[ESET Protect NEW NOTIFICATION Malicious file JS/Agent.RJR was detected on computer...]

The detection is correct, the website was indeed compromised and contains malware:

https://sitecheck.sucuri.net/results/heaviside.digital

[web control blocked dns.google]

Most likely you have blocked the "Anonymizer" category in Web Control. You can create a permissive url-based rule for it.

[I migrated VA from CentoS to Rocky Linux, however the virtual machine starts but I have an error in the database]

Since this is an English forum, we kindly ask you to post in English.

Please carry on as follows to resolve the issue:

1. stop the PROTECT Server service

systemctl stop eraserver

• check if the service has been stopped

systemctl status eraserver

2. install the MariaDB ODBC driver

yum install mariadb-connector-odbc

• check if the driver has been correctly installed

  yum list installed | grep mariadb
  mariadb-connector-c.x86_64                3.2.6-1.el9_0                       @appstream
  mariadb-connector-odbc.x86_64             3.1.12-3.el9                        @appstream
  

3. check the alias of the ODBC driver and search for the following section:

less /etc/odbcinst.ini

[MariaDB]
Description=ODBC for MariaDB
Driver=/usr/lib/libmaodbc.so
Driver64=/usr/lib64/libmaodbc.so
FileUsage=1

• verify if such file is present

ls -la /usr/lib64 | grep -I libmaod*

-rwxr-xr-x.  1 root root    326688 May 25  2022 libmaodbc.so

4. modify the "StartupConfiguration.ini" - replace the "MySQL ODBC 8.3 Unicode Driver" with "MariaDB" so the final configuration file will look like follows:

vi /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini

DatabaseType=MySqlOdbc
 DatabaseConnectionString=Driver=MariaDB;Server=127.0.0.1;Port=****;User=***;Password={****};CharSet=utf8;NO_LOCALE=1;NO_SSPS=1;Database=era_db;

5. start the PROTECT server service

systemctl start eraserver

[New problem with depth-scan on-demand]

4 minutes ago, AlSky said:

Why in the result of smart scan do the files hiberfil.sys, pagefile.sys and swapfile.sys continue to be showed at the end, but in the result of deep scan are shown in the middle of it?

Hard to say, probably smart optimization, the number of CPU cores and the type of scanned files has an effect on that.

5 minutes ago, AlSky said:

Why do ESET spend almost three more hours scanning files even if it does not show an increase in the number of scanned files? As you can see in screenshots 5 and 6. 40 minutes and the number of files scanned was the same. So three hours like that, apparently analyzing something without showing an increase in the number of files analyzed. It's never happened to me before something like this. It could stop a few minutes (three, four minutes), but never three hours in which it apparently is scanning something but shows no increase in scanned files.

Does it happen if you disable also archives and SFX archives?

[email address change]

Please contact the distributor or reseller from whom you purchased the license. We cannot update your registration information on their behalf.

[You cannot enable a disabled firewall rule in policies in ESET PROTECT 11.0.14.0]

Thank you for the heads-up, the issue has been reported to developers.

P_EESW-11483

[New problem with depth-scan on-demand]

1, Regarding scanning of the files in the root of the C drive while scanning the c:\users folder, I assume this is due to multi-thread scanning introduced in v17.1.

2, As an administrator, many more objects are scanned compared to a scan under a normal user.

3, "when the number of files it says are scanned just stops, although you can see that it is still scanning files. "
This is a normal behavior when scanning objects like the registry, WMI or larger archives.

[DNS stops working intermittently with ESET installed]

It is only the firewall or network protection that could be involved in network issues from the technical point of view or the network traffic scanner when it comes to http(s), pop3(s) or imap(s). If disabling any of them didn't make any difference and uninstalling ESET did, it could be that simply installation of the WFP driver could interfere with another application's WFP driver or cause some unknown bug in MS WFP to manifest. Please provide logs collected with ESET Log Collector and also raise a support ticket for further investigation.

[Issue with ESET Real Time Protect]

Please refer to https://forum.eset.com/topic/40783-real-time-file-system-protection-not-running-on-debian-12/ for a workaround until a new version of the ESET Endpoint is released.

 

[Issue with ESET Real Time Protect]

What Linux distro / kernel is on the machine?

