Marcos

Not necessarily, just manually delete the folder "C:\ProgramData\ESET\ESET Security".

The problem with the duration counter is tracked as I have mentioned. There is no ETA for a fix yet since it's a very minor visual issue.

If ESET was installed on the server in the past, make sure that the folder "C:\ProgramData\ESET\ESET Security" doesn't exist prior to running the installer.

When attempting to download information about available update files, ESET is redirected to http://copyright.notify.centurylink.com.

Since we don't provide website cleaning and monitoring services and don't have admin access to your website and database, we can't help locate it. We merely see the malicious JS code in the final rendered website's code.

There's some kind of a network connection issue. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Run update and reproduce the issue Stop logging Collect logs with ESET Log Collector and upload the generated archive here.

In order to upgrade agent to the latest version supported on the given OS and by your version of ESET PROTECT server, please send an ESET PROTECT component upgrade task to the clients.

ESET Online Scanner does not install so you just need to delete C:\Users\%USER%\AppData\Local\ESET\ESETOnlineScanner if you don't want to keep it.

The engine is reported outdated after 7 days by default. You can customize this setting in the advanced update setup:

A trial license cannot be generated but you can activate trial version during installation:

The website is indeed infected: https://sitecheck.sucuri.net/results/https/monashinvestors.com

ESET products check for a newer update in 1 hour intervals by default. Besides that, they download so-called pico updates every few minutes automatically.

The website is infected:

You can find that information at https://help.eset.com/updates/.

Unfortunately it is not clear what ESET product you are referring to. Basically manually running update should check for the latest version and install it. You can also find the latest version number on the product download page.

Please provide a screenshot or scan results from VirusTotal if you are referring to a suspicious file.

A 32-bit version would not install on Windows x64 and vice-versa. So you must have a 64-bit version of ESET installed.

The license email (mxxe.hxxxxxy@btinternet.com) and ESET HOME email (m.g.hxxxxxy@btinternet.com) do not match. Is it intentional? A verification email was sent to your license email address.

The strikethrough keys should be removed:

ESET NOD32 Antivirus doesn't contain network protection. Only ESET Internet Security, ESET Smart Security and ESET Ultimate Security do.

The error is not reported with v16 because it's an older version signed with the previous Entrust certificate and having only one entry in the above Provider registry keys for the AV and FW. Unlike the older versions, v17 is signed using an ACS certificate (the Entrust cert. expired last year in December) and therefore WSC created a new key under the Provider key. Since the original key related to ekrn signed by the expired Entrust certificate was not removed (it's undocumented by MS as far as I understood), WSC started reporting the errors. If v17 was installed on a vanilla system where v16 or older was never installed, the errors are not logged. Therefore the solution is to remove the redundant Provider keys related to the previous versions of ekrn.

The files is protected with Themida protector but is not signed. Please make sure to sign files if you want to use a protector, otherwise any future versions will be detected as suspicious too.

You can download the module em000k v1020 from https://forum.eset.com/files/file/131-em000k_1020zip/ or get it from another machine that updates from ESET's servers instead of the mirror with micro updates. In safe mode create the folder "C:\Program Files\ESET\ESET Security\Modules\em000k_64\1024" and copy the 64-bit version (em000k_64.dll) there. This module will be added to the micro update packages soon so that other machines update it from a mirror.

Obviously HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} keys are still there. They must be removed and the machine rebooted. Those will be removed automatically during a product upgrade in the future. The name of the value is based on the hash of the certificate used to sign the binary so after a certificate change after the original one expired the redundant key caused the above mentioned errors to be logged.