Marcos

Ekrn runs in the local system account so it doesn't require a user to be logged in in order to perform updates.

Since I have no information about Newegg licenses, I've asked colleagues from ESET, LLC in the US to comment on it. A license becomes active as of the date of purchase. We never supported start of license validity from the date of activation.

ESET's gui is subject to overhaul. While we do our best to tailor the gui for the majority of users, there are either technical limitations or some changes are too "expensive" in order to be done. Also it is obvious that we cannot make the gui likeable by 100% of all users and there will always be some who will like it and the others won't. Thank you for expressing your opinions. We are always open to constructive feedback and for suggestions how to make our products better in the eyes of you, our customers. Now that everything has been said, we will draw this topic to a close.

I would ignore it. Should you continue getting this message, we could check the network communication to confirm that the detection is correct but that's all we will be able to do.

Unfortunately, you attached encrypted files, not the ransomware note that I asked for.

As stated in the read-before-you-post instructions: Do not report blocked websites After cleaning a website from malware and taking measures to prevent further re-infection, request a re-check as per the instructions in the FAQ. This forum does not serve as a channel for requesting website re-check or disputing blocks or detections. Having said that, we'll draw this topic to a close.

You could start with checking SonicWalls logs for information about blocked connections with ESET's update servers (https://support.eset.com/kb332/#downloadupdates).

That means the download was most likely blocked by the firewall:

Probably you have this notification enabled to notify you when the number of used seats for a license reaches 90% of all seats that the license was issued for:

On a machine with ESET installed and activated with a paid version, run ESET Log Collector and gather logs. Next compress a handful of encrypted files (ideally Office documents) along with the ransomware notes, upload all stuff to a safe location (either ESET's ftp or OneDrive, DropBox, etc.) and email samples[at]eset.com with a download link included.

I'm sorry, I meant advanced setup -> Tools -> Diagnostics.

See https://forum.eset.com/topic/17535-eset-corrupted-file/ for more information.

Please enable network protection and update engine advanced logging in the advanced setup -> tools and run update. Next disable logging, gather logs with ESET Log Collector and provide the generated archive. Also if possible, try updating one machine directly, bypassing the firewall just in case.

What do you mean by that you can't get ESET to run? Are you able to install and activate ESET? Are you getting an error during install or afterwards? Could you provide some screen shots for clarification?

Do you or your ISP use a Fortinet firewall or IPS? They are known to corrupt bigger update files.

Does excluding these folders from scanning (EAV -> Preferences -> General -> Exclusions) make a difference? /private/etc/ /Library/Application Support/ESET/esets/modules/

Is that real spam coming from gmail and not just a test using a legitimate email address? Antispam basically checks the IP addresses of the SMTP servers in the email headers so it should work reliably even if a gmail address is spoofed.

It appears that it was an ad provider's address that was blocked. We didn't do anything in the mean time.

What version of the ESMC Server do you use? Is it the last one available on ESET's download servers?

It was already fixed on April 1st.

We extensively test upgrades of Windows 10 to newer version with ESET installed and never experienced issues that hadn't been fixed prior to the final release of the new version. If you are able to reproduce it, the best would be to create an image of the disk and provide it to ESET for replication and debugging.

Some posts were hid while being reviewed.

ESET doesn't access your webcam but asks you for an action if another application attempts to access it. You can disable webcam protection in the main gui.

Can you explain the purpose of blank javacripts loaded from js.genieessp.com and cfts1tifqr.com? To me it appears the site was hacked.

Please provide logs gathered with ESET Log Collector so that we can check if there are duplicate rules created.