Marcos

In Please read this before you post we state in point 10: Report issues also to your local customer care Please keep in mind that this forum is chiefly meant to share knowledge between users and ESET moderators and staff. Reporting an issue here does not substitute contacting customer care. It is not a goal of forums to provide tools or other means to ensure that your report will be tracked and always responded within a reasonable time. Especially when dealing with more complex issues requiring several iterations or when logs need to be analyzed by developers, contacting customer care is inevitable. Not all advanced users or moderators know answers to all questions and this one seems to be such. Asking your local customer care seems to be the best course of action.

Please let us know what product you are trying to install or activate and what issue you are having. Are you getting an error after entering your license key in the activation window after installation?

Logs collected with ESET Log Collector. See my signature or FAQ at the right-hand side of this forum for a link to instructions.

We are very close to releasing v12.2 for general public. It is likely that users with the pre-release update channel will receive an update to the new version within this week if everything goes well.

Please provide logs collected with ESET Log Collector so that I can check your configuration.

Is eicar detected upon download from https://secure.eicar.org/eicar_com.zip ?

If something doesn't work as should and if the issue is gone after uninstalling ESET doesn't mean that it was ESET's fault. For instance, sometimes it happens that Windows fails to register ESET in the Security Center and Defender continues to run which slows down the system significantly. However, it's not ESET to blame in that case since registration in SC is done by Windows itself and we cannot affect it. I'd recommend collecting ELC logs when the issue is manifesting. Also a Procmon boot log might shed more light. I'd recommend troubleshooting the issue since there's most likely something wrong with the OS even if it seems to be running now fine.

Windows XP don't support SHA2 certificates so v10 will not be able to install newer updates when we will start signing them only with a SHA2 certificate. V9 won't be affected since it doesn't use dll modules but nup files.

Yes. The latest versions of Endpoint v7 and v7.1 don't support Windows XP either. You can downgrade to v9 which supports Windows XP and it will continue to receive updates for the next few years.

The latest version with official support for Windows XP is v9. Please uninstall v10 and install v9 which is downloadable from https://support.eset.com/kb2885/. We strongly recommend to consider upgrading to a modern, secure and fully supported operating system, especially if the machine is connected to the Internet or network.

You can either notify the forum provider about that and ask them to remove the ads or use a different ad provider or take the risk and add the blocked domain or url to the list of allowed addresses in the Web access protection setup (not recommended).

1, This forum does not serve as a channel for disputing detections as stated also in Please read this before you post. 2, PUA detections are unlikely to be false positives since they are created after in-depth analysis of particular applications. PUA detection is optional and is enabled only with user's consent. If a user thinks that using a particular PUA outweigh possible risks (e.g. ads that the applications may display), the user can exclude it from detection by the detection name. Having said that, we'll draw this topic to a close. By the way, just by a quick look at the application it's annoying to constantly get this pop up to buy some extra gold pack of something that was allegedly offered for free and there's no "No thanks" button next to Buy to refuse the offer. Annoyances like this may contribute to PUA classification besides others. It's a good practice to make the application fulfill AppEsteems criteria to minimize the chances of PUA detection, however, they are not the only ones that must be fulfilled by app makers.

