[Attempt to add root cert. Failed]

Please gather logs with ESET Log Collector and provide me with the generated archive. Couldn't it be that you have 2 versions of Firefox installed? E.g. 32-bit and 64-bit? Isn't it a portable version?

[Reddit Site Block]

I'm unable to reproduce it. Is there any specific url on reddit.com that needs to be opened in a browser?

[ESET EES 7.0 Activation]

Just to make sure, are you deploying the latest version of Endpoint 7.1.2045 ?

Do you have the proxy server enabled and configured properly here?

Note that if connection through the proxy fails for whatever reason, the product attempts to connect directly by default. You can try disabling direct connection in case of proxy connection failures and see if the product connects even then directly.

[EKRN.exe causing internet to slow to a crawl]

Quote

it seems to happen only when ekrn.exe starts sending data

Please clarify what you mean by "ekrn starts sending data". What kind of data? Do you have any logs or screen shots for clarification? Do you use a high speed (1/10 GB) connection?

Does switching to pre-release update channel in the advanced update setup make a difference? If possible, could you temporarily uninstall ESET Internet Security and install ESET NOD32 Antivirus and check if you can reproduce the issue with it?

[2016 Server Definition Randomly Stops Updating]

The log must be from time when ESET was supposed to update but it didn't. So leave logging on and only after reproducing the issue disable it and gather logs with ESET Log Collector.

[2016 Server Definition Randomly Stops Updating]

5 minutes ago, slarkins said:

i enabled the update engine logging...how do i gather logs with ESET Log Collector? i never used that tool

Check the FAQ section at the right-hand side of this forum or the link in my signature.

[2016 Server Definition Randomly Stops Updating]

Please generate an advanced update engine log and gather logs with ELC as advised above. The log should shed more light into it.

[2016 Server Definition Randomly Stops Updating]

ESMC doesn't create a mirror. Do you mean than HTTP Proxy is installed on the same machine as the ESMC server and workstations connect through it to ESET's update server ?

[2 Sites with 1 URL and certificates]

10 minutes ago, JustWantingBasicHelp said:

Followup question, if a device doesn't check in with ESMC after a certain time period will it un-license itself or anything? E.g. if it was away from site 1 for 3 months would it no longer update itself?

If so, can this time limit be defined in ESMC?

This could happen only if you have a server task "Delete not connecting computers" created:

[2016 Server Definition Randomly Stops Updating]

Does EFSW v7 update from ESET's servers or from a mirror? If from ESET's servers, does it connect through an http proxy or directly?

Please enable advanced update engine logging in the advanced setup -> Tools -> Diagnostics, reproduce the issue, disable logging and gather logs with ESET Log Collector. When done, upload the generated archive here.

[Cannot associate license]

Please raise a ticket for your local customer care.

[EFS 7.0.12014.0 - MSSQL ERROR]

8 hours ago, Camilo Diaz said:

We had the same issue and have downgraded EFS to 6.5.12010.0.  Will stay in that version until the problem is fixed.

It's not a problem. The only reason why it occurs with v7 is that older version didn't support protected service, a security feature of Windows. In v7 it's possible to disable protected service at the cost of worsening protection, however, it wouldn't be worse than with v6.5 which didn't support it yet. With v7 you get also ransomware shield which can proactively protect the server from encryption by ransomware.

[FW or HIPS window Alert closes too fast, how to make it stay up longer or find log of alert?]

13 minutes ago, jetspeedz said:

but those numbers are close if not better than v4.

Well, not really close to v4

[FW or HIPS window Alert closes too fast, how to make it stay up longer or find log of alert?]

This is what Task manager shows on my vm with v12.1.34:

[FW or HIPS window Alert closes too fast, how to make it stay up longer or find log of alert?]

V12 uses less memory than v7 because it uses dll modules as opposed to binary dat modules. Also it uses an egui proxy to save additional memory otherwise used by gui which is not needed most of the time.

As it's been said, v7 reached end of life in 2017 and technical support is no longer provided for it. What's more, it can stop updating modules at any time which would cause new threats to be not recognized. We strongly recommend upgrading to the latest version.

[ESET Dynamic Threat Defense really necessary?]

13 hours ago, cmit said:

Does the Scan function (In-Depth) scan more areas when EDTD is enabled vs no EDTD?

EDTD is not meant to scan more areas. With EDTD, suspicious files are actually run in a sandbox environment and the similarity with malware is also evaluated by Augur, the machine learning system. That said, EDTD improves detection capabilities in case when new malware would not be normally detected on clients.

Quote

I have also noticed that after the EDTD is enabled for our workstations, it takes 1.5 or double of time to complete the scheduled periodic in-depth scan.

EDTD has no effect on scan speed. EDTD analysis is performed independently of scans and the scanner doesn't wait for EDTD to respond either. I would say there's something else than EDTD that is causing the difference which would need to be investigated further.

[EKRN.EXE Memory leak (exessive mem use after 10 day uptime)]

@tommy456, do you use a supported email client (e.g. MS Outlook) and antispam? If so, could you try disabling the option below or address lists in the antispam setup and rebooting the machine and see if the issue goes away?

[FW or HIPS window Alert closes too fast, how to make it stay up longer or find log of alert?]

ESS v7 is very old, is not supported, lacks important security features, such as network attack protection and ransomware shield, suffers from old bugs, etc.

It reached EOL in Dec 2017. Besides no technical support, EOL also means that we can stop issuing module and engine updates at any time without prior notice.

[No idea how what these errors mean]

Please do the following:
- disable SSL filtering in the advanced setup
- reboot the machine
- without launching any application, re-enable SSL filtering and click OK
- launch your email client and receive email.

[Duplicate IP addresses on network cause by VPN and RDP]

Exactly, that's what I was suggesting - to set up an IDS exception:

[Duplicate IP addresses on network cause by VPN and RDP]

ESET only notifies you about machines with duplicate IP addresses in the network. You can enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, then disable logging, gather logs with ESET Log Collector and provide me with the generated archive. I will then post a screen shot from Wireshark that will show different MAC addresses reported in ARP responses from a particular IP address(es).

If you don't want to create any exclusions, you should ensure that only one MAC address is reported from a particular IP address.

[Duplicate IP addresses on network cause by VPN and RDP]

You can only decide whether to be notified about duplicate IP addresses or not. There's no other third option.

It is NOT a false positive. As I wrote, you should be able to see duplicate addresses even in Wireshark so it has absolutely nothing to do with ESET.

[How to remove log from threats]

It is not possible to delete records from logs manually. You can use filters to display / hide resolved threats or shorten the interval for database cleanup:

[High memory usage on a SQL server]

In order to send a private message to someone, just hover the mouse cursor over his or her nick and click Message:

[How to remove log from threats]

Records in logs are cleaned automatically after some time that is defined in the ESMC Server setup. For threats it's 6 months.