Marcos

Maybe you have another security software installed that prevents the driver from loading. Are you able to install of ESET Internet Security or ESET Smart Security Premium and activate a trial license?

I would recommend contacting your local ESET distributor and arranging a remote session. The logs indicate severe network connectivity issues. No pcap log was created in the diagnostics folder and updates are failing (Socket connect to address 38.90.226.37 port 80 failed).

The Polish distributor should start selling ESET Security Ultimate later this year. The best course of action would be to contact them and ask about the options they could offer you. While it's possible to purchase a license in another EU country, it is possible that you would need to contact that distributor or reseller should you have any questions or help with issues in the future.

Please raise a support ticket for help with further troubleshooting. Edited 1 hour ago by Marcos

Please check trace.log for more information about errors on the server. For further troubleshooting, raise a support ticket.

I've scanned the registry as an administrator using Smart scan profile. The scan took 14 min. and 29,000 objects were scanned.

The detection is correct, the website was compromised: https://sitecheck.sucuri.net/results/https/circularhubs.de

wpsec.com reports: WordPress theme in use: Avada Version: 7.7.1 Update to version 7.9.2 https://wpscan.com/vulnerability/6c977bb4-daeb-42ef-b638-f4d323f18d66/ Should it still be getting re-infected, we recommend contacting Sucuri or another website cleaning and monitoring service to help you harden the website against attacks.

What is different if you run: /opt/eset/efs/bin/lslog -s --ods-details="ndlf8oirV"

We don't know if disabling integration with AMSI and re-enabling it works. If it does but there's a problem after the next restart, this will be addressed in the next hotfix / service update of Endpoint v11 which will be available in approximately 2 months (we've released update 11.0.2044 just recently). Administrators can temporarily disable the appropriate application status via a policy so that the error is not reported locally on endpoints.

Was the computer connected only through a cable? Logging was enabled for 3 seconds and 99% of the communication was via UDP:

Just to make sure, did the problem persist after disabling this setting, clicking OK, re-enabling it and clicking OK?

You can run the following command to list not scanned files in the said log: /opt/eset/efs/bin/lslog -s --ods-notscanned="ndlf8oirV"

What about temporarily enabling "Log all objects" for the In-depth scan profile that is used in the scan?

If the user has disk images and other big archives in a specific folder(s) on a disk, it'd be better just not to select this folder(s) in scan targets rather then disabling archive scanning completely. Unlike archives, runtime packers are used to compress executable and make them smaller. Such files are unpacked in memory upon execution. Therefore it is not wise to disable runtime packers although the files should be still scanned / unpacked by advanced heuristics. As far as EFI/Computrace is concerned, we recommend creating a detection exclusion (https://support.eset.com/en/kb6567). However, you can try upgrading the UEFI firmware to the latest version available in case the vendor has removed CompuTrace in the mean time. Advanced heuristics is crucial for detection of malware. Disabling it would deteriorate detection capabilities by a great extent. It's always turned on by default except scan on execution. This setting is there mainly for backup programs that might consider files changed after scanning if the timestamp was not preserved. Complete disk scans will always take time and won't complete in a few minutes. If modules have been updated between two scans, the cache will be cleared. Otherwise it could happen that previously undetected malware for which a detection has been added in the last update would not be detected if the file was not re-scanned. With Smart optimization enabled many files will be skipped, especially those signed by Microsoft. The good news is that with v17.1 we will bring multi-thread scanning which should improve scan times on modern systems with multiple-core CPUs.

How long did you wait for the registry scan to complete? An in-depth scan can take more than 30 minutes.

I don't know why but I'm unable to reproduce the issue with DoH enabled and set to Max protection with Cloudflare selected as the provider:

The license 33B-JFK-TWA was issued in Hong Kong for kexxxxxxxx10@hotmail.com. It's overused and thus the owner or ESET partner in Hong Kong will likely reset it soon.

Updates are usually dozens of kB in size and take a few seconds. We rarely release bigger updates that are several MB in size. I'd suggest to try connecting through a different ISP, if possible. Please raise a support ticket as the local distributor might have been reported connection issue of a particular ISP from more customers.

Blocking of the website works for me. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Launch the browser Clear browser's cache Open the website and make sure it's not blocked Stop logging Collect logs with ESET Log Collector and upload the generated archive here.

You have Kaspersky installed which injects its dll into browsers. Please uninstall it and check if the issue is gone.

Did you run the scan as an administrator? As for the error "invalid file checksum", ignore it. The archive is probably password protected.

It was a false positive (Machine Learning) that has been fixed and the file is not detected any more.

It means that the Private network connection profile was activated. Probably you have more networks listed under Setup -> Network protection -> Network connections and the connection changed when you received the message.

Please carry on as follows: Enable advanced logging under Help and support -> Technical support Start logging with Procmon Launch the browser and reproduce the issue Stop logging Save the Procmon log unfiltered in the PML format and compress it Collect logs with ESET Log Collector and upload the generated archive here along with the Procmon log.