Marcos

No problems here with automatic import. Try the following: - disable SSL/TLS filtering in the advanced ESET setup - make sure there is no ESET certificate present in the trusted root CA certificate store - restart the computer - without launching any application, open the advanced setup and re-enable SSL/TLS filtering - launch Thunderbird and check if an ESET root certificate is present in the trusted root CA certificate store.

When SSL/TLS filtering is enabled in ESET products, the root certificate is automatically imported into Mozilla Thunderbird's trusted root CA certificate store. You don't need to do that manually. To view the root certificate, open the advanced ESET setup, navigate to Web and email -> SSL/TLS -> View certificate. To export it, on the Details tab click "Copy to file" and follow the wizard.

To put it right, you should get a pop-up alert even on https sites as shown below. It's just that the browser will throw an "SSL_ERROR_ACCESS_DENIED_ALERT" error. I've tested it with ESS v10 but it should be similar with Web Control in Endpoint v6.

HTTPS websites are blocked without any message as the block occurs during handshake and not afterwards.

This is a very old Kryptik detection triggered on an incomplete Nvidia file. Ie. the file cannot be executed and is corrupted. We'll see what we can do about it. You can temporarily exclude C:\ProgramData\NVIDIA Corporation\Downloader from scanning.

I've written to DOSarrest IS for their opinion on this.

To start off, please drop me a pm with the output from ELC attached. See my signature for a link to instructions.

Click "untrusted certificate" to view certificate details. Based on the provided information you can decide whether you'll trust it or not. If you are unsure, better choose to block the communication.

I would start with uninstalling EAV 5.0 (e.g. remotely, using a software uninstall task), at least to avoid installing EES in the EEA folder. There's a chance that a fresh install will work alright. If not, you could connect remotely via RD or another remote administration software and try to install EES v6 manually. This will also enable you to generate an install log by running "ees_nt64.msi /lvx* log_name" which may shed more light if the install fails.

This was confirmed by developers as a bug. We plan to look into it tomorrow. Anyways, I was unable to reproduce it with v8 and that option did not appear in the HIPS rule editor no matter what I tried. V10 contains various enhancements and optimizations to make scanning faster and to use less memory. Better performance was also proved by testing organizations. We will be happy to assist you with resolving issue. To start off, we'd need to know if temporarily disabling real-time protection or HIPS (requires a computer restart) makes a difference in order to narrow it down. Endpoint does not have any special HIPS rules included. It was our Dutch partner who prepared a set of rules for administrators to improve protection against ransomware. However, since the rules may also prevent running legitimate scripts and applications, they should be applied only in environments where administrators are aware of possible issues and know how to react to them by editing the appropriate rule.

The IP address belongs to DOSarrest Internet Security which is a legitimate security anti-DDoS service provider and thus blocking the IP address would not be appropriate.

Does it work when you manually install Endpoint v6 over v5 or the installer ends with an error too?

No problems here with BPP and the latest version of Chrome x64 on Windows 10. What bank website are you attempting to open?

I merely added *youtube.com* to the exception list with the action set to Block. Although I tested it with ESS, it shouldn't be any different with Endpoint.

I can't seem to reproduce it. Youtube is blocked if I add a block exception for my account in the Parental Control setup:

Please install ESS v10 or EIS v10 (without Anti-Theft). The new version has many bugs from v8 fixed so it's likely it will also solve this issue too. According to http://support.eset.com/kb3678, we provide limited support for v8 which means in particular: Availability of regular virus signature database updates and module updates Severe problems, such as when the product or its main functionality is not working or is causing an instability of the system or contains a major vulnerability, addressed with patches and Service Releases Customer Care is available but not all bugs will be fixed No support of new versions of operating systems

What version of Chrome do you use? 32 or 64-bit? Do you use blocking by category or by url? Do you have SSL/TLS scanning enabled?

This was already discussed at https://forum.eset.com/topic/10923-allow-internet-access-only-with-vpn/.

Check status.html for the exact error and to find out if the problem is with connection itself or with the certificate. I don't know if your former server and CA certificate were generated with the hostname or IP address in the host field.

I can't find such operation in my v8 HIPS rule editor. "Potential ransomware behavior" is not supposed to be there and I can't imagine how you made it appear in the list. It's a matter of fact that v8 cannot provide as good protection as v10 does. It misses a lot of new features, such as the AMSI and script scanner, network (botnet) protection, ransomware protection, etc.

Egui,exe is supposed to be started by ekrn, however, running it manually should not cause it to crash. Please drop me a pm with the output from ESET Log Collector attached (for instructions, see the link in my signature).

Most likely you are using Smart HIPS mode. This particular behavior will be changed soon in a HIPS module update so you should not be prompted for an action any more then unless the modification is suspicious enough.

You would need to generate a new Agent Live Installer and deploy / install it on workstations in case the former server and CA certificates had the former IP address listed as host.

Couldn't it be that it was happening a couple of hours ago but not now any more?

It was mentioned in another topic that the release of ERA and Endpoint v6.5 is planned towards the end of February.