[HIPS Event in log files]

If you keep getting the error message, please provide me with the stuff requested above.

[Problems backing up iphone]

4 hours ago, brhanson said:

I am connected vu USB cable. Temporarily interrupting the firewall does not appear to make a difference

So the above screen shot from the firewall troubleshooting wizard is irrelevant then.
Does pausing protection or temporarily uninstalling ESET resolve the issue then?

[Website blocked]

Please read How do I report a false positive or whitelist my software with ESET? or Please read this before you post.

[Problems backing up iphone]

Do you have your iPhone connected to your PC via wi-fi or via a USB cable? Does temporarily pausing the ESET firewall make a difference?

[runtnc issue]

You can try uninstalling Chrome and installing it from scratch so that your user profile is created from scratch as well. After installation, make sure that synchronization is disabled. Is the url still blocked then?

[Problems with NVDA Screen Reader]

What problems with screen readers are you having? What screen reader do you use? Does temporarily disabling Self-defense in the HIPS setup and rebooting the machine make a difference?

[internat.exe is Keylogger Virus]

It's a hosts file and by the looks of the screen shot and the detection name I'd say it's a crack for the AV in the screen shot that added a record to the hosts file to prevent the program from contacting activation servers or whatever

[As soon as possible option of Scheduler]

As soon as possible means the next time ekrn starts which is in fact as soon as possible for us.

[How to change template for email notifications]

In case that somebody else would seek an answer to this, the notifications can be customized and variables added in the Distribution section of the notification editor:

[Activation from ESMC Fails on proxy workstations]

1, Activation was never performed automatically. Most likely you had a dynamic group (DG) with not activated clients in ERA and a software activation task assigned to the DG. Do you have the same in ESMC?

2, Do you have the proxy server set correctly in Endpoint advanced setup under Tools -> Proxy server?

3, Under Tools -> Proxy server there is a setting "Use direct connection if proxy is not available" which is enabled by default. However, we do not recommend disabling it since a direct connection will only be attempted if the proxy is unavailable for whatever reason.

[Task or settings to remove client local rules]

If you apply a policy with rules with the default action "replace", all rules on clients will be replaced with the rules set by the policy, however, since you also apply rules by policies with append/prepend action, I understand that this is not a solution for you.

In previous versions of ERA, if a policy was no longer applied, settings set by the policy remained set on the client which allowed for resetting settings to defaults. However, as of ESMC if a policy is no longer applied, previous local settings are used.

I'm afraid there's no way how to remove default rules from clients completely without uninstalling the security product and installing it from scratch.

[Eset Password Manager crashing IBM Lotus Note 10.0.1]

Please create a support ticket for customer care and provide logs gathered with ESET Log Collector and possibly an application dump that might be generated when the application crashes.

[HIPS Event in log files]

Do you have custom HIPS rules created? Do you have some processes excluded?

Please provide "C:\ProgramData\ESET\ESET Security\HipsRules.bin" as well as logs collected with ESET Log Collector.

[Mobile App for Android, WiFi Network exception]

ESET does not automatically disconnect from unsecured wi-fi. Security audit only notifies you and provides a link to open wi-fi settings where you can disconnect from the wi-fi and connect to another one, if needed.

[As soon as possible option of Scheduler]

The purpose of this forum is to share the knowledge among standard users, advanced users and ESET moderators. It is not meant to serve as a substitute of contacting customer care, especially if an issue is not obvious, easily reproducible, if diagnostic logs are required  and multiple iterations with support or developers are needed. Also this forum cannot track the progress of tricky issues and thus ensure timely response.

[NOD32 Antivirus and HDDs help]

Please temporarily lower the sleep time for disks to 5 minutes or even more so that logs are not too big. Then start logging with Procmon as per the FAQ on the right-hand side of this forum, reproduce the issue and then save the log. When done, compress it, upload it to a safe location and drop me a message with a download link.

[internat.exe is Keylogger Virus]

It can be anything from a benign system file, renamed calculator.exe to malware or whatever. The file name doesn't tell anything about the file. Please provide its hash or upload it to VirusTotal and provide a link to scan results.

[win32 agent tbv]

Most likely you have attempted to boot from an infected USB flash (assuming you don't use the old good floppy disks any more) if you had ESET installed and enabled.

In order to fix mbr, refer to existing 3rd party articles, e.g. https://pureinfotech.com/repair-master-boot-record-mbr-windows-10/.

[Import Offline License in NOD32 for Linux]

Since the current (legacy) version of Endpoint for Linux does not support the activation system, it does not connect to edf.eset.com whatsover.

If you use a proxy server for connecting to the Internet, configure it in the Endpoint's advanced setup (e.g. via a policy) and send a software activation task from ESMC. This will ensure that the legacy connector in agent will add your username and password in the Endpoint's setup and Endpoint will then be able to communicate through the proxy and authenticate against ESET's update servers with the username and password.

If you plan to update from a mirror, simply set the path to the mirror in a policy. If updating via http, no username/password for authentication will be needed. Otherwise if you update from a remote share, you will need to specify also a username and password for authentication against the machine that creates the mirror.

[NOD32 Antivirus and HDDs help]

Do you have ESET installed on the SSD? Do the disks start spinning up right after double clicking the ESET icon in the tray?

[NOD32 can't resolve IP address]

Quote

According to the below, only IP addresses are allowed for a proxy server:

I don't think this is true. The help says "address", not "IP address" and I didn't find it mentioned anywhere that entering a hostname instead of an IP address shouldn't work.

[ESET keeps stealing focus from Firefox]

1 hour ago, kittenofd00m said:

I am having the same issue.

I can only repeat what I have already stated: The issue has been already fixed in v12.2 beta.

[As soon as possible option of Scheduler]

Please create a support ticket since this is something that cannot be solved here in the forum.

[NOD32 can't resolve IP address]

Are you positive that nslookup can resolve the hostname but if entered correctly in the EAV advanced setup -> tools -> proxy server neither updates nor LiveGrid checks work ?

[EFS HIPS Question]

It's nothing unusual, I have several similar records as well:

Time;Application;Operation;Target;Action;Rule;Additional information
5/28/2019 4:38:13 PM;C:\Windows\System32\svchost.exe;Get access to another application;C:\Windows\System32\winlogon.exe;blocked;Self-Defense: Do not allow modification of system processes;Modify state of another application

So unless you are experiencing issues caused by SD, consider it normal.