[Cannot login after updating]

We are in the process of preparing a KB with instructions how to address login issues caused by PROTECT server restarts under heavy server load:

1. stop the PROTECT Server service

systemctl stop eraserver

• check if the service has been stopped

systemctl status eraserver

2. install the MariaDB ODBC driver

yum install mariadb-connector-odbc

• check if the driver has been correctly installed

  yum list installed | grep mariadb
  mariadb-connector-c.x86_64                3.2.6-1.el9_0                       @appstream
  mariadb-connector-odbc.x86_64             3.1.12-3.el9                        @appstream
  

3. check the alias of the ODBC driver and search for the following section:

less /etc/odbcinst.ini

[MariaDB]
Description=ODBC for MariaDB
Driver=/usr/lib/libmaodbc.so
Driver64=/usr/lib64/libmaodbc.so
FileUsage=1

• verify if such file is present

ls -la /usr/lib64 | grep -I libmaod*

-rwxr-xr-x.  1 root root    326688 May 25  2022 libmaodbc.so

4. modify the "StartupConfiguration.ini" - replace the "MySQL ODBC 8.3 Unicode Driver" with "MariaDB" so the final configuration file will look like follows:

vi /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini

DatabaseType=MySqlOdbc
 DatabaseConnectionString=Driver=MariaDB;Server=127.0.0.1;Port=****;User=***;Password={****};CharSet=utf8;NO_LOCALE=1;NO_SSPS=1;Database=era_db;

5. start the PROTECT server service

systemctl start eraserver

[About URL list management]

Add also "*.bbci.co.uk/*" to the list of allowed addresses.

[Computer scan completed pop > disable option?]

14 hours ago, lukem said:

I've enabled informational notifications as the 'file submitted' notification from liveguard is informational and without it and with pre-emptive protection enabled staff don't receive any notification to indicate why they may not be able to execute a file that has been sent to liveguard. I see this 'file submitted' notification as a requirement to run liveguard on any of my client endpoints which means I now have informational notifications enabled but now find I can't disable the scan complete notification, please add the ability to disable the scan complete notification and/or change the notification type of the liveguard 'file submitted' notification.

Would disabling these desktop notifications accomplish what you are after?

[ESET Endpoint Antivirus - HIPS exclusion]

Is it possible to get the software in question so that we could try to reproduce the issue ourselves?

[Ubuntu 24.04 : issue during the installation of efs]

According to https://help.eset.com/essl/10.2/en-US/?system_requirements.html, the latest supported version of Ubuntu is 22.04 LTS. Support for 24.04 LTS will be added in the upcoming version of ESET Server Security for Linux which is planned to be released in the following weeks.

[Uninstall program from console]

No, ESET PROTECT is intended for managing ESET products. However, if the 3rd party program supports uninstallatiion via the command-line, you could send a "Run command" task to uninstall it.

[MSIL/Microsoft.Bing.D - Potentially unwanted application found]

But it's not a false positive. MSIL/Microsoft.Bing is a correct detection / classification for an application that pushes users into changing the default search engine. Such applications meet the definition of potentially unwanted applications: https://support.eset.com/en/kb2629.

[I am not receiving the verification email !!]

8 minutes ago, Ahamd Ahmad said:

My email starts with a not j and I'm the owner of this license?

Unfortunately it's likely that you fell victim to scam.  The license owner's email address is jXXl@gmail.com.

What website did you purchase the license through?

[MDR: Unlocking the power of enterprise-grade security for businesses of all sizes]

Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security

View the full article

[Is a Secure Erase Possible With ESET Smart Security Premium]

Unfortunately ESET does not have such product for home users.

[I am not receiving the verification email !!]

A verification email was sent to the license owner's email address jXXl@gmail.com.

[ESET for Ubuntu 24.04]

Support for Ubuntu 24.04 will be added soon (ie. in upcoming weeks, probably 24Q3).

[MSIL/Microsoft.Bing.D - Potentially unwanted application found]

There is no problem with ESET, the problem is that Microsoft distributes the PUA with Edge updates. All you can do is either disabling detection of potentially unwanted applications (optional detection) or create a detection exclusion since it's probably impossible to make Microsoft not to distribute the PUA to you.

[Uninstall program from console]

You can select all computers or computers in specific groups and then select Manage -> Remove and follow all 3 steps:

 

[I am not receiving the verification email !!]

6 hours ago, Ahamd Ahmad said:

I have the very same issue.

Please provide your public license ID in the form of XXX-XXX-XXX.