Marcos

HIPS rules are evaluated in the way that more specific rules take precedence over generic rules and blocking rules over allowing rules if both are equal in terms of defined parameters. E.g. if you have a generic blocking rule to block writing to a specific folder for any application and another allowing rule that allows application XY to write into the folder, the allowing rule will take precedence so that only the application XY will be able to write into the folder.

It's a separate product. Support for EEI will be first added in Endpoint v6.5 and ERA v6.5.

Support for Roboform 8.2 will be added in the BPP module 1098 soon. In order to get it within the next few days, switch to pre-release updates in the advanced update setup.

If installing the latest version from scratch doesn't help, provide me with the output from ESET Log Collector as per the instructions in my signature.

I'm sorry but it's not clear what issue you are having. Have you tried contacting your local customer care?

You'd need to make a list of available AV vendors and create a condition for each of them.

This will be possible with ESET Enterprise Inspector which should become available for beta testing later this year.

The file is most likely infected with the worm and it's not a false positive. You can submit the file to ESET as per the instructions at http://support.eset.com/kb141. Also I'd suggest downloading ESET Live Installer from www.eset.com and running it which will upgrade your v9 to v10 that provides better protection and also has a smaller memory footprint.

What's the problem with detected threats? Did you get an error while cleaning when threats were detected? What do you mean by non-functional on-demand scan? Does it end immediately after you start one? Is the scanner crashing? You can post your log here. If you want to purchase ESET, there's a visible button in the gui that will open the purchase page of your local distributor.

If the ICMP attacks come from a trusted IP address / device, they are probably caused by a legitimate software. In such case, you can stop detecting these attacks from that particular IP address by creating an exception. As for ESET not scanning files, it is not clear how you've learned that. If you download the eicar test file with web protection temporarily disabled, is it detected by real-time protection? Is the number of files scanned by real-time protection rising in the Statistics window? Also it's not clear what files you want to submit and why. Please clarify.

The second screen shot in the last MichalJ's post shows conditions of a dynamic group that contains computers with software from any of the mentioned vendors installed.

Could you please confirm or deny that you had previously an older version of ESET Mobile Security v3 installed and started a siren from the Anti-Theft portal? We assume that such attempt might failed in the past failed but now with the current version of EMS it's started when a signal is received. We are on it and investigating the issue with highest priority. In the mean time, you can temporarily disable Anti-Theft to prevent a siren from starting unexpectedly.

Couldn't it be that you are using Comodo firewall? It is known that it's preventing ekrn.exe from starting on Windows 10 where it runs as a protected service. Please drop me a pm with logs gathered by ESET Log Collector. For instructions, see the appropriate link in my signature.

@m4v3r1ck I will provide you with a newer version that should address the issue on Monday. Try it then with default settings and automatic mode first and if you're unable to reproduce it switch to interactive mode.

Some legitimate applications or devices, such as printers may scan remote ports. If you are using any of them, click "Stop blocking" to add an exception for the port scan detection originating from that IP address.

It's still listed at http://support.eset.com/kb332/?locale=en_US. Nevertheless, you should use automatic update server selection as IP addresses or hotsnames may change over time.

Unfortunately it's not clear what issue you are having. ESET products for home users are easy to install; it's not a rocket science or something that can only be handled by trained staff. Bbasically all you need to do is: 1, Download the appropriate Live Installer for the product you've purchased from www.eset.com and run it. 2, During installation you can opt in for detection of potentially unwanted applications (e.g. various toolbars). Basically the installers requires you to click Next 3-4 times. 3, After installation just activate the product by selecting trial version in the activation window. And that's it. We do not provide remote support for trial users but maybe some local resellers do.

In the advanced setup -> Tools -> Diagnostics enable advanced update engine diagnostic logging and run manual update. Then send me a pm with the generated updater*.etl file from the C:\ProgramData\ESET\ESET Smart Security\Diagnostics folder attached.

I assume it's a device in your network. If you trust it and a process running on the device is scanning remote ports, you can exclude the IP address from the port scan detection.

Hello, You can join the ESET Insider program for beta testing here: https://eset.centercode.com/welcome/

Does disabling Hyper-V in the Windows Features setup make a difference? If so, Endpoint v6.5 will address the issue. It should become available for the public soon.

Couldn't it be that you are using a portable version of Thunderbird? If so, you'd need to export and import the ESET root certificate manually whenever SSL/TLS filtering is re-enabled. Otherwise the following should help: - restart the computer - without launching any application, open the advanced ESET setup, disable SSL/TLS filtering and click OK - re-enable SSL/TLS filtering and click OK Then launch Thunderbird and check if you can receive email alright.

We appreciate your feedback and will definitely consider your suggestions, ie. remembering the window size/position and column width. As for the upgrade notification window, we plan to add an option to not display it for users who deliberately do not want to upgrade and want to take the risk by using an older version that doesn't protect against current threats as good as the latest version.

Unfortunately we don't see a full list of threats that were detected. I can only assume that there were some detected by email protection which doesn't quarantine malicious attachments unlike other protection modules (scanners).

This has been there since v9. Open advanced setup and navigate to User interface -> Application statuses. Do you mean the window that opens when you click the "Open in a new window" icon?