Marcos

I wouldn't install v7 if you want to have it manageable via ERA. Basically v7 provides better protection thanks to Advanced memory scanner but this will also be added to existing Endpoint products via a module update soon.

To ignore this particular PUA, unfold advanced options in the yellow notification window, tick "Exclude from detection" box and select No action.

I was asking because using the Upgrade client feature is 100% equivalent to putting nup files to a mirror.

Unfortunately, it is not possible to custom this alert web page at the moment.

To install the new module, download the above mentioned archive and extract it to the disk. Start Windows in safe mode and replace em019_32.dat in the ESET install folder with the new one.

Please post some screen shots to illustrate the issue. It is not clear what signature database is reported in Server options -> General and on problematic clients and which one is newer as you said they were different.

Is it necessary to upgrade to the latest version of Endpoint from a mirror? Isn't creating an install package and using the "Upgrade client" feature an option?

This is not possible as threat records are not logged to the era log at all so they cannot be redirected to syslog either.

This prompt window appears if the original msi installation file has been removed from the C:\Windows\Installer folder. Did you delete files in that folder intentionally? To uninstall ESS v6 manually, run the Uninstall tool in safe mode. Then download and install the latest version 7 downloadable from ESET's website.

Try disabling the default rule "Inkomende ICSLAP-verzoeken (UPNP) voor systeem blokkeren" in the firewall rules setup and repeat the steps mentioned in my previous post. Does the problem persist even if no "Inkomende ICSLAP-verzoeken (UPNP) voor systeem blokkeren" records are logged?

Parental control sends DNS requests to ESET's server e5.sk to evaluate websites before access is granted.

Please navigate to Server options -> General and compare the virus signature database version shown in the pane with that on the clients that appear as outdated in the ERA console. Do they match or they are different?

Probably the system date/time is newer on the client than on the server.

Please carry out as follows: - enable debug logging in the ERA Server setup (Debug log -> Log to text file) - restart the ERA Server service - reproduce the problem - compress the debug log \logs\era_debug.log and send it to me via a personal message.

Maybe you enabled Parental control?

It's not possible. Why would you need that?

This is not necessary. Whether this information is included or not, it won't help us.

After the remote session, it was necessary to reproduce the difference in behavior between the latest and previous modules in our environment but I was unable to do so and everything worked as expected. While connected to your computer, I fixed your issue by importing the url list to the proper list in the URL management setup so the issue was eventually solved to my best knowledge. Please always contact Customer care when reporting issues that cannot be solved easily within a short time. I connected to the computer just to check if all settings are correct and to see if there's something obviously wrong. After such a long time I don't remember details and there is no support ticket with notes created that I could refer to.

There are quite many reasons accounting for PUA classification in this case (one can check privacy terms to find out). This forum is not a place to dispute detections. After the application has been adjusted to fulfill best practices suggested by anti-spyware coalition, you can send the new version to samples[at]eset.com and request a review.

I recall I was trying to reproduce it after the remote session to no avail as everything was working as expected in our environment. During the remote session, I told you that you put the url addresses to an incorrect list (I don't remember details as it was about 1,5 month ago) and suggested a better solution. It'd be good to tackle tough cases like this with the assistance of Customer care; forums are not meant as a replacement for contacting Customer care. Administrators in this forum can take a quick look into the issue, check your settings and provide suggestions.

Please be more specific as to what "something" means. We need to know what exact message or alert you got. Also we'll need to know if disabling real-time protection OR firewall remedies the issue. These are independent protection modules so it should be enough to temporarily disable either one. Nobody has ever refused to assist you. You registered here just a few hours ago and this was your very first post.

Exactly, the solution would be to make the installer without helper.dll (besides other necessary improvements). Arakasi, thank you for posting the link to best practices agreed on by anti-spyware coalition.

I've been using WAMP in conjunction with ESS with no problems. Does the problem actually go away after uninstalling ESS?

I had the issue with ESM3 beta, too. Beta users can simply tap "Clear data" as suggested above.

Helper.dll is not a false positive; it's a correct PUA detection. It's at user's discretion whether they want to have this kind of applications detected or not.