Marcos

The network logs show otherwise: Please make sure you have it set to "disabled":

From your logs it was obvious that HTTP/3 was used which was the reason for not blocking the site. I assume it has nothing to do with DoH. Is the website blocked in Chrome with QUIC disabled in the setup?

Please contact your local ESET distributor for more information. We offer these 4 protection tiers / plans:

Of course, you can contact your local ESET distributor and communicate in your native language. Please understand that it is beyond this forum moderators and ESET HQ staff to respond here in all languages that exist. If you don't speak English, we kindly ask you to use a machine translator.

Files are typically retained if you run a scan without cleaning. Files are not quarantined unless cleaned so further clarification and ideally logs collected with ESET Log Collector from the machine in question will be needed.

Since this is an English forum, we kindly ask you to post in English. You can disable the appropriate application status via a policy: Please bear in mind that without ACS support you won't be able to install ESET from scratch nor upgrade it to a newer version.

This is because the server uses HTTP/3. If you disable QUIC in Chrome per https://support.eset.com/en/kb6757, blocking should work. With v17.1+ it should work even with QUIC enabled.

Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive dataView the full article

Device control should not be enabled unless requested by technical support when troubleshooting issues. It is enough that you set the Warning logging severity for the desired rule(s) to get them reported to the ESET PROTECT server. If a device was blocked and there's an appropriate record in the Device Control log, you should get it also in ESET PROTECT reports. I've created one and the record was there: If you cannot get it work, I'd recommend raising a support ticket.

Please confirm or deny if uninstalling Windhawk makes a difference.

Further logs would help only if you are able to reproduce the error.

Endpoint Security must have received an unexpected content of update.ver which contains information about update files. It is weird that it happened just once and then it worked alright.

Please make sure that the computer is online, otherwise ESET won't be able to query LiveGrid about the reputation of files and skip those whitelisted. If you think that a disk scan takes long, try to scan folder by folder to narrow it down to those that take long to scan and then continue to narrow it down to particular files. If they are not large and take long to scan, we'd like to get them for a check.

Maybe you have another security software installed that prevents the driver from loading. Are you able to install of ESET Internet Security or ESET Smart Security Premium and activate a trial license?

I would recommend contacting your local ESET distributor and arranging a remote session. The logs indicate severe network connectivity issues. No pcap log was created in the diagnostics folder and updates are failing (Socket connect to address 38.90.226.37 port 80 failed).

The Polish distributor should start selling ESET Security Ultimate later this year. The best course of action would be to contact them and ask about the options they could offer you. While it's possible to purchase a license in another EU country, it is possible that you would need to contact that distributor or reseller should you have any questions or help with issues in the future.

Please raise a support ticket for help with further troubleshooting. Edited 1 hour ago by Marcos

Please check trace.log for more information about errors on the server. For further troubleshooting, raise a support ticket.

I've scanned the registry as an administrator using Smart scan profile. The scan took 14 min. and 29,000 objects were scanned.

The detection is correct, the website was compromised: https://sitecheck.sucuri.net/results/https/circularhubs.de

wpsec.com reports: WordPress theme in use: Avada Version: 7.7.1 Update to version 7.9.2 https://wpscan.com/vulnerability/6c977bb4-daeb-42ef-b638-f4d323f18d66/ Should it still be getting re-infected, we recommend contacting Sucuri or another website cleaning and monitoring service to help you harden the website against attacks.

What is different if you run: /opt/eset/efs/bin/lslog -s --ods-details="ndlf8oirV"

We don't know if disabling integration with AMSI and re-enabling it works. If it does but there's a problem after the next restart, this will be addressed in the next hotfix / service update of Endpoint v11 which will be available in approximately 2 months (we've released update 11.0.2044 just recently). Administrators can temporarily disable the appropriate application status via a policy so that the error is not reported locally on endpoints.

Was the computer connected only through a cable? Logging was enabled for 3 seconds and 99% of the communication was via UDP:

Just to make sure, did the problem persist after disabling this setting, clicking OK, re-enabling it and clicking OK?