Marcos

The user interface (gui) is something that a vendor cannot make it to everyone's liking. There are users who didn't like the old interface but like the new one, those who liked the former one but don't like the current one and those who don't like either. Unlike other applications, an antivirus program is meant to be set-and-forget and its gui is something a common user should not see often. Program updates cannot be controlled via the setup. Our goal is to provide users with fully fledged security products that provide maximum protection against current threats. The older program version a user has installed, the worse protection is provided. V8 pales in comparison with v10 which provides excellent protection against ransomware as well as other (not only) zero-day threats.

In the advanced HIPS setup you can try disabling running as a protected service. This would deteriorate protection capabilities but at least you could do it for a test and to narrow it down.

Ok, so the issue may not occur in automatic mode but we cannot confirm nor deny that assumption. We've also tried interactive mode but yet could not reproduce the issue. Let's see if the logs will shed more light.

Did you switch to interactive mode immediately? We'd need to be sure about whether the crash occurred with default settings and with automatic firewall mode or only after switching the firewall mode to interactive.

If you check client details in the ERA console, has the client connected recently? If you check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html on the client, are there any errors in red or all records are green? While troubleshooting issues, it would be good if you edit agent's policy and change the logging verbosity to "debug" or "trace". Do this also for the server in Admin -> Server settings -> Advanced settings -> Logging. After the policy has been applied on the agent, reproduce the issue and then provide us with trace.log logs both from the server and the client.

Do you run ECSP on a virtual machine or Mac hardware? Were you doing something specific when the crash occurred? We've tried to reproduce the issue to no avail. I'm gonna drop you a pm with instructions how to gather diagnostic logs for further analysis.

The issue should be fixed soon via a firewall module update.

You can switch to strict cleaning mode. It's a per-module setting so you may want to change it for real-time, web/email protection, etc. separately. As for the on-demand scanner, the cleaning mode can be set for each of the on-demand scan profiles.

Does the problem persist if you uninstall v9 and install v10 from scratch?

Also see my response response, create the log accordingly and supply it to me via a pm: Please install WDK for your operating system, e.g. from https://www.microsoft.com/en-us/download/details.aspx?id=11800for Windows 7, Windows Vista, Windows XP, Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. It's enough to install Tools or extract tracelog.exe from the iso image. Then continue as follows: 1, create the folder c:\logs 2, run the following command with elevated administrator rights: tracelog -start updater -guid #f329ae9a-556d-4934-920f-234e835d9ece -f c:\log\update.etl -append -UsePerfCounter -flag 0xff -level 0xff 3, reproduce the issue 4, run the following command with elevated administrator rights: tracelog -stop updater 5, send me the log c:\log\update.etl as well as information about the exact version of the ESET product you have installed.

Probably you mean ELEX potentially unwanted application. Try uninstalling the suspicious application via the Control Panel. If you have detection of potentially unwanted applications enabled, ESET should detect it.

I'm not aware of any tests with various hardware configurations so you'd better to try yourself.

If you have protocol filtering enabled in EFSW, do you have the Windows hoftix KB2664888 installed?

It was mentioned elsewhere that Endpoint v6.5 and ERA v6.5 are going to be released soon. Stay tuned As for the errors opening certain files, you can use the filter feature to hide them in a scan log.

The threats were detected on Feb 14 which is exactly 7 days ago. Just in case, trigger an alert by downloading the eicar test file from http://www.eicar.org/download/eicar.com to ensure that a fresh threat alert is generated and then create the report again.

This is not a problem with ESET. The certificate is untrusted for some reason. Do you have a correct system date set? What were you doing before this notification popped up? When I go to https://shim.btrll.com/, the certificate is evaluated as trusted. I was able to reproduce it only by setting the system date beyond August 12, 2017 which is when the certificate used on the website expires.

Does the question pop up even if you don't have any browser running? Perhaps you could gather logs using ESET Log Collector. See my signature for instructions and drop me a pm with the output archive.

If you suspect ESET to be the culprit, you can try temporarily disabling automatic start of real-time protection in the advanced setup and restarting the computer. Should the problem persist, disable HIPS as well and reboot the computer. If nothing helps, try temporarily uninstalling ESET and see if the issue actually goes away or not.

Didn't you activate Anti-Theft and mark the computer as missing?

Does the problem persist if you uninstall v9 and install the latest v10 from scratch?

There are many files, such as pagefile.sys that are exclusively used by the operating system and regardless of the account an application (a scanner or even malware) is running in it won't be possible for it to access them. As for the archive damaged message, it could be either a corrupt archive or the size of the files exceeds certain scan limits.

You should disregard these errors. The current user under which the scan is run doesn't have sufficient privileges to access these files.

A secured browser supports only a limited (trusted) set of extensions. What extensions are you missing?

Have you read this post? https://productforums.google.com/forum/#!topic/chrome-admins/aGt853bpPzc " I had to disable the GPO "making chrome default browser" setting." Or is that a home computer that is not in a domain?

Please drop me a pm with you public license ID attached. Also provide the output V9ActivationTroubleshooter.txt from the attached tool. V9ActivationTroubleshooter.rar