Marcos

You can download ESET Internet Security from here: https://www.eset.com/int/home/internet-security/download/. Since NewEgg is a US retailer, I don't know if they provide a license key or activation key that you would need to enter in a web form in order to obtain a license key. If you don't have a license key yet, you can activate a trial version after installation and when you get the license key, simply click "Change license" in the main gui and enter the new key.

You can download the appropriate installer from www.eset.com. If you have received a license key, enter it in the activation window after installation.

It is necessary to disable extension syncing. Please read https://support.eset.com/kb6551 for instructions.

In general it is not recommended to install more security products at a time. You should install another AV only as a second opinion on-demand scanner, ie. without real-time protection and other protection modules and drivers.

Please refer to https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html for instructions how to upgrade VA.

Have you ruled out the possibility that the remote machine is infected? If so, please enable network protection advanced logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging and provide me with logs gathered by ESET Log Collector. As for the action, "detected" actually means detected and blocked. If I remember correctly, there were plans to change the wording to make it clear to users.

This is not doable from ESMC, the data would have to be edited directly in the database which is something that we don't recommend to do. However, ESET staff should be able to do it for you if you provide a dump of the db. Please contact your local customer care.

That is a protection mechanism of Outlook, it has nothing to do with ESET. Please read https://www.msoutlook.info/question/883 for more information.

I would suggest temporarily uninstalling EAV and installing ESET Internet Security while we are trying to find the root cause. It could be that the machine is not fully patched and the computer is getting re-infected from a remote machine . Since EAV doesn't include Network attack protection, it cannot detect and block possible exploitation of vulnerabilities in network protocols. Also please provide me with the logs generated by this tool. According to the logs there was TinukeBot trojan detected in memory as well as Win32/Kryptik.GOUM, Win64/CoinMiner.MN and PowerShell/Kryptik.H trojan detected on the disk and cleaned.

You can also consider applying extra anti-ransomware HIPS rules as per https://support.eset.com/kb6119/, however, these might produce false positives at times if you use scripts.

There is no ETA for Endpoint v7.1 yet to my best knowledge. If emails are already scanned on a mail server, you can disable integration with MS Outlook to prevent concurrent modification of emails and thus prevent sync issues.

The remote computers are most likely unpatched and infected.

We are in 2019 when dialers have virtually already died out.

It's as simple as it gets; just send an ERA component upgrade task to the VA. For detailed information, please read https://help.eset.com/esmc_deploy_va/70/en-US/va_upgrade_migrate.html.

Please make sure that you have the latest version of ECS 6.7.400 which has most likely addressed the issue as confirmed here: https://forum.eset.com/topic/17661-update-fixed-in-67400-cyber-security-is-blocking-my-systems-accessibility-features-in-security-and-privacy/.

Enabling detection of potentially unwanted applications is enough to detect even legitimate miners where user's consent is required.

Putting the permissive rule above the blocking one should do the trick.

Endpoint v7 can be managed by ERA v6. In order to troubleshoot the issue further, I'd recommend creating a ticket with your local customer care and providing them with: - logs gathered by ESET Log Collector - manually generated complete memory dump from the point when the system freezes.

In safe mode uninstall Endpoint with the Uninstall tool and then install Endpoint v7 from scratch with default settings. Let us know if that helps.

Device control was disabled in the provided configuration. If the keyboard and mouse stop responding, does it help if you unplug them from the USB ports and plug in the cable again? Would it be possible to connect a PS2 keyboard as well and when the issue occurs, trigger a crash and generate a complete memory dump as per https://support.eset.com/kb380/? I'd suggest continuing as follows: - with DC enabled, set logging severity to warning for both rules - reproduce the issue - after a reboot, gather logs with ELC Next create a ticket with your local customer care and provide them with: - the ELC logs - a complete memory dump generated manually as advised above.

If you use a firewall or proxy server, make sure that ekrn.exe has access to LiveGrid servers allowed as per https://support.eset.com/kb332.

The Procmon log was corrupt, most likely it was not closed properly. Try to generate it again and open it in Procmon then as well to make sure that it was saved alright before you supply it to me.

It depends. If you happen to run malware on a Windows VM with the network disconnected, it would have to be able to escape the VM and infect the host OS, ie. it would have to drop Mac OS components as well. I assume that such malware doesn't exist. Another thing is if the VM has connection to the LAN or Internet; in such case the malware could spread further if run on the VM. In that case it would make sense to have an AV on Windows as well. As for energy consumption, an AV should have negligible effect on it.

That shouldn't happen. Try uninstalling v12 and installing it from scratch.

Check the source IP address. That machine is most likely infected.