Marcos

I assume it's a bug and there was no intention behind that.

In the Application field, you must specify the full path to an application.

Does temporarily disabling the ESET firewall via gui make a difference? If not, what about disabling the firewall in the advanced setup and restarting the computer?

According to your screen shot, all protection features are on and maximum protection is ensured unless you configured some not to change the protection status in the Application statuses setup. Please provide us with screen shots that show the issue you are having.

Http server providing updates may not use port 2222, this port is used by ERAS. Do you create a mirror using the Mirror tool? If so, do you provide update files via Apache or another HTTP server? Or you installed Apache HTTP Proxy? In that case, you should leave the update server set to Choose automatically and configure Endpoint to use the proxy server.

If you have upgraded from v9, does uninstalling v10 and installing it from scratch to ensure that v10 update servers are used help?

If the ERA server is no longer available and Endpoint is password protected, perhaps the best course of action would be to reinstall ERA, re-deploy agent on clients and then push the desired policy.

Unfortunately, you didn't select your country during the registration process so we don't know where you are from. There should be also a phone number on the support web page of your local distributor which you can call if you receive no response to a support ticket.

Since this is an English forum, please post your query in English, otherwise most of users and moderators will not understand it and won't be able to respond.

Please provide a link to such topics. If there was a general problem with v10 performance reported from several users, we would have actively communicated with them, trying to find the root of the issue. Also I kindly ask you to let us know which of the steps in the instructions I provided in my previous post above resolve the issue for you. That is fundamental to know for further troubleshooting of your issue. As for the performance tests you pointed out, AV-Test has several scenarios in their performance test. While some are relevant (e.g. launching popular websites), some do not have really an impact on user standard behavior (e.g. installing applications and copying files), and in some other scenarios we might do actual scanning (installation of security suites) while others not (that’s why we look slower, on the other side not to scan imposes a security risk). Also we scan Open Office files with myriads of scripts which takes time while some other AVs simply ignore them. Yes, they are faster because of that but would you feel secure? Besides that this imposes a security risk, what is the real impact for our users? None. How often people install Open Office? Daily? Weekly? Monthly? The same holds true for the other suites they install and measure the install time. And when one installs a suite as large as these, does it matter it takes 4m21s rather 3m45s to install? Will the end-user notice this (one time only) “delay”? That said, one should take these results with a big grain of salt as without knowing the test method and without assessing the impact on common users, the results may be simply misleading.

Does uninstalling ESET and installing it from scratch with default settings resolve the issue?

This would work providing that you set "Warning" severity for the desired Device control rules, similar to Web Control: http://support.eset.com/kb6043/?viewlocale=en_US

If v10 appears to be heavier than v9, I'd suggest to start off with narrowing it down. Let us know if any of the following makes a difference: - temporarily disabling real-time protection via gui - temporarily disabling automatic start of real-time protection in the advanced setup and rebooting the computer - temporarily disabling HIPS in the advanced setup and rebooting the computer - temporarily disabling protocol filtering in the advanced setup Also let us know what you are doing when the performance impact is noticeable (e.g copying files, working with a specific application, browsing the web, etc.).

We are glad to present you a new version of Endpoint v6.6 beta. Although it doesn't bring any new features not yet known from consumer v10 product line, it contains a lot of improvements under the hood, such as very small memory footprint, a true 64-bit kernel ekrn.exe, protected service on Windows 8.1+ systems. It also brings support for AMSI (Antimalware Scan Interface) introduced in Windows 10 as well as advanced script scanner. We strongly encourage you to install and test it on non-production systems in your environment and provide us with feedback. This way we will be able to address specific issues that may occur in particular environments before Endpoint 6.6 goes final. Please refer to the following link for download instructions: https://forum.eset.com/topic/11644-eset-endpoint-security-66-is-available-for-evaluation/

Probably you have some PUA-related or phishy add-ons installed in the browser on that particular pc or the other computers don't have SSL/HTTPS filtering enabled (less likely). ESET only does its job; the certificates are obviously untrusted and therefore you are asked for an action. Of course, you can add an exception for those untrusted certificates but that would defeat the purpose of secure communication and SSL scanning. I'd try launching the browser in safe mode without add-ons/extensions to see if it resolves the issue. If so, I'd disable add-ons, one at a time, to narrow it to the problematic one(s) which should be subsequently removed.

Wildcards are not currently supported. Also %temp% variable changes with every user so it won't work either. We plan to add support for wildcards in the future.

It could be that the other security sw you have tried does not perform SSL/TLS filtering. Uninstalling ESET is actually not a solution. It's like if one would be constantly getting alerts about malware detection; uninstalling the AV would not make the malware go away. Quite the contrary, the situation would get even worse. In my opinion, you should try to find out why you have root certificates mega-tags.com (connected with ads and monetization) and bananahosting.com installed at all. It's not something one would normally like to have installed.

Downloaders usually don't do anything but download malware itself and execute it. What do you mean by "It has caused my PC to stop working properly" ?

Update servers are located in Europe and in US. If download is very slow, you can try cancelling update and running update again. There's a good chance that another update server will be contacted. You've downloaded v9 which is not the latest. The latest is v10.0.390 which also contains newer modules.

I would kindly ask everyone to refrain from personal attacks. It really doesn't matter if someone works for Microsoft or another company; everybody has the right to join discussion as long as he or her stays objective. Therefore some inappropriate comments have been removed.

You've never seen Win32/Injector, Win32/Kryptik or Win32/GenKryptik detections? Even those with particular malware names are often smart DNA detections based on emulation by advanced heuristics which can be detected by AMS in cooperation with HIPS upon execution.

What happens if you run a full disk scan and then re-scan it? Is the malware still detected? Even after running a scan after a computer restart?

This is not possible. What is the use case and what would you like those logs for?

If you get a red protection status due to a firewall failure, please continue as follows: - open the advanced ESET setup - navigate to Tools -> Diagnostics and enable advanced firewall logging - restart the computer - if the protection status is red due to a problem with the firewall, disable advanced firewall logging - collect logs using ESET Log Collector as per the instructions linked in my signature Drop me a pm with the output archive attached. If it's too large to attach to a pm, upload it to a safe location and pm me a download link.

Well, a cloud blacklisting system may be simple based on hashes of files or advanced. ESET leverages mainly a blacklist of hashes calculated from the results of emulation provided by advanced heuristics, so-called DNA hashes. For that reason, one DNA hash can block a lot of (even not yet existing) malware.