Hello, ESET employs multi-layered protection about which you can read more at https://www.eset.com/int/about/technology/ where you can also watch demonstration videos. ESET is actually very good at detecting both old and new borne malware. We protect you at various layers: 1, The network layer This involves highly effective url blocking, malicious script detection, network attack protection to protect unpatched systems from exploiting vulnerabilities in network protocols, e.g. EternalBlue SMB vuln., BlueKeep RDP vulnerability, etc. While downloading files, we employ advanced heuristics and more aggressive detection as well. 2, File system layer. When scanning files by real-time protection, files are emulated (run in a virtual environment) by advanced heuristics. This enables us to detect new borne malware by DNA detections. 3, On execution, in memory Advanced memory scanner scans already unpacked files in memory upon execution. This enables to detect and block packed or obfuscated malware that authors use to evade detection by most of AV scanners. Then there is Exploit blocker which is able to detect new exploits targeting popular applications generically by monitoring them for suspicious activities. To protect you from ransomware, besides DNA detections we also employ Ransomware shield which monitors processes for ransomware-like activities. Last but not least, we've started leveraging Augur, a machine learning system to cover malware that might slip through protection modules. Always up to date with new malware Utilizing LiveGrid and streamed updates, we ensure that you are protected against newly emerging threats virtually instantly. Improving protection with ESET Dynamic Threat Defense (EDTD) Recently we've introduced an additional service EDTD which provides instant analysis of suspicious files in ESET's cloud sandbox while also employing machine learning and other techniques to asses files. E.g. with EDTD enabled in Mail Security products, emails with suspicious attachments (e.g. documents with a macro) are not delivered immediately to mailboxes but with a small delay needed for analysis in EDTD. Emails that possibly contain new malware will be blocked which eliminates the gap between new malware starts to spread and the time when a detection is added via update or files are blocked via LiveGrid. For more information, please read https://www.eset.com/int/business/dynamic-threat-defense/. Ransomware Basically all cases with ransomware infections were those when the user didn't have the system secured and an attacker was able to log in with administrator rights, paused protection and ran the ransomware manually. A case that I've just come across when a user was recently hit by ransomware. While it may look like that it passed through ESET and encrypted files, analysis of logs showed that the detection was added in February 2019 and attackers logged in via RDP, paused ESET (because of no password protection or having detection of pot. unsafe applications enabled) and ran this ransomware which is still undetected by many AVs, at least not with the on-demand scanner: ESET MSIL/Kryptik.QXL trojan MSIL/Filecoder.TH trojan S clean A clean M clean D clean A clean B clean K Trojan-Ransom.MSIL.Agent.abp M clean With RDP secured and keeping machines patched and with settings protected with a password to prevent unauthorized persons from pausing protection or uninstalling ESET, the chances of getting infected with ransowmare or other malware are basically almost zero. ESET Enterprise Inspector (EEI), ESET Threat Monitoring and ESET Threat Hunting services We've also developed an EDR solution for monitoring your network for suspicious operations and responding to incidents, e.g. by blocking desired suspicious files by hashes. EEI comes with about 230 pre-defined rules by ESET that are based on the behavior of malware or non-typical behavior that should not normally occur. After setting up desired exclusions, it's a very strong tool in your hand that you can use to find weak points in your company that could be exploited and act as an infection vector in the future. For companies that do not have CSO or staff that would keep monitoring the network, we're going to offer the ESET Threat Monitoring service when trained staff will keep an eye on what's going on in your network and provide you with reports on a regular basis. For more information, please read: https://www.eset.com/int/business/enterprise-inspector/ https://www.eset.com/int/business/services/threat-monitoring/ https://www.eset.com/int/business/services/threat-hunting/ Also ESET has been a pioneer in the AV industry for more than 30 years, with the first version of the AV introduced in 1988. Since 1992 when the company was found, a lot of intensive research in the field of IT security has been done by ESET and we have received many awards for the research. Neural networks were first implemented in ESET's products in 1998, ie. 14 years before the other company was found. The long term experience of ESET in the IT security field guarantees you maximum available protection with an extremely light system footprint.

Please make sure that Windows Defender is actually turned off and that you are offered an option to turn it on (don't do it):

I'd suggest contacting your local distributor. Normally a license is not renewed automatically, however, some network operators provide ESET Mobile Security in the form of subscription when the price is included in your monthly bill and such licenses are renewed without your interaction, ie. automatically. I see that you have a Multi-device security pack license which also includes EMS and then you have also a Google Play EMS license without expiration.

After choosing to create a rule are you prompted by UAC to elevate privileges? Do you work under an administrator or standard user account?

