Marcos

In that case I assume that the issue won't go away after turning off HTTP/3 network traffic filtering. Could you confirm? Did it use to work with v17.0.16?

Are you still having issues today? Have you recently rebooted or turned off/on the machine?

Quarantined files are stored in an encrypted form so there is no chance you could run malware by going to a quarantine folder and double-clicking a file.

This Quick questions forum is for guests and does not require registration as it serves only for quick questions. It was not meant for reporting issues according to this forum rules: 4, Ask only simple questions. If you want to report an issue, inquire about your license, etc., create a forum account first. This forum is not intended for lengthy discussions. A correct procedure for reporting issues is by raising a support ticket. Should you want to report an issue in this forum in the future, please sign up first and make a post in the appropriate product forum. As for the issue, the whole problem is that Nodejs does not use the system trusted root CA certificate store while there is a bunch of Nodejs malware that our and other AV users want to be protected against at the network level. We hope that Nodejs will use the system TRCA cert. store in the future to allow that. We have provided possible workarounds in this topic. We have reported the issue to developers on Friday, ie. today is the first work day since the report. We are already testing Internet protection module 1475.1 with a fix which will be available on the pre-release update channel shortly, with release on the regular update channel to follow soon.

Support for blocking USB tethering is already on the improvement list for future versions.

If you use a Device Control policy with blocking rules, you should not use the pre-pend method in regard to local settings, otherwise the policy will always take effect regardless of permissive rules you would create locally:

It confirms my suspicion that something is continually pushing the ESET installer on the clients. Could you check in the ESET PROTECT console if you have a software install task assigned to some of the dynamic groups?

For more information about ESET technology, please read https://www.eset.com/int/about/technology/. ESET's key benefits are small system footprint and very small number of false positives while maintaining high level of protection from threats and potentially unwanted and unsafe applications. We actively listen to our customers and strive for tailoring our products to your needs. ESET also provides a top-notch XDR solution ESET Inspect (both an on-prem and cloud version) as well as ESET Managed Detection & Response services for SMB and Enterprise customers which are 24/7 threat management services, using AI and human expertise to deliver world-class ransomware protection without the need to maintain in-house security specialists (https://www.eset.com/int/business/services/managed-detection-and-response/). I would suggest to contact your local ESET distributor or reseller who can provide you with test results and comparison with competitive security products.

This is caused by a change in the latest kernel. We are working on an update which will take some time. As a workaround, you can rollback to kernel 6.1.0-18-amd64. P_EFSU-4276

If a policy that blocks the USB drive is pre-pended to the local Device control rules, then the only option to allow it in override mode is by disabling Device control.

It is for sure that the files are created by Windows Installer. Maybe ESET installation is being pushed to the machine in certain intervals. Please provide a Procmon boot log. Stop logging after a reboot only after the temp files have been created. Do not keep Procmon logging for a longer time than a few minutes.

Please raise a support ticket to find out if the device has a serial number at all.

The names suggest that the files were created by Windows Installer. Is there any reason why you suspect them to be related to ESET?

From the screenshots it is not clear what are the names of the tmp files so we can't tell if they were generated by ESET or not. Please provide some name of the tmp files. ESET may created temporary files in the user or system temporary folders, not in the Installers folder. There should be just the msi installer that was used for installation of ESET.

Please provide the logs as requested since we had a suspicion that the on-demand scan was not configured properly. 1, The difference is very likely caused by a little number of whitelisted files. Non-whitelisted (untrusted) files are re-scanned after each module update. 2, Files referenced by shortcuts are scanned. However, if they are trusted/whitelisted they should not be scanned each time. I've made a test by creating a shortcut to a 360 MB sfx file. While the first scan took about 7 minutes, after re-scanning the shortcut the scan ended immediately. 3, Perhaps the files inside the folder were hidden. If certain files were scanned, then they must have been there.

It is the distributor or reseller that issued your license who should update your email address on files.

The license was issued by Opentrey Limited and only the distributor / partner can update it.

Due to Google’s API limitations, we had to remove the feature on Android 13+.

Since this is an English forum, we kindly ask you to post in English. There's obviously a typo in your license email address. Please contact the distributor or reseller who issues the license to correct it.

It appears that you should be able to activate one more device: PROTECTED DEVICES 2 out of 3

Unfortunately blocking of USB tethering is not currently supported by Device control in ESET Endpoint products.

Since this is an English forum, we kindly ask you to post in English. As for merging multiple licenses, it's probably not possible. Please contact the distributor or reseller who sold you the licenses to find out.

Please follow the advice above and raise a support ticket.

Please raise a support ticket with this issue.

As I wrote, most if not all email messages from the archive are recognized as spam by ESET Antispam. If you come across an undetected spam message, please submit it per https://support.eset.com/en/kb141, section Submit spam or spam false positive via email .