Marcos

How do you have the proxy server set in the ERA server setup?

Please download and run this tool on the machine that is failing to activate and provide me with the generated log file: ftp://ftp.nod.sk/tools/ActivationTroubleshooter.exe

Could you please create a Wireshark log from an activation attempt on such client?

Please try to remove your license from the License manager in ERA and add it again. Then create a new activation task. In case you get errors connecting to a licensing server, please make sure that clients as well as the ESMC server can communicate with ESET's EDF servers besides others necessary for proper functioning of other protection features. For a list of addresses and ports that must be allowed on a firewall, please refer to https://support.eset.com/kb332. Also we strongly recommend upgrading ERA to the latest version available (ESMC v7 or at least ERA 6.5 if you can't upgrade to ESMC yet, e.g. due to certification).

Edge has never been supported as a secure browser because of the sandbox WDAG container technology that it run is, separated from the actual kernel.

It's active threats which are reported with critical severity, hence we'd like to get ELC logs to get more information about the location of the detected object / file, action and possible error that was logged on such client. We'll check how cleaning of PUAs works on Mac in a managed environment. On Windows, they are cleaned automatically but there's a chance that on Mac strict cleaning mode may be still required to prevent users from selecting an action manually.

You can reset the phone to factory settings, install ESET Mobile Security and only then other applications. Also make sure that you install applications only from Google Play which minimizes the chance of installing malicious applications.

We have identified the code that is most likely responsible for that behavior and will move it elsewhere so that opening gui doesn't cause disks to wake up. The change will be included in future builds of v12.2 which is currently available as beta and will go final within a few weeks.

I wonder if you could share the rule you had to create to allow the communication.

Android runs applications in an isolated environment so one application (benign or malicious) cannot affect the others. Could you confirm that the phone was not rooted? Have you installed ESET Mobile Security on it?

C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log in that folder on the troublesome client should provide more details about the connection issue.

Computers with access to the Internet should not be activated with an offline license. Offline licenses are intended only for machines that are always offline, otherwise a notification will appear in the license manager. Computers that are without Internet connection but can connect to the machine running HTTP Proxy can still benefit from LiveGrid, streamed updates, etc. It restricts access only to ESET's servers so users won't be able to misuse it to connect elsewhere.

As you wrote, agent receives policies the next time it connects to the ESMC server. Check client details and make sure it connects to the ESMC server alright, has the updated policy in the list of applied policies under Configuration and the update server setting is included in the policy (ie. it's marked to be applied). If more policies are applied on the client, you may need to enforce the setting in case it's set also by another policy that is applied.

I'm not getting any alert on the said website either. Please post the appropriate record with the full url from the Detection log.

Just for clarification, is Spiceworks installed on 192.168.1.9? The workstation has the IP address 192.168.101.64 and the subnet mask is 255.255.255.0 so they are not in the same subnet. Only SYN packets like these with the IP address of the machine were blocked by the firewall which should not cause any issues. Moreover, TCP port 7680 is used by WUDO (Windows Update Delivery Optimization) to distribute updates in Windows LANs. As to your question, you can request client's configuration in client details and then convert it to a policy.

First of all, we kindly ask you to post in English since this is an English forum and most users and moderators will not otherwise understand and be able to help. As to your question, no password is set by default. If you are unable to access advanced setup, uninstall ESET in safe mode using the uninstall tool (https://support.eset.com/kb2289/) and then install the latest version of ESET from scratch.

Not really. During the first run it will update the peer and CA certificate as well as the ESMC server address.

You only need to create a new agent live installer and re-deploy it on clients, ideally via GPO if you have more computers that are in a domain. With Endpoint you don't have to do anything since it's only agent that communicates with the ESMC server.

The " action selection postponed until scan completion" doesn't occurs with PUAs if detected in a managed environment with the ESMC Agent installed. We've also made sure that the same applies to Mac products too. Please provide logs collected with ESET Log Collector for a start.

For a start it'd be good to get logs collected with ESET Log Collector from such machine. In managed environment, PUAs are cleaned automatically regardless of the cleaning type.

Please provide the url but obfuscate the scheme (http or https) by using hxxp or hxxps instead so that it's not converted to a clickable link.

Please run the following command and provide the output: wmic pagefile list /format:list

On a computer where the communication is blocked: - enable advanced network protection logging in the advanced setup -> tools -> diagnostics - reproduce the problem (ie. make sure the communication is blocked) - disable advanced logging - gather logs with ESET Log Collector and provide me with the generated archive.

Remove the obfuscated malicious javascript and update WordPress and all plug-ins. For more tips how to harden WordPress, refer to https://wordpress.org/support/article/hardening-wordpress/.

Hard to say. I see that it's injected mainly in js files. If you are not an ESET user, I'd strongly recommend downloading ESET Internet Security, installing it and activating a 30-day trial version. As you will browse your website, ESET will block and notify you when you encounter a malicious url. ESET uses a very strong detection of malicious scripts, hence it's often the only popular AV to detect and block malicious scripts which makes people think we must be reporting false positives but in fact they have their website compromised and infected.