products this way. Nevertheless, with your license you can activate your ESET poduct as many times as you want provided that it's not installed on more machines/devices than covered by your license.

Please post in English as this is an English forum and we don't speak Russian.

That's correct. Please create an updater etw log as follows: 1, Run the following command as an administrator: logman start updater -p {f329ae9a-556d-4934-920f-234e835d9ece} 0xffffff 10 -o C:\eset.etl -ets 2, Run manual update to reproduce the issue 3, Run the following command as an administrator: logman stop updater -ets 4, Drop me a pm with the log c:\eset.etl attached.

Do you have the latest version of EFSW v6 installed? If I understand it correctly, it doesn't update from a mirror but from ESET's servers through an http proxy. Have you tried clearing update cache to see if it helps?

Do you have the preferred language set as follows?

I wonder if the others have the same event logged in the Windows event log. If you are able to reproduce it, please generate also a Procmon boot log as per the instructions in the appropriate KB linked in my signature.

Do you mean that the issue occurred also with automatic firewall mode and no custom rules created? The fact that deleting rules helped the others could be just a coincidence. Those who are having this issue with red protection status due to problems with the firewall, please generate an ekrn dump via the advanced setup -> Tools -> Diagnostics -> Generate dump file when the issue is manifesting. When done, compress the dump in the Diagnostics folder, upload it to a safe location and pm me the download link. Also enable advanced firewall logging in the advanced setup -> Tools -> Diagnostics and reboot the computer. If the issue occurs, provide me with the firewall etl logs found in the Diagnostics folder.

That's not possible. Such logs could easily exhaust disk space on clients, needless to say what impact it would have on the ERA database.

There are minimal differences in detection among top AVs and ESET usually scores about 99%. Tests are tests, there's nothing like 100% malware detection in the real world. V9 was lighter on resources than previous version and v10 is even lighter with the memory consumption cut to about 10-20% compared to older versions. If you feel the opposite, ie. that v10 has a noticeable impact on performance, we're interested in looking into it and I'm pretty sure that a solution would be found. First of all, we'd need to know what protection module needs to be disabled for the issue to go away as well as what particular operation you are doing when you notice a performance issue. V5 doesn't contain new features that proactively protect against new-borne malware, ransowmare or script malware. As of v9, we started to leverage a new HTML-based interface provided by a 3rd party company that is also utilized by several other vendors, including AV vendors. It brought new possibilities that were not feasible with the former Windows interface used by older versions. Of course, the new graphical engine is not 100% ideal, especially when it comes to resizing the main gui but we provide an option to open a particular panel in a new window that can be stretched to full screen.