You should use it in case that something has changed with your system after an infection, e.g. if you're unable to run the task manager for instance.

If you want to filter the communication on trusted websites, e.g. facebook.com, disable the setting "Exclude communication with trusted domains" in the SSL/TLS filtering setup.

Unfortunately, files encrypted by Filecoder.STOP cannot be currently decrypted. Did you have ESET installed at the time of the infection? Do you have RDP secured, ie. with lockout policies set up and users with RDP access having a strong password set? Ideally we recommend using a VPN and RDP having allowed only within the internal network.

It's only possible to enable presentation mode automatically while an application is running in full screen mode. What issues are you having while playing games in a window without gamer mode activated?

Was it a clean install? If not, carry on as follows: - uninstall ESET NOD32 Antivirus - start Windows in safe mode and run the Uninstall tool to remove any possible leftovers, if found - restart Windows in normal mode - install the latest version of EAV 12.1.34 from scratch

If security in your organization matters, you could consider purchasing ESET Enterprise Inspector, an EDR (Endpoint Detection and Response) solution for enterprise users developed by ESET that we've been running as an early access program so far and should start selling it in the near future. EEI monitors operations at various layers (file system, network, registry, etc.) on computers in network that run an ESET security product. It provides you an insight into what's going on the machines in your network and gives options to respond (e.g. by terminating suspicious processes and blocking suspicious files by a hash). It comes with about 230 rules pre-defined by ESET that are triggered if a suspicious operation was performed and you can also create your own rules. We will also offer additional professional services like ESET Threat Monitoring and ESET Threat Hunting services for organizations that don't have professional staff for monitoring or performing forensic analysis in the event of a security incident. Feel free to ask if you were interested in this or would like to take advantage of ESET Dynamic Threat Defense that provides an instant analysis of suspicious files found in an organization in ESET's cloud sandbox, leveraging machine learning and other mechanisms for evaluating files. This way you can block malicious files (e.g. documents with malicious macros spread by email) in your entire organization long before the detection is added via a regular module update.

1, You are most vulnerable to Exploits Download of working PoCs for known CVEs that exploit buffer overflows and other vulnerabilities in various applications which could lead to code execution. For some CVE's we have file detections that can be recognized and blocked a) by scanners, e.g.: C:\test\poc.exe - a variant of Win32/Exploit.CVE-2019-1064.A trojan b) by firewall : Threat Type: Firewall : Security vulnerability exploitation Cause: CVE-2017-5638.Struts2 Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe c:) by Exploit Blocker (detects actual exploits in processes that it monitors, ie. no PoCs, simulators, etc. are unlikely to be detected) Unfortunately, without knowing details about the test it's impossible to comment on it. If they used just PoCs and not actual exploits, that could be the reason for not detecting them. 2, You are least vulnerable to Files Crafted payloads that mimic the behavior of worms, trojans, spywares downloaded on HTTPS. We detect actual malware, not simulators, PoCs etc. If something just mimics malware, it's not malware and not subject to detection. We could specifically detect simulators but why we should do it since they don't pose a risk. Detection of simulators tells nothing about how a particular solution protects you from actual malware. 3, Inbound 38 out of 48 simulated malicious files were downloaded from external sources. The same as point 2. Since simulators are not subject to detection (only actual malware is), this test is completely irrelevant and tells nothing about how effectively the AV blocks malicious urls. They also recommend blocking download of: .com, .bat, .cmd, .exe, .js, .vbs files. A nice idea but that would not work in real world since people need to download many of these files for legitimate purposes. Even blocking files with these extensions on a mail server would produce a lot false positives. Of course, some companies may have a policy that prohibits sending and receiving such files but they can't be blocked globally for everyone.

The website was compromised. An administrator should remove references to extnetcool.com and take measures to prevent further re-infection.

Please make sure that you are using the latest version of ESET's security product. In new versions you set up specifically what types of files can be submitted and you're not asked for confirmation before submission.