Marcos

Use automatic firewall mode with no custom rules while troubleshooting the issue. Have you tried unblocking communication from trusted devices in the Firewall troubleshooting wizard.

Those files in the RSA folder are not related to ransomware but mainly to SSL/TLS secure communication. It's ok that you're getting those errors as the system prevents ESET as well as other applications from accessing them.

Even if the alert says "Cleaned by deleting", a copy of the original file is put to quarantine. I can't find the file in our ticketing system with samples sent to samples[at]eset.com. Please send it to me via a personal message.

Before cleaning / deleting a detected file, a copy of the original file is put to quarantine. Do you have your ESET quarantine empty and therefore it's not possible to restore the file?

Where can I find that file?

ESET does not integrate into browsers except the script monitor for advanced scanning of scripts. Never heard of any issues so far.

You can temporarily disable protection in order to submit the file to samples[at]eset.com.

Yes, uninstalling via the Control Panel or Start menu should be enough. Even installation over v9 is supported but I wouldn't recommend it as ESET Internet Security would install in the ESET Smart Security folder. If you plan to use Anti-Theft, you can download and install ESET Smart Security v10. If not, ESET Internet Security will be ok for you.

The setting works but since we haven't released any PCU for business products, it has basically no effect. Regarding dynamic groups, of course, it's necessary to adjust the version number in the appropriate rule and bind a new install task to it. Still I think it requires less effort than downloading nup files and editing update.ver. As I wrote, ERA v7 will have upgrading to the latest version significantly improved.

Yeah, upgrade using a dynamic group is much easier than fiddling around nup files and update.ver that were downloadable from a KB for Endpoint v5. The good news is that ERA v7 will include a mechanism for upgrading to the latest version with ease.

We don't recommend doing topic hijacking, instead please create a new topic where we could discuss your issues. Also include information about what makes you think that your computer is infected. Do you have the latest v10 installed and have run a full disk scan with no malware found? Do you observe a suspicious behavior, such as bad performance, pop-up windows, etc?

The detection seems to be ok. There are two dlls - dma.dll and dma_x64.dll embedded in the package. They belong to DiskMetrics Analytics SDK. A description says: "DeskMetrics provides the data you need to identify the most engaged segments, so you can target high value users and maximize revenue." That said, if the data is collected without your knowledge and consent, the behavior is PUA-like.

Probably not on every file as only errors and detection records are logged by default. Please provide some examples of files with the full path that could not be scanned and are not already listed in the log above.

Look up current drivers for your motherboard and install them. Maybe AMD has some generic audio drivers as well.

The website is already on ESET's blacklist so there's no need to add it again manually. Check the Filtered websites log for information about the application that attempted to access blocked websites.

We'll see what the logs will show. Maybe they will actually reveal an issue that was fixed in v6.4

We have enforced registration to WSC after a program update. To enforce it manually, run as an administrator "ecmd.exe /registerav' from the ESET install folder (you must have v10.0.386 or newer installed). The problem is not with ESET but with WSC.

Please generate a Process Monitor log and let it log operations for at least one minute when the issue occurs. Also collect logs with ELC. For instructions, see the appropriate links in my signature. When done, compress the Procmon log, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and pm me a download link. As for ELC logs, you should be able to attach the output archive directly to the message, if not too large.

Couldn't it be that an on-demand scan is running? If not, does temporarily disabling real-time protection make a difference?

Automatic mode is suitable for most users as it allows all outgoing communication and blocks all non-initiated incoming communication. Of course, if you are running an HTTP server for instance, the firewall would block incoming communication unless allowed by a rule, however, this is not a common scenario on home computers. Speaking about "leak tests", I rather associate this term with DLP which ESET isn't so testing ESET for something that is meant to be handled by a DLP solution is not correct.

@Pankaj You wrote that ESET's ransomware protection is weak. However, you seem to also understand that there's no 100% malware protection and that every AV misses threats, including ransomware. You have pointed out some videos where files got encrypted despite having ESET installed. This only confirms that no AV protects from 100% of threats. So according to your evaluation you should call any AV without 100% detection an AV with weak protection. I reckon those videos were made before Christmas, ie. before we substantially extended the replicator farm for automatic replication and signature generation and also before adding a new Filecoder detection mechanism that is now part of Ransomware protection in v10. I would say it will be much harder now to find a Filecoder that would not be detected. For instance, here are the results of the latest Filecoders that are currently a few minutes or 1-2 hours old: with2901_4b76ad8a_cr246.exe (Locky) Symantec clean AVG clean ESET Suspicious object McAfee clean DrWeb clean Bitdefender clean Microsoft clean Avira clean Kaspersky clean with2901_4b76ad8a_cr42.exe (Locky) Symantec clean AVG clean ESET Win32/Filecoder.Locky.C trojan McAfee clean DrWeb clean Bitdefender clean Microsoft clean Avira clean Kaspersky clean system32_2017-01-29_20-01.exe (Filecoder.FS) ESET Win32/Filecoder.FS trojan Bitdefender clean Symantec clean McAfee clean AVG clean Kaspersky clean DrWeb clean Microsoft clean Avira clean Avast clean All I want to say is that ESET's protection against ransomware and zero-day threats is excellent and in no way can it be called weak.

It just redirects to an ad service which subsequently serves ads some of which are legit and some are scam. It will be blocked momentarily.

Disabling SSL/TLS scanning is not recommended as malicious https websites would not be blocked and POP3S / IMAPS / HTTPS scanning would not work either. Are you able to open https websites alright, for instance https://www.youtube.com ?

This would happen if the root certificate could not be imported automatically for some reason. Try the following: - restart the computer - without launching any application, open the ESET advanced setup, disable SSL/TLS filtering and click OK - re-enable SSL/TLS filtering and click OK - after a few seconds launch a browser and try to open an https website.

ESET does not affect Windows updates. Does temporarily disabling protocol filtering in the advanced setup make a difference?