Marcos

Do clients connect directly to the Internet as well? Is the use of a proxy server disabled in Endpoint's setup -> Tools -> Proxy server? Please carry on as follows: - enable advanced network protection logging under Tools -> Diagnostics - enable advanced update engine logging - run update - disable advanced logging - collect logs with ESET Log Collector and provide the generated archive.

There is no disk scan scheduled by default. It's not needed since files are scanned as being downloaded or saved to a disk plus a startup scan is run after each update and when the computer starts. Moreover, it's also possible to run idle-state scans when the computer is idling. I would not recommend running a scheduled full disk scan more often that once a week or even month.

Today we've released a fixed version of the Antivirus and antispyware module 1552.3 which addresses cleaning issues on Mac. Could you please check if PUAs are now cleaned properly?

Do you use one or more proxy servers? Does the error occur if ESET connects directly to the Internet?

I would say that rules with "*" to substitute a folder name should never work since wildcards are supported only in registry paths.

The following worked for me:

1, Do not use the base-dir argument. 2, Do not create a log in the root of the C driver. Running c:\Program Files\ESET\ESET Security\ecls.exe c:\ should suffice. Or you can simply run ecls.exe if the current folder is "ESET Security".

ESET Endpoint Security should install over ESET Endpoint Antivirus fine since this scenario is fully supported. If you have ESET managed by ESET Security Management Center, you can use it to uninstall an ESET security product from desired machines and after a reboot install it from scratch.

Could you please provide ELC logs from the client so that we know what application was creating the PUA files that were detected but could not be cleaned?

What do you mean by combination of paths? This worked for me:

How do you have the proxy server set in the ERA server setup?

Please download and run this tool on the machine that is failing to activate and provide me with the generated log file: ftp://ftp.nod.sk/tools/ActivationTroubleshooter.exe

Could you please create a Wireshark log from an activation attempt on such client?

Please try to remove your license from the License manager in ERA and add it again. Then create a new activation task. In case you get errors connecting to a licensing server, please make sure that clients as well as the ESMC server can communicate with ESET's EDF servers besides others necessary for proper functioning of other protection features. For a list of addresses and ports that must be allowed on a firewall, please refer to https://support.eset.com/kb332. Also we strongly recommend upgrading ERA to the latest version available (ESMC v7 or at least ERA 6.5 if you can't upgrade to ESMC yet, e.g. due to certification).

Edge has never been supported as a secure browser because of the sandbox WDAG container technology that it run is, separated from the actual kernel.

It's active threats which are reported with critical severity, hence we'd like to get ELC logs to get more information about the location of the detected object / file, action and possible error that was logged on such client. We'll check how cleaning of PUAs works on Mac in a managed environment. On Windows, they are cleaned automatically but there's a chance that on Mac strict cleaning mode may be still required to prevent users from selecting an action manually.

You can reset the phone to factory settings, install ESET Mobile Security and only then other applications. Also make sure that you install applications only from Google Play which minimizes the chance of installing malicious applications.

We have identified the code that is most likely responsible for that behavior and will move it elsewhere so that opening gui doesn't cause disks to wake up. The change will be included in future builds of v12.2 which is currently available as beta and will go final within a few weeks.

I wonder if you could share the rule you had to create to allow the communication.

Android runs applications in an isolated environment so one application (benign or malicious) cannot affect the others. Could you confirm that the phone was not rooted? Have you installed ESET Mobile Security on it?

C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log in that folder on the troublesome client should provide more details about the connection issue.

Computers with access to the Internet should not be activated with an offline license. Offline licenses are intended only for machines that are always offline, otherwise a notification will appear in the license manager. Computers that are without Internet connection but can connect to the machine running HTTP Proxy can still benefit from LiveGrid, streamed updates, etc. It restricts access only to ESET's servers so users won't be able to misuse it to connect elsewhere.

As you wrote, agent receives policies the next time it connects to the ESMC server. Check client details and make sure it connects to the ESMC server alright, has the updated policy in the list of applied policies under Configuration and the update server setting is included in the policy (ie. it's marked to be applied). If more policies are applied on the client, you may need to enforce the setting in case it's set also by another policy that is applied.

I'm not getting any alert on the said website either. Please post the appropriate record with the full url from the Detection log.

Just for clarification, is Spiceworks installed on 192.168.1.9? The workstation has the IP address 192.168.101.64 and the subnet mask is 255.255.255.0 so they are not in the same subnet. Only SYN packets like these with the IP address of the machine were blocked by the firewall which should not cause any issues. Moreover, TCP port 7680 is used by WUDO (Windows Update Delivery Optimization) to distribute updates in Windows LANs. As to your question, you can request client's configuration in client details and then convert it to a policy.