Marcos

What product do you attempt to activate? Please drop me a pm with you public license ID. If you have a license for ESET Smart Security, make sure you don't install ESET Smart Security Premium.

4 GB RAM for a Windows 2012 Server system sounds too little. How many computers are supposed to connect to ERAS?

That doesn't mean those are traditional signatures. They are (with the exception of script signatures) mainly smart DNA detections based on application's behavior which means that one detection may theoretically cover an unlimited number of threat variants.

Ain't it a kind of Deceptor application? https://customer.appesteem.com/deceptors

I hardly remember an old-fashioned signature detection by ESET. Maybe with eicar and some other few files where a traditional signature suffices. ESET have used sophisticated DNA definitions for years which are based on code emulation by advanced heuristics, so not traditional signatures. I'd bet that most detections you've seen were thanks to various ESET's technologies. For more info, read https://www.eset.com/int/about/technology/.

How do you provide update files - via an HTTP Proxy (don't confuse it with ERA Proxy) running on the server where ERAS is running? Or you create a mirror using the stand-alone Mirror tool and provide update files via some kind of http server? What error are you getting on clients? Is the server with mirror or http server actually accessible from clients?

It has been confirmed to be a bug. As a workaround, enforce also IDS and advanced options via a policy.

1, Do you also believe that MS would protect you better in real life than ESET? 2, Do you believe there are security solutions that detect 100% of malware? 3, Do you believe that 1,9% difference in detection in a test is that big?

I've tried it with v10 on Windows 10 and both button are still there.

Create a new policy that will have all firewall settings marked with the force flag to ensure it will supersede other possible policies that may be applied on the clients. When creating a new policy, all settings are set to defaults. If a rule is blocking certain communication that should be allowed, you can run the Firewall troubleshooting wizard on a client to get a list of recently blocked communications and to create the appropriate allowing rule with a few clicks.

For instructions how to create an offline repository, refer to http://help.eset.com/era_install/65/en-US/offline-repository.htm. IMPORTANT: Be aware that the size of the repository is over 70 GB and the intermediary directory will be the same size. Make sure you have at least 150 GB of free space before starting this procedure.

Please let us know which of the following makes the issue go away: - temporarily disabling real-time protection from with the gui - temporarily disabling automatic start of real-time protection in the advanced setup and restarting the computer - temporarily disabling HIPS in the advanced setup and restarting the computer

What version of EAV do you have installed? Is it the latest 10.0.390? If you restart the computer and then click "Change license", nothing happens either? Do you see a list of installed modules in the About window? Also please drop me a pm with details about you, e.g. your full name, registration email address and the website through which you purchased the ESET license.

I have Endpoint v6.5 installed and with password protection enabled, I'm asked for the password when attempting to disable the protection modules.

RDP is allowed only in trusted zone by default. It could be that you don't have trusted zone set up correctly. As for the problems with opening browsers, does temporarily disabling HIPS and restarting the computer make a difference?

Except these two modules I can't think of anything else that might have effect on performance. Please make sure to also try disabling automatic real-time protection start and restarting the server. It's not the same as just pausing real-time protection via gui.

Does temporarily disabling real-time protection via gui make a difference? If not, what about temporarily disabling automatic real-time protection start and restarting the server? If that doesn't help either, also try disabling HIPS and restarting the server. Let us know about your findings.

MichalJ's screen shot is from the latest ERA v6.5 and it was taken from the screen that appears after selecting "Details" in the menu shown in your screen shot. In order to activate Endpoint manually, open the main Endpoint gui, navigate to Help and support and click the "Manage license" button. You will be provided with 3 activation options: activation using a license key, via a security admin or using an offline license file.

Most likely you have created several firewall profiles, each bound to a different network. You can collect logs with ESET Log Collector and provide me with the output. If too large to attach to a pm, upload it to a safe location and pm me just a download link.

What notification do you mean?

The ESET HTTP Server service is a part of EFSW and serves for providing mirrored files via HTTP. If you are having an issue with log in to the web console, it's not related to this service whatsoever. Did you install ERA using the all-in-one ERA installer or you downloaded and installed each component separately?

If you want to keep web access protection disabled and thus lose protection against Internet-borne threats, you can do so at your own risk. To suppress the change of the protection status, open the advanced setup, navigate to User interface -> Application statuses -> Web and email and untick "Web access protection is disabled". One should no go this route to avoid blocking of allegedly legitimates sites. Instead, block websites should be reported to samples[at]eset.com to find out the reason of blocking.

The lower servers (e.g. in different offices) should be replaced by ERA Proxy. As of ERA v6, there's only one ERA Server that communicates either with ERA Agent on clients or with ERA Proxy which acts as a proxy between clients and ERA Server. See this schema for clarification: http://help.eset.com/era_install/65/en-US/arch_server.htm

In this case, all Disk storage devices would be blocked. In order to find our device properties, connect the device and click "Populate" in the Device control window.

That's because in the case of https the communication is already terminated during the handshake. Terminating the communication afterwards would be less effective.