Marcos

Yes, if the downloaded file was malicious I'd expect it to be detected.

ESET will not block powershell, java.exe, certutil.exe or whatever script interpreter or legitimate application just because it can be used to download both legit and malicious files. If the downloaded file was malicious, there's a very good chance it would be detected by ESET. Administrators can see any download activities by certutil in ESET Inspect and can take actions automatically based on LiveGrid information about downloaded files for instance.

1, Enable advanced network traffic scanner logging (advanced setup -> Tools -> Diagnostics) 2, Start capturing the network communication with Wireshark 3, Reproduce the issue 4, Stop logging and save the Wireshark log. 5, Collect logs with ESET Log Collector 6, Supply us with both ELC and Wireshark logs for perusal.

Since the update files between product versions may differ, it is not possible to merge mirrors created for different product versions. What I meant is that if you use the mirror tool create a mirror for Endpoint v11 for instance, you can use a batch files to copy the files to c:\www\c:\www\nod32-update\eset_upd for instance so that you don't need to reference the version in the update server path on clients.

Please carry on as follows: Download Procdump: https://learn.microsoft.com/en-us/sysinternals/downloads/procdump Run "procdump -i" as an administrator Run ESET Online Scanner and reproduce the crash Run "procdump -u" as an administrator Provide the generated dump

While the mirror tool creates mirrors for particular product versions in separate folders, you can use a batch file to copy files from a particular folder to c:\www\c:\www\nod32-update\eset_upd or whatever the home folder is or user another way to sync the content of the two folders.

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safeView the full article

It appears that Network protection is installed. Anyways, it should not be necessary to install ESET Server Security without Network protection and creating an exclusion should be enough. As it was already said, Network protection is a crucial protection feature that protects the computer from Internet and network attacks.

Please kindly proceed as follows: 1, Enable advanced network traffic scanner logging (advanced setup -> Tools -> Diagnostics) 2, Start capturing the network communication with Wireshark 3, Reproduce the issue 4, Stop logging and save the Wireshark log. 5, Collect logs with ESET Log Collector 6, Supply us with both ELC and Wireshark logs for perusal.

ESET products use default settings that are suitable for most users so you basically run the installer and click Next, Next, Next, Finish and that's it. After installation ESET will silently run in the background and protect your machine until a threat is detected. Even blocking and cleaning threats is automated and virtually no user interaction is needed unless a potentially unsafe or unwanted application is detected. To run an on-demand scan, open the main gui, select "Computer scan" -> Scan your computer or Custom scan in the main gui.

If the file was not detected by the on-demand scanner then it's not blacklisted. It appears that it had been blacklisted for a short while earlier this year.

While "suspicious applications" is just another type of detections like potentially unsafe or unwanted applications, "Suspicious object" is a detection of an object (typically file) blacklisted in the cloud by ESET LiveGrid. As for the detection of nmap, I've downloaded nmap-6.47-setup but it was not detected. You can submit it by right-clicking the file in quarantine and selecting "Submit for analysis".

Please refer to https://forum.eset.com/topic/40574-msilmicrosoftbingd/ where it was discussed. Note that the Bing detection is not malware but potentially unwanted application which are not detected by default.

Windows 10 20H2 required an update to add Azure code signing support: https://support.microsoft.com/en-au/topic/kb5022661-windows-support-for-the-trusted-signing-formerly-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4. The update is probably no longer available because "Windows 10, version 20H2 reached the end of servicing on May 10, 2022" (https://learn.microsoft.com/en-us/lifecycle/announcements/windows-10-20h2-end-of-servicing?source=recommendations).

Most likely it's because of the added multi-thread scan support.

Does disabling HTTP/3 network traffic scanning in the advanced setup make a difference?

Does the issue actually go away after temporarily uninstalling ESET and returns as soon as you install v17.1.9 with default settings? If so, does disabling HTTP/3 network traffic scanning in the advanced setup make a difference? Did you experience the issue with v17.0.16 or older?

Please refer to https://support.eset.com/en/kb6915 for instructions how to unlock the advanced setup. Alternatively you can uninstall ESET in safe mode using the ESET Uninstall tool and then install it from scratch.

Did you experience the issue with v17.0.16 or older? If not, does disabling HTTP/3 network traffic scanning make a difference?

You should not have Network protection in the advanced setup. However, if the server is exposed to the Internet and is not behind a firewall with strict configuration, the server may become attacked from the Internet.

Do you mean the password to access the advanced setup?

Please generate a kernel or better a complete memory crash dump. Compress it, upload it to a safe location and drop me a personal message with a download link. Also generate logs with ESET Log Collector and provide the generated archive.

The licenses with public license IDs 3A6-P9B-NTP and 3AT-TUH-VMN were issued in India and Sri Lanka respectively. Since distributors and resellers in those countries sell ESET for substantially lower price to accommodate their market, they use geo restrictions. Please purchase a license in your country and use it for activation.

Please raise a support ticket by going through the troubleshooting wizard https://go.eset.com/contact-support/ until you reach the option to contact technical support.

Since this is an English forum, we kindly ask you to post in English. Please provide logs collected with ESET Log Collector. If you have come across suspicious undetected samples, check them at https://www.virtustotal.com and provide links with scan results.