Marcos

ESET was installed just yesterday, ie. after the encryption occurred. The detection for Filecoder.Hydracrypt that encrypted the files was added on Feb 2.

When using an http proxy, if you deploy agent and install Endpoint on one machine, the installer will be cached by the proxy so it won't be downloaded again on other machines. Of course, remote installation is done without user interaction; an admin only has to create and send a software install task to desired clients.

That's because an action selection is required when payment instructions are detected unless you switch the cleaning mode from standard to strict cleaning. However, at this point the bigger issue is that files on that computer were encrypted and it's important to find out what happened. Please run ESET Log Collector on the infected machine and drop me a pm with the output archive attached. For instructions, see the link in my signature.

I have no clue without logs or a screen shot of the warning in the protection status window which should also provide more details about the issue. Should you encounter the issue again, gather logs with ESET Log Collector and take a screen shot of the protection status window on the client as well.

There are handful of pitfalls connected with upgrade to v10 which we've been trying to solve, such as not to offer the upgrade for Windows XP users automatically. Another problem is that after upgrade to v10 old drivers would stop communicating with ekrn due to a new signature used in recent v9 and v10 but this is indicated by a red protection status and immediate computer restart is suggested to fix the issue. We already offer upgrade to v10 for a small portion of users with older versions and plan to offer upgrade for v9 users as well some time soon.

The detection is correct. The application fulfills the criteria for deceptor detection: https://customer.appesteem.com/Home/Deceptor. Having said that, we'll draw this topic to a close.

We don't offer v10 to v9 users yet. If I'm not mistaken, that's because of a new certificate that later v9 started to be signed with which would cause direct upgrade to v10 to fail for users with older versions.

To start off, please capture the network communication using Wireshark during the upgrade. When done, save the log, compress it and drop me a pm with the log attached.

Currently if you want to upgrade to v10, download Live installer from ESET's website and run it. It will install v10 over v9.

Using the /nosafemode switch was never deemed 100% safe and is even less safe now that the tool supports removal of other ESET's products. For instance, using it to remove ERA would likely render the database corrupt.

Is the download significantly slower with ESET protection enabled? If not, I would keep protection enabled at all times.

Exclusions by detection name are applied only for potentially unwanted and unsafe applications. You can only exclude particular files with a full path from scanning. I'd suggest reporting the detected file to ESET as per the instructions at http://support.eset.com/kb141/. Also include information, such as the purpose of the application and the official product / vendor's website.

Please provide me with ELC logs via a pm (for instructions, see the link in my signature). It's necessary to check if egui.exe is no longer registered for automatic start in the run key.

Could you please post a screen shot of the Protection status window from the computer in question? Also gather logs with ESET Log Collector (see the link in my signature for instructions) and drop me a pm with the output archive attached.

Which of the following resolves the issue? - temporarily disabling protection via the ESET tray icon right-click menu - temporarily disabling protocol filtering in the advanced setup -> Web and email - temporarily disabling integration with MS Outlook in the advanced setup -> Web and email -> Email protection - switching to Pre-release updates in the advanced setup -> Update -> Profiles -> Basic -> Update type

Yes. Not Feb 14, 2018

If you have upgraded from v9 to v10, try uninstalling v10 and installing it from scratch.

Please post a screen shot of the ESET alert that you're getting. Maybe a website that hosts the images is blocked for some reason.

Currently wildcards are not supported in HIPS rules so substituting a folder name with * is not currently possible.

Open client details in the ERA console, select Configuration -> Request configuration. To speed up the process, click the client and select Send wake-up call twice with a delay of several seconds.

It takes up to a minute for Endpoint to start communicating with the agent. As of ERA v6.5 that is going to be released very soon, you will be able to push an all-in-one Endpoint installer using ERA Deployment Tool. The AIO installer can be generated in ERA and can have the policy, static group as well as activation data already pre-configured.

If the issue persists after uninstalling ESS and installing ESS or EIS v10 from scratch, gather logs with ESET Log Collector and provide me with the output in a personal message.

Automatic firewall mode is suitable for most users; it blocks all non-initiated inbound communications and allows all outbound communications. If you want to control the communication of applications, switch to learning mode for a while until rules for existing applications are created automatically and then switch to interactive mode.

If you need to use Windows firewall for whatever reason, disable ESET's firewall or replace ESET Smart Security with ESET NOD32 Antivirus. However, it's not clear to me why you would prefer Windows firewall over the ESET's one.

If foneil is already looking into it, it'd be good to pm him (and me too) your Google Play email address that's also used for activation of ESET Mobile Security.