Marcos

You can still download and use ESS v10. ESS is no longer available for new purchase (only renewals are possible); it was replaced by ESET Internet Security (which is in fact ESS without Anti-Theft) and ESS Premium which is the former ESS with Anti-Theft, Data encryption and Password manager features. ESS Premium is available for existing customer for a small upgrade fee.

Cryptowall is a quite old type of Filecoder so I assume that ESET had not been installed until recently. Unfortunately, decryption is not possible.

Please do not report url blocks in our forum. Instead, follow the instructions in http://support.eset.com/kb141/. I've had a brief look at the site and it indeed fulfills criteria for blocking. Having said that, we'll draw this topic to a close.

The fact that a particular issue occurs only with ESET installed does not always mean that ESET is the culprit. There are known bugs in older operating systems which, if not patched by a hotfix, may cause various issues when ESET is installed. Similarly issues may be a result of other problematic software installed together with ESET even if both can work flawlessly if not installed and running at the same time. That said, we encourage users to troubleshoot issues prior to uninstalling ESET. Otherwise it could happen that the problem will remain hidden and may manifest at a later time with different software. Needless to say that uninstalling ESET and installing another AV would often mean exchanging superior protection for mediocre protection.

These are Norton ConnectSafe DNS servers. Does actually temporarily disabling firewall in the advanced setup make a difference or you must disable protocol filtering for browsing to start work?

We don't recommend disabling SSL filtering as it would disable HTTPS and POP3S/IMAPS filtering and scanning. It should be done only as a part of troubleshooting. However, when re-enabling SSL scanning, it's important that no browser and email client processes (Thunderbird, Windows Mail) be running. If SSL filtering appears to be the culprit, try the following: - Disable SSL filtering. - Restart the computer. - Without launching any browser or email client, re-enable SSL filtering (a new root certificate will be generated and imported do trusted root certification authority certificate stores). - Try to reproduce the problem.

We don't recommend disabling SSL filtering as it would disable HTTPS and POP3S/IMAPS filtering and scanning. It should be done only as a part of troubleshooting. However, when re-enabling SSL scanning, it's important that no browser and email client processes (Thunderbird, Windows Mail) be running. If SSL filtering appears to be the culprit, try the following: - Disable SSL filtering. - Restart the computer. - Without launching any browser or email client, re-enable SSL filtering (a new root certificate will be generated and imported do trusted root certification authority certificate stores). - Try to reproduce the problem.

Is a threat detected during the process? Does temporarily disabling real-time protection make a difference?

Rule order determines the order in which rules are evaluated. Sorting them by name would mess up the order of evaluation. Both v9 and v10 have a full-text filter where you can enter the name of a desired application to filter related rules for instance. The rule editor is subject to further improvements. We listen to our users' feedback so you or somebody else could create a new topic with suggestions how to make it work best. However, take into account that rule order determines how the firewall will work.

Since this has already been explained, we'll draw this topic to a close. Please continue in the existing topic https://forum.eset.com/topic/10556-just-ran-ransim-detection-failed/.

Does the problem persist with the latest v10?

Switch HIPS from interactive to Smart mode.

Computers can appear in multiple groups if the conditions set for particular groups are met. Perhaps you could create 2 subgroups under "Windows computers", one named "Windows desktops" and adjust the rules accordingly. As of ERA 6.5, these subgrups will be created automatically and you will be able to filter computers by type or product easily:

Never heard about such issue. Does the ESET icon appear in the tray near the clock and double-clicking it opens the main gui?

I assume that the computer is connected to the Internet so that ESS can communicate with ESET's EDF servers, isn't it? Please drop me a pm with the email address that you use to log in to my.eset.com portal as well as the computer's name (if you have more devices registered).

ESET is not playing any dirty games with you either. The forum system was developed by a 3rd party company, not by ESET and it's also used by other companies and some other AV vendors too. In your screen shot I didn't see any options being greyed out, only the headings as TomFace correctly pointed out. But those are not clickable items. Aren't you able to click "Account settings"? Please clarify what you would like to achieve and we will guide you.

Once you have marked your computer as missing and a phantom account has been created, you should still be able to log in to your original account on the logon screen after entering the appropriate password. The phantom account will remain created. Do you mean that you have no option to log into your account and only the phantom account is available?

Unfortunately, it's not possible to avoid it without disabling scanning of emails as information about scanned emails must be stored somewhere. We plan to change this but since it requires big changes in plug-ins, it's rather a long-term plan. Perhaps the issue could be mitigated by installing ESET on the mail server and disabling email protection on clients.

If you mean settings in Endpoint, then the settings were likely set by an ERA policy and therefore are not configurable on the client.

If you to the client, is the protection status actually red? If so, please drop me a pm with the output from ELC attached. For instructions, see the link in my signature.

I reckon this should be fixed in v6.4 that is planned to be released soon.

You can control logging of all scanned objects here:

You can enable advanced firewall logging in the advanced setup -> Tools -> Diagnostics, restart the computer and reproduce the alert. Then disable logging and navigate to the C:\ProgramData\ESET\%ProgramName%\Diagnostics folder. Compress the file EpfwLog.pcapng and send it to me as an attachment via PM. Also include ELC logs (see my signature for instructions).

@LinkinForcer You could try running a scan with the command line scanner ecls.exe from the ESET install folder which should scan all files. Also you can edit the Smart scan profile and enable logging of all scanned objects so that you can see each scanned file in the log. You can also play with "Smart optimization" setting to see how it affect scans on your machine.

Not all clean files are whitelisted in cloud, only the most prevalent and popular ones. As a result, if you scan whitelisted files once, they won't be re-scanned after engine (VSD) updates. However, those that are not whitelisted will be re-scanned with each new update, if a scan is attempted.