Marcos

Please provide logs collected with ESET Log Collector for us to check how the exclusion was created.

The ESET Uninstall tool removes all ESET remnants from the system which may not be the case when uninstalling it via the system "Add or remove programs" option.

As far as I know, we have nowhere stated that Ubuntu 24.04 LTS is officially supported. If we did, please provide a link to the article or post as it was surely a mistake and we would like to correct it. We do our best to provide you with a compatible version of ESET products as soon after an OS update release as possible. Unfortunately major changes were introduced in the release version of Ubuntu that were not announced before they would make it to the final version which broke real-time protection functionality and prevented us from introducing an updated version of ESET with the release of the final Ubuntu 24.04 LTS. As it was already mentioned, we are in the pre-release phase and new versions of ESET Linux products are undergoing QA tests before they are released.

Are the screenshots in your initial post from the same server as the logs you provided?

It's the password for protecting ESET settings: Is it an endpoint that is not managed via ESET PROTECT by administrators?

The detection / classification is correct. Detection of potentially unwanted applications is optional and is not enabled without user's consent. For more information about what PUAs are, please read https://support.eset.com/en/kb2629 .

You have contacted samples[at]eset.com, we will update you there when the issue is fixed by out IT support team.

Yes, it seems to concern policies with rules in general.

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice overView the full article

I don't see the issue in the provided logs. The email messages with infected attachments were always different and not a single one was being detected continuously:

Please provide logs collected with ESET Log Collector from the server for a start. I'd also recommend raising a support ticket.

How did you activate ESET Server Security? Using a license key, offline license file or an EBA account? Did you activate it directly on the server or via ESET PROTECT?

Basically all you need to install ESET on the new machine and use your license (subscription) key or an ESET HOME account to activate it. Since ESET was not uninstalled from the former computer, you may need to revoke the license via your ESET HOME account first and so make activation on the new machine possible.

The detection is correct, the website was indeed compromised and contains malware: https://sitecheck.sucuri.net/results/heaviside.digital

Most likely you have blocked the "Anonymizer" category in Web Control. You can create a permissive url-based rule for it.

Since this is an English forum, we kindly ask you to post in English. Please carry on as follows to resolve the issue: 1. stop the PROTECT Server service systemctl stop eraserver check if the service has been stopped systemctl status eraserver 2. install the MariaDB ODBC driver yum install mariadb-connector-odbc check if the driver has been correctly installed yum list installed | grep mariadb mariadb-connector-c.x86_64 3.2.6-1.el9_0 @appstream mariadb-connector-odbc.x86_64 3.1.12-3.el9 @appstream 3. check the alias of the ODBC driver and search for the following section: less /etc/odbcinst.ini [MariaDB] Description=ODBC for MariaDB Driver=/usr/lib/libmaodbc.so Driver64=/usr/lib64/libmaodbc.so FileUsage=1 verify if such file is present ls -la /usr/lib64 | grep -I libmaod* -rwxr-xr-x. 1 root root 326688 May 25 2022 libmaodbc.so 4. modify the "StartupConfiguration.ini" - replace the "MySQL ODBC 8.3 Unicode Driver" with "MariaDB" so the final configuration file will look like follows: vi /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini DatabaseType=MySqlOdbc DatabaseConnectionString=Driver=MariaDB;Server=127.0.0.1;Port=****;User=***;Password={****};CharSet=utf8;NO_LOCALE=1;NO_SSPS=1;Database=era_db; 5. start the PROTECT server service systemctl start eraserver

Hard to say, probably smart optimization, the number of CPU cores and the type of scanned files has an effect on that. Does it happen if you disable also archives and SFX archives?

Please contact the distributor or reseller from whom you purchased the license. We cannot update your registration information on their behalf.

Thank you for the heads-up, the issue has been reported to developers. P_EESW-11483

1, Regarding scanning of the files in the root of the C drive while scanning the c:\users folder, I assume this is due to multi-thread scanning introduced in v17.1. 2, As an administrator, many more objects are scanned compared to a scan under a normal user. 3, "when the number of files it says are scanned just stops, although you can see that it is still scanning files. " This is a normal behavior when scanning objects like the registry, WMI or larger archives.

It is only the firewall or network protection that could be involved in network issues from the technical point of view or the network traffic scanner when it comes to http(s), pop3(s) or imap(s). If disabling any of them didn't make any difference and uninstalling ESET did, it could be that simply installation of the WFP driver could interfere with another application's WFP driver or cause some unknown bug in MS WFP to manifest. Please provide logs collected with ESET Log Collector and also raise a support ticket for further investigation.

Please refer to https://forum.eset.com/topic/40783-real-time-file-system-protection-not-running-on-debian-12/ for a workaround until a new version of the ESET Endpoint is released.

What Linux distro / kernel is on the machine?

We are in the process of preparing a KB with instructions how to address login issues caused by PROTECT server restarts under heavy server load: 1. stop the PROTECT Server service systemctl stop eraserver check if the service has been stopped systemctl status eraserver 2. install the MariaDB ODBC driver yum install mariadb-connector-odbc check if the driver has been correctly installed yum list installed | grep mariadb mariadb-connector-c.x86_64 3.2.6-1.el9_0 @appstream mariadb-connector-odbc.x86_64 3.1.12-3.el9 @appstream 3. check the alias of the ODBC driver and search for the following section: less /etc/odbcinst.ini [MariaDB] Description=ODBC for MariaDB Driver=/usr/lib/libmaodbc.so Driver64=/usr/lib64/libmaodbc.so FileUsage=1 verify if such file is present ls -la /usr/lib64 | grep -I libmaod* -rwxr-xr-x. 1 root root 326688 May 25 2022 libmaodbc.so 4. modify the "StartupConfiguration.ini" - replace the "MySQL ODBC 8.3 Unicode Driver" with "MariaDB" so the final configuration file will look like follows: vi /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini DatabaseType=MySqlOdbc DatabaseConnectionString=Driver=MariaDB;Server=127.0.0.1;Port=****;User=***;Password={****};CharSet=utf8;NO_LOCALE=1;NO_SSPS=1;Database=era_db; 5. start the PROTECT server service systemctl start eraserver

Add also "*.bbci.co.uk/*" to the list of allowed addresses.