Marcos

What is the ACT error that you're getting? Where did you purchase your ESET license?

You can set a particular network as public/office (home) in the Known networks setup where you can also add a new network based on various network parameters: It's also possible to add an arbitrary network to the TZ in the Zones setup:

If you have obtained a license key, it can be used to activate any version of the product you purchased that supports activation via a license key.

What ESET product do you have installed? Does the issue actually start to manifest after installing ESET and uninstalling ESET makes the application work normally? How does the issue manifest? Does pausing protection or disabling protection modules (e.g. protocol filtering or HIPS followed by a computer restart) make a difference?

Unfortunately, it is not clear how this is connected with ESET. I assume that by AppLock you mean a 3rd party application not developed by ESET, don't you?

Are you referring to the ESMC database? Even if so, we do not provide a description of the db structure since it's subject to change with newer versions.

ESET jednoducho z konkretneho zariadenia odinstalujete, cim sa zaroven aj deaktivuje a bude ho mozne nainstalovat na ine zariadenie.

We are not aware of any issues with our servers. Please post the screen shot again since it was not uploaded properly.

What zip, pdf and exe files do you mean? What do you mean by "controll technic site" ?

Please submit the following compressed in an archive to samples[at]eset.com with a link to this topic enclosed: - a couple of encrypted files (ideally Office documents) - the ransomware note - logs from ESET Log Collector (ESET must be installed and activated with a paid license beforehand) If the archive is too big to send by email, upload ELC logs to a safe location (OneDrive, DropBox, etc.) and enclose a download link instead.

Please carry on as follows: - enable advanced logging in the main gui -> Help and support -> Details for customer care - run update - stop advanced logging - gather logs with ESET Log Collector and provide me with the generated archive.

Please drop me a private message with your public license ID as well as your registration email. Did you contact customer care through a web form? If so, what website / url was it on? Did you get a confirmation email after the submission?

Not really. ESET has blocked it as PUA for one year already:

First of all, it is not clear how this is related to OP's post since you've posted in this topic. It looks to be a different issue and thus should have been posted in a new topic. Anyways, before making any conclusions submit any suspicious files or files detected by other AVs and not by ESET to samples[at]eset.com with a link to your post. We'll need to check if the files are really subject to detection. Some AVs detect already sanitized files that were previously infected by a virus.

In order to find out what rule blocked the communication, please carry on as follows: - in the main gui -> tools -> details for customer care, enable advanced logging - reproduce the issue - disable advanced logging - gather logs with ESET Log Collector and post the generated archive here (only ESET staff will have permissions to access it)

It depends on what kind of communication the application perform. E.g. if they download a file from the Internet, that should work in default automatic mode which allows all outgoing traffic and block all inbound traffic from outside trusted zone. You can try switching the firewall to learning mode for a while and then review the generated rules and adjust them to make them independent of the source application.

I assume that excluding d:\platereader\camera1\remotelpr.exe from protocol filtering will do the trick. If that works, stop the process remotelpr.exe, enable advanced network protection and protocol filtering logging in the advanced setup -> Tools -> Diagnostics and then run remotelpr.exe. Make sure it generates http traffic. After 20-30 seconds, disable advanced logging, gather fresh logs with ELC and supply them to me for perusal.

FQDN-based rules do not work if no DNS request has been made recently since the firewall needs to get and cache IP addresses from previous DNS responses. Currently this kind of rules is not supported by many popular makers of security solutions. So far I was able to find only 2 that mention FQDN rules. If another firewall suits you better, you can disable it in ESET and use it instead. As for rules for already uninstalled applications, it's possible that in the future you will also get information about the last time a rule was applied so that you will be able to delete unused rules easily. Since everything has been said, we'll draw this topic to a close.

Please provide your public license ID.

Loads in 3-4 sec. here.

I would rather disagree that the majority of firewalls support creation of firewall rules based on the parent application. You can post a list of the firewalls which support this but I assume that a list of firewalls with something that you consider a "major flaw" would be substantially larger.

It is detected as a potentially unwanted application (optional detection that is not enabled by default) due to toolbars it installs if I remember correctly. If you want to use it anyways, choose to continue to the website, if detected by web protection. If detected by real-time protection, expand advanced options and choose to exclude from detection. As of then, the application will not be detected any more.

If you add a permissive url-based rule for "play.google.com", put it on top of the rules and under Web and email -> SSL/TLS disable "Exclude communication with trusted domains", does it work then?

Just out of curiosity, I've installed KIS 19 on Windows 10, fully updated it and then disconnected the VM from network for security reasons. Then I copied recent (3-4 hours old) Filecoder.Crysis and Emotet trojans detected by ESET and ran them. None of them was detected / blocked and both were executed. I didn't cherry pick them, just took random infamous recent malware. Of course, it's just 2 samples but very common these days. Neither was it a real-world test since the machine was disconnected from network, however, the AV was fully updated. For instance, ESET is not dependent on the Internet connection as I've recently shown that it was able to detect new prevalent malware with 3 weeks old modules and without Internet connection.

Nobody is blaming testers, we are just saying that there is nothing like 100% malware detection / protection.