Marcos

Also did you report the issue to your local ESET customer care? It's something that needs to be looked at by devs and thus it needs to be tracked properly by customer care.

Depending on what version of ESET Mobile Security you have installed, with Anti-Theft activated you can get your phone's position by sending the appropriate SMS or via my.eset.com portal. Also we recommend changing your login name as email addresses are not allowed for privacy and security reasons.

If you enable logging of all scanned objects in the particular scanner's profile setup and re-run the scan, does it always stop at a particular file?

I'd suggest booting to Windows Recovery console and running the command "fixmbr".

You can enable logging of all scanned objects for a particular on-demand scanner profile to see what is actually scanned. As for the files that could not be opened, the operating system may be exclusively using them or your account does not have read permissions to access them.

Our distributor supposedly contacted you about 2 weeks ago. Didn't you receive anything at your registration email address?

The tag message (signature) should be appended only to infected emails by default. Anyways, there should be normal "u" in the localized text due to encoding.

This is your first post in our forum and you have posted in someone else's topic without providing information about what was detected and where. Please create a new topic and pm me logs from ESET Log Collector per the instructions in my signature.

Please drop me a pm with logs from ELC as per the instructions in my signature. Also attach the file that the use opened.

As of v10, ESET Internet Security has replaced ESET Smart Security and does not contain Anti-Theft. Anti-Theft is now a part of ESET Smart Security Premium. As an existing customer, you can still install and use ESET Smart Security which contains Anti-Theft too.

I would suggest contacting customer care as this needs to be properly tracked as a support ticket and further logs will be needed for perusal.

As soon as I have some news from devs, I'll let you know. Could you try (at least temporarily) uninstalling PeerBlock which uses a driver from 2013 and see if the problem goes away?

Ransom doesn't perform ransomware attacks. As I wrote, ESET does not detect innocuous applications that do not do any harm as malware. As a part of ransomware protection and to prevent false positives, ESET also scans the application's code in memory. If it does not appear malicious and the application is not detected by a signature either, it won't be blocked. RanSim does not tell anything about how well a particular AV protects against Filecoders. As a result, programs that pass RanSim may be more prone to malicious file encryption than programs that fail the "tests". Needless to say that RanSim shows malware authors what kind of techniques they should evade to get around particular behavior detections of particular protection software.

Just to make sure, do not send screen shots but actual memory dump(s) that was generated during the crash.

As of v9, a new activation mechanism is used. Please post a screen shot of the activation error and also drop me a pm with your license key that you attempted to use for activation.

What is Estero that detected and removed the malware? Or you meant that ESET did not detect it as you stated later? Please email the output from ELC (see my signature for instructions) as well as a couple of encrypted documents and payment instructions to samples[at]eset.com with a link to this topic included.

That could be it. See http://help.eset.com/era_install/65/en-US/infrastructure_sizing.htm . The recommended limit for SQL Express is 5,000 clients provided that the default connection interval 20 minutes is used and the number of records transferred from clients is within standards.

Please drop me a pm with ELC logs from one of the troublesome clients. For instructions, see the appropriate link in my signature.

How many clients connect to ERAS? What's the connection interval for agents? (I reckon it's 20 minutes by default) Have you tried increasing it? Do you receive a lot of threat records from clients?

Where do you see the "Not allowed applications" list?

It was a bogus "support" call. Those people use legitimate tools and system commands to convince the user that there's some problem with their system and that he or she should purchase a particular application (of course rogue) for instance to fix the issues.

In the advanced Web access protection setup, there's an option "Enable advanced scanning of browser scripts". Disable it for a test to prevent eplgfirefox.dll from being injected into the browser. Also permanently disable (ie. don't pause) Banking and payment protection. If the problem persist after restarting the browser, most likely the issue will not be caused by ESET. What you can do is temporarily uninstalling ESET and see if the problem goes away. Your license entitles you to use also EAV which doesn't include Banking and payment protection. However, disabling it permanently in ESS should be equal to downgrading to EAV in terms of integration to browsers.

Please clarify what you would need to help with. How to create a policy with ERA v5? How to add a subnet to the Trusted zone via a policy? Or where to enable the "Do not show the dialog with protection mode settings of the computer in the network" setting? If you have opened the firewall rules/zones editor, click the "Add default" button to populate the list with default zones. Then edit the trusted zone and add as many subnets as you need.

Please drop me a pm with the output from ELC attached (see my signature for a link to instructions). Nevertheless, I would recommend upgrading to Endpoint v6 which provides better protection than v5.

It would be great if you could configure the system to generate complete memory dumps as per the instructions at http://support.eset.com/kb380 and generate one manually when the issue recurs.