Marcos

Why are you asking about detection with the engine version 18638? The latest version is 18641 which is a bit newer. Given that VirusTotal shows the samples as detected on Dec 1, they must be detected also with 18638 which was released earlier today.

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

This has been discussed here: https://forum.eset.com/topic/17661-cyber-security-is-blocking-my-systems-accessibility-features-in-security-and-privacy/ There's a new RC version of ESET CyberSecurity that addresses the issue and will be released soon.

I'd create a new zone with those IP ranges and then create a new permissive rule for each of the MS Office applications and the zone selected in the Remote tab.

In the Known networks setup you can set a particular detected network as public or trusted (home/office). You can also add a new network there and set the appropriate type for it. In the Zones setup -> Trusted zone, you can add IP addresses, ranges or subnets in the Trusted zone. In either case the zone / network will be trusted if you set it so.

Please contact customer care and provide them with a complete dump of ekrn generated via the advanced setup -> tools -> diagnostics -> create (dump) when ekrn spikes up the cpu.

Does the issue go away when you uninstall ESET and returns as soon as you install it from scratch?

What is the ACT error that you're getting? Where did you purchase your ESET license?

You can set a particular network as public/office (home) in the Known networks setup where you can also add a new network based on various network parameters: It's also possible to add an arbitrary network to the TZ in the Zones setup:

If you have obtained a license key, it can be used to activate any version of the product you purchased that supports activation via a license key.

What ESET product do you have installed? Does the issue actually start to manifest after installing ESET and uninstalling ESET makes the application work normally? How does the issue manifest? Does pausing protection or disabling protection modules (e.g. protocol filtering or HIPS followed by a computer restart) make a difference?

Unfortunately, it is not clear how this is connected with ESET. I assume that by AppLock you mean a 3rd party application not developed by ESET, don't you?

Are you referring to the ESMC database? Even if so, we do not provide a description of the db structure since it's subject to change with newer versions.

ESET jednoducho z konkretneho zariadenia odinstalujete, cim sa zaroven aj deaktivuje a bude ho mozne nainstalovat na ine zariadenie.

We are not aware of any issues with our servers. Please post the screen shot again since it was not uploaded properly.

What zip, pdf and exe files do you mean? What do you mean by "controll technic site" ?

Please submit the following compressed in an archive to samples[at]eset.com with a link to this topic enclosed: - a couple of encrypted files (ideally Office documents) - the ransomware note - logs from ESET Log Collector (ESET must be installed and activated with a paid license beforehand) If the archive is too big to send by email, upload ELC logs to a safe location (OneDrive, DropBox, etc.) and enclose a download link instead.

Please carry on as follows: - enable advanced logging in the main gui -> Help and support -> Details for customer care - run update - stop advanced logging - gather logs with ESET Log Collector and provide me with the generated archive.

Please drop me a private message with your public license ID as well as your registration email. Did you contact customer care through a web form? If so, what website / url was it on? Did you get a confirmation email after the submission?

Not really. ESET has blocked it as PUA for one year already:

First of all, it is not clear how this is related to OP's post since you've posted in this topic. It looks to be a different issue and thus should have been posted in a new topic. Anyways, before making any conclusions submit any suspicious files or files detected by other AVs and not by ESET to samples[at]eset.com with a link to your post. We'll need to check if the files are really subject to detection. Some AVs detect already sanitized files that were previously infected by a virus.

In order to find out what rule blocked the communication, please carry on as follows: - in the main gui -> tools -> details for customer care, enable advanced logging - reproduce the issue - disable advanced logging - gather logs with ESET Log Collector and post the generated archive here (only ESET staff will have permissions to access it)

It depends on what kind of communication the application perform. E.g. if they download a file from the Internet, that should work in default automatic mode which allows all outgoing traffic and block all inbound traffic from outside trusted zone. You can try switching the firewall to learning mode for a while and then review the generated rules and adjust them to make them independent of the source application.

I assume that excluding d:\platereader\camera1\remotelpr.exe from protocol filtering will do the trick. If that works, stop the process remotelpr.exe, enable advanced network protection and protocol filtering logging in the advanced setup -> Tools -> Diagnostics and then run remotelpr.exe. Make sure it generates http traffic. After 20-30 seconds, disable advanced logging, gather fresh logs with ELC and supply them to me for perusal.

FQDN-based rules do not work if no DNS request has been made recently since the firewall needs to get and cache IP addresses from previous DNS responses. Currently this kind of rules is not supported by many popular makers of security solutions. So far I was able to find only 2 that mention FQDN rules. If another firewall suits you better, you can disable it in ESET and use it instead. As for rules for already uninstalled applications, it's possible that in the future you will also get information about the last time a rule was applied so that you will be able to delete unused rules easily. Since everything has been said, we'll draw this topic to a close.