Marcos

1, Not sure what registration form you mean. After installation, you merely enter your license key. Only trial users fill in the registration form in which TAB can be used to move between fields. 2, This must be just a recent glitch with the website as nobody else has reported it and it worked just fine a while ago. Anyways, thanks for the heads-up. We have reported it to the web team responsible for the site.

The certificate seems ok, only the intermediate certificate GeoTrust Global CA uses SHA1 algorithm but this should not make it untrusted. Your system date is correct too. Could you please click plus.url.google.com in the notification window and post a screen shot of the certificate details?

We strongly recommend restarting the OS as soon as possible after upgrade. Otherwise old drivers will remain loaded until the next restart which might cause issues with a new ekrn. E.g. on servers the system could hang because the new ekrn could not verify older drivers due to a change in the signature a few months ago. On Windows 10 a shutdown with "Fast start" enabled is not an actual shutdown but a kinda hibernation (https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html).

A forensic analysis would have to be performed to find out what happened. If you want and have a paid license purchased, you can drop me a pm with the output of ESET Log Collector and payment instructions for obtaining a decoder attached.

@itman Was Defender still active after a reboot? On my Windows 10, a correct system date was set automatically (despite having the appropriate setting disabled) so after a reboot ESET's real-time protection was active again.

ESET leverages HIPS in conjunction with Advanced memory scanner and smart DNA detections based on application's behavior to recognize and block new malware, including ransomware. The system has evolved to Ransomware protection which was first included in home v10 and is being further developed for the inclusion in Endpoint products as well. See https://www.eset.com/int/about/technology/ for more information about our technology. To be honest, I can hardly remember cases with encryption reported by users with a current version of Endpoint v6 who had all protection features enabled. It's mainly users with older versions of ESET products and those who don't have it configured for maximum protection (e.g. have LiveGrid disabled) who get hit. Another category are servers with unsecured RDP which enables attackers to remote it, disable the antivirus and execute ransomware. Protecting the settings with a password would make it more difficult for the attackers to evade detection.

Never heard of such issue with regard to ESET. If hard resetting the phone doesn't help, it's unlikely that ESET is the culprit.

Active threats are cleaned automatically by running a full disk scan initiated from ERA using the "In-depth scan" profile. If no threats are found or if all threats have been successfully cleaned, they will no longer be considered active. If you are positive that everything is ok, resolve a particular threat manually.

The last digits denote a language build or re-packed build (e.g. if modules were replaced after compilation). Not sure what's the difference in determining the version number in the mentioned cases but since the last digits are not important I wouldn't consider it an issue.

You have several filters enabled. Try leaving only the "Threat resolved" filter and enabling warnings (the icon with the exclamation mark).

I would recommend contacting your local Customer care as probably further logs will be needed.

Don't bump this topic please. We, moderators, cannot do anything about it. I strongly doubt that other AV programs do not allow pressing Enter or Space in dialogs.

Why not? With SSL scanning disabled users would be exposed to threats coming via HTTPS. The report was not accurate and more vendors raised objections. As for ESET, there are currently no issues with SSL/TLS filtering; one issue mentioned in the original report had to be corrected by the author and another issue (bug) concerned only v9 but it was fixed.

Users can choose between ESET NOD32 Antivirus, ESET Internet Security (contains a firewall, antispam, Webcam protection and Home network protection ) and ESET Smart Security Premium (contains additional features like Password manager, Disk encryption and Anti-Theft).

I'm unable to reproduce the detection. This detection would be triggered in case when a website has a malicious script injected for instance. Is the detection still being triggered on your machine? If so, please provide me with logs from ESET Log Collector with "Recently quarantined files" enabled.

I assume that Enter and Space are used by JAWS-enabled applications for visually impaired persons so disabling them would prevent those users from selecting an action. I don't believe that other vendors have these keys disabled in the action selection dialog.

Emulation has always adverse effect on performance and therefore Advanced heuristics is not used on file access by default. However, it's used for newly created or modified files as well as for executed files. Disabling it would substantially reduce protection capabilities as the vast majority of signatures is based on the results of emulation by advanced heuristics.

I was unable to reproduce it. Changing the system date to the future will alert the user that the license has expired but the product remains fully functional and continues to download updates. By the way, I was unable to permanently change the system date. Windows sets it back despite the "Set time automatically" being off. If ESET stops updating after actual license expiration and is not renewed, Windows will activate Windows Defender protection instead of ESET. However, this does not seem to happen after shifting the system date.

Unfortunately, it is not clear what issue you are having. Moreover, you don't have any ESET product installed.

You can update the policy only while agent still connects to ERAS. If the IP address of the ERA server has already changed, the policy won't be applied as agent will not be able to connect to ERAS and fetch the updated policy. The solution is to re-deploy agent using correct ERAS and proxy server settings.

Probably you mean Endpoint v5 which had ERA settings stored in plain text and connected to ERA v5 directly. As of ERA v6, it's agent which communicates with ERAS and mainly for security reasons its settings are not stored in plain text. As I have already written, if you plan to change just the IP address of the server, just apply the appropriate policy with multiple ERA servers listed in the agent's policy before the original server is moved from the original IP address and that's it. Since you have already moved the server to a new IP address, the only solution is to re-deploy agent with correct ERAS and proxy server settings, e.g. using the ERA Deployment tool introduced with ERA v6.5.

Not really. As you can see, Filecoder.Crysis is often run by an attacker who connects to a computer (often a server) via RDP: https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/ Protecting ESET's settings with a password would prevent the attacker from disabling or uninstalling ESET, however, it's crucial to secure RDP in the first place.

Do you use the server for browsing the web or reading email? Couldn't it be that files got encrypted in shared folders from an infected workstation? Do you have Endpoint v6 installed on all workstations and LiveGrid is enabled also in EFSW?

If agent no longer connects to ERAS, you'll need to re-deploy it with correct ERAS and proxy server settings. Before changing the IP address of the ERA server, we recommend applying an agent policy that will have both IP addresses listed and proxy settings configured and the option to use direct http connection if proxy server is not available enabled.

Unfortunately, files encrypted by Filecoder.Crysis cannot be decrypted. Did you have ESET installed and all protection features enabled? If so, what product version it was?