Marcos

Please elaborate more on the issue you're having. Had you had both v9 and Comodo fw installed in tandem without issues and after upgrading to v10 ekrn didn't start any more? If so, what happens if you temporarily uninstall Comodo fw and install v10 from scratch?

Do you get this error when opening any https website regardless of the browser? E.g. https://www.youtube.com. What's the website of your ISP that you're unable to open?

Please provide me with logs as follows: 1, Enable advanced firewall logging in the advanced setup -> Tools -> Diagnostics 2, Reproduce the issue 3, Collect logs with ELC as per the instructions in the KB in my signature 4, Disable advanced logging. Then drop me a pm with the output archive from ELC attached. If too large to attach, upload it to a safe location and pm me a download link. You can also run Firewall troubleshooting wizard to get a list of recently blocked communications which will enable you to create the appropriate allowing rule with a few clicks. You can also download the LiveInstaller from ESET's website which will install ESS version 10 over v9. V10 provides better protection, has lower memory consumption as well as other new features and improvements under the hood.

This topic is being discussed in https://forum.eset.com/topic/10406-when-can-we-expect-a-major-upgrade-for-eset-cspro-mac-like-ssp-v10/. Therefore we'll draw this one to a close.

What browser do you use? Maybe the root certificate could not be imported to a trusted root CA certificate store which would cause issues when opening https websites. Try the following: - restart Windows - do not launch any application and open the advanced setup - navigate to Web and Email -> SSL/TLS, disable SSL/TLS filtering and click ok - re-enable SSL/TLS filtering - wait a few seconds, then open an https website in a browser. Let us know if the https website opens alright.

Please drop me a pm with the output from ELC attached. See my signature for a link to a KB with instructions.

Apache is either used as an HTTP proxy server (it's part of the ERA all-in-one installer) or as an http server for distributing updates downloaded by the Mirror tool. If you have only a handful of machines, you don't need to use Apache at all and you'll probably download updates directly from ESET's servers. SQL Server is used by ESET Remote Administrator. If you don't use it, you don't have to care about it.

To exclude Quickbooks from SSL/TLS filtering, open the advanced setup, navigate to Web and Email -> SSL/TLS -> List of SSL/TLS filtered applications and change the scan action for Quickbooks to "Ignore".

SSL_ERROR_BAD_MAC_ALERT is returned by Firefox I assume. Is the error different in IE or Chrome? Could you also check the trusted root CA certificate store that no ESET root certificate is present when SSL filtering is off?

It was a link to another ad-related site previously infected with malware that was blocked. It seems they have already cleaned it so it will removed from blacklist.

A license renewal should take effect virtually immediately, it's just that it may take a few minutes or hours at maximum for a correct expiration date to be displayed in the product. The username/password don't matter as you don't enter them in the program setup. What matters is the license number which should remain same and therefore the program should continue updating without your intervention.

Good to see that Presumably the new automatically generated GenKryptik generic detections as well as hard work of our detection engineers has borne fruit.

Do they use firewall in automatic mode? Do they have some custom firewall rules created? Please continue as follows: - in the advanced setup -> Tools -> Diagnostics enable advanced firewall logging - reproduce the issue - disable logging - collect logs with ELC (see my signature for a link to a KB with instructions) - drop me a pm with the output archive attached. As a quick solution they can use the firewall troubleshooting wizard to get a list of recently blocked communications which also allows for creation of the appropriate permitting rule with a few clicks.

We don't have a scanner for quickly scanning uploaded files nor incoming emails on a server. Such use of the scanner would be also against EULA.

Epfwlwf.sys is the firewall driver used by v9. V10 doesn't use it on newer Windows. We don't need you to do anything as it will be Microsoft's turn after we report the problem (probable Windows bug) to them.

In the "Known networks" setup, make sure there's only one network if several ones have been created due to a changing DNS server. Next, on the Network tab select "Home or office network". Then open the Network identification tab and make sure that network settings that change over time are not selected for identification of the network. In the case of OpenDNS, at least DNS server should not be selected.

In v8 a scheduler task is created for the initial scan. However, instead of editing it I would personally rather run a smart scan which is just 1-3 clicks away. The initial scan is same as any other scans run manually.

V4.2 is way too old. The latest version is Endpoint v6.4 for business users. I assume that scans with ecls are actually fast, however, loading modules takes several seconds. It is normal as all modules need to be loaded and only the engine itself is ~50 MB in size. Please elaborate more what you would like to achieve and why you mind the little delay when ecmd is started.

The problem appears to be in the wfplwfs!L2802_3ParseMacHeader function as it reads more bytes from the output of NdisGetDataBuffer than requested. We will talk to Microsoft and open a support ticket with them. We assume that the issue should not occur with v9 as it uses epfwlwf which does not register in Microsoft's wfplwfs driver. Could you confirm?

I'm afraid this would not be possible without ERA being able to request a list of local users and agent that would support it. It's similar to populating the list of connected devices on remote computers.

After installing a driver the file is flushed from disk cache to ensure that it's saved properly before the computer is restarted or turned off. I'd recommend upgrading to EPv6 as it not only provides better protection than EPv5 but also has many bugs from EPv5 fixed and contains further enhancements under the hood as well. We're about to release ERA v6.5 together with Endpoint 6.5 soon so you might want to give it a try then.

Couldn't it be that you changed the modules folder to a folder in the encrypted profile folder during installation? With default folder pointing to the ESET install folder/modules in "Program Files" no issues should occur.

Have you tried installing EPv6? It should call flushing a file after installation of a driver to prevent this.

We kindly ask you to stop reporting the block here. We have already replied that the block is correct and will remain. Samples or potential FPs should be reported as per the instructions at http://support.eset.com/kb141/. Having said that, we'll draw this topic to a close.

The reason why Proxifier does not work with ESET is that by default ekrn runs as a protected service by default. The protected service prevents Proxifier from getting into ESET's Winsock stack. Currently the solution is disabling Protected service in the HIPS setup and restarting the computer.