Marcos

It would be great if you could configure the system to generate complete memory dumps as per the instructions at http://support.eset.com/kb380 and generate one manually when the issue recurs.

It depends on the number of files and the type of files. For instance, large archives or containers (e.g. iso images that may be several GB in size with dozens of thousands files inside) may take a long time to scan as each file needs to be extracted first and then scanned. You can try temporarily disabling scanning of archives just to see how much the scan time will drop.

I'd suggest to try enabling the "Increase network volumes compatibility" setting in the real-time protection setup as suggested on page 7 of the manual https://download.eset.com/com/eset/apps/home/eav/mac/latest/eset_ecs_6_userguide_enu.pdf.

Automatic activation is possible. Basically what you need to do is: - Add your license to ERA - Deploy ERA agent on clients and make sure it starts reporting to ERAS - Create a dynamic group with no ESET Endpoint product installed (see http://help.eset.com/era_admin/65/en-US/index.html?dg_example_1.htm) - Create a Software install task (you'll select the desired product and license that you have previously added to ERA) and bind it to that dynamic group. When done, edit the task and change the trigger to "Joined dynamic group" so that the activation task is run when a client falls to the dynamic group with no ESET Endpoint installed. As for the http proxy server, since you have used the All-in-one ERA installer, it's already pre-configured both in the ERA Agent and ESET Security product policies.

Are the clients connected to the Internet? If so, directly or through a proxy server? Ideally they should be able to reach ESET's servers as the ERA agent on client would communicate with ESET's activation servers. Otherwise you'd need to use offline license files to activate Endpoint on clients. As for updates, we'd recommend using an HTTP proxy server (Apache HTTP Proxy is bundled in the all-in-one installer) to save a lot of network traffic. Creating a local update mirror would be a waste of traffic as it would download a lot of update files that may not be needed by clients in your network. By the way, what solution did you use previously that had the activation process more straightforward? Link to help files that could help you: Adding a license key to ERA (http://help.eset.com/era_admin/64/en-US/admin_license_add.htm) Deploying agent (http://help.eset.com/era_admin/64/en-US/fs_agent_deploy.htm) Installing Endpoint (http://help.eset.com/era_admin/64/en-US/client_tasks_software_install.htm) Activating Endpoint (http://help.eset.com/era_admin/64/en-US/client_tasks_product_activation.htm) Should you need further clarification or help, don't hesitate to ask.

Fixed now. Thanks for the heads-up.

Below is a response I've received from the channel manager responsible for Thailand: They offer other options such as bank transfer/ over the counter service for renewal, customer can contact the distributor at (+662) 683-5100 or send an email to best[at]activemedia.co.th for them to assist with the renewal. Besides credit card there are other payment options for customer from their e-store:

I think it's easily doable. Simply add a new zone (e.g. "IP block") with the IP addresses delimited by a comma. Then create a new blocking firewall rule that will have the zone listed on the Remote tab:

Redirects to fake surveys, the website will be blocked momentarily. Please report suspicious urls to samples[at]eset.com next time.

The Dutch distributor fixed the policy several months ago and we've also released a new Configuration engine module to address this issue. If you use the same anti-ransomware policy, you should not experience the activation issue again.

Perhaps those threats would show up if you disabled all filters? According to the screen shot, you have a filter to show only new threats in the last week set. In order to clean active threats automatically, run a full disk scan from the ERA console on the infected computer. I'd recommend running an on-demand scan task that will use the "In-depth scan" profile settings and set the cleaning level to "Strict cleaning" in order for potentially unwanted or unsafe applications to be cleaned automatically. Then mark the threats as resolved manually.

Please collect ELC logs as per the KB in my signature and send me the generated zip via a pm, if not too large.

Is a policy applied to EFSW from ERAS ? If so and the policy was created months ago, could you remove it and re-create it? It might have a seat-id included which would then cause issues with activation.

It's definitely not because of license overuse. What activation error message are you getting?

Endpoint v6 can detect suspicious encryption-like behavior and trigger a memory scan to detect and clean possible malware. As of v10 EAV/EIS/ESSP (home versions), ransomware protection is more strict and a window with action selection is displayed when a suspicious behavior has been detected.

Not that I would know of. It's not possible on Windows either.

No version 6.7 has ever been released nor compiled. The latest version of ERA and Endpoint is 6.4 and v6.5 is going to be released soon.

According to the log, the scan completed and a window like this with action selection for each of the detected PUA should have popped up:

"Apply" will apply a particular setting while "Force" will override "Apply" if set by another policy.

It's normal that a lot of files cannot be scanned either because they are exclusively opened and used by the operating system or the user in whose account the scan is run does not have read permissions to the files.

The only difference is that background scans are run with low priority.

Please provide me with the zip file generate by ESET Log Collector. For instructions, see the link to the appropriate KB in my signature. Also if possible, post a screen shot of the scanner window when the issue occurs.

@Sharp1903 Apparently your v10 attempts to download update files from v9 update servers. Did you install v10 over v9? I'd suggest: 1, Backing up the folders C:\ProgramData\ESET\%ProductName%\updfiles folder as well as C:\Program Files\ESET\%ProductName% in case they will be needed for further investigation. 2, Uninstalling v10 completely. 3, Installing v10 from scratch.

Not yet. The feast and holiday season ends tomorrow so please wait with an answer as to what v10 features are planned to be included in ECS/ECSP until next week. As for the features, the number of threats for Mac as well as the number of ECS/ECSP users is far less than for Windows so obviously ECS/ECSP will likely always have less features than products for Windows. Needless to say that many things are feasible to do on Windows while they are difficult if not impossible to do on Mac.

Check the About window and make sure that you have Rapid response module 9288 installed.