Marcos

Does the issue persist after reinstalling agent on the client?

Prepend is not needed since the order of zones has no effect on the firewall functionality. The order matters only in case of rules.

Please gather logs with ESET Log Collector and upload the generated archive here. It appears that you have a Web Control rule created that blocks access to the urls in the screen shot.

1, What other option are you missing? I, for one, can't think of any other than the two. 2, I'd say that DC should be in the trusted zone although I haven't tried it so I can't tell what issues you could run into if it wasn't. At least sharing is enabled only in the trusted zone which may be needed for software installation through GPO to work.

Then please post the appropriate records from ESET's logs.

How do you know it's ESET which prevents the app from being installed? Does it work after uninstalling ESET? If so, does work after pausing protection or disabling HIPS or real-time protection and rebooting the machine?

The protocol filter is technically a part of firewall which is also partially included in ESET's antivirus product and serves for filtering application protocols. It is vital to have it enabled at least on machines with connection to the Internet. By disabling protocol filtering you would lose the following with regard to HTTP(S): - the ability to block malicious, phishing and scam websites as well as legitimate hacked websites with a malicious code injected - the ability to detect malware before it reaches the disk / memory - the ability to scan downloaded archives internally on the fly - the ability to scan downloaded files using more aggressive detections - the ability to block exploits exploiting vulnerabilities in supported application protocols. Because of its importance, as of v7 Endpoint notifies the user by changing the protection status if protocol filtering is disabled. Of course, this can be suppressed through Application statuses setup but we strongly recommend keeping the feature turned on.

If you install ESMC using the all-in-one installer and choose to install also HTTP Proxy, ESMC will use it automatically and it will be also pre-configured in policies. The proxy comes with a configuration file that restricts connections only to ESET's servers.

There are basically 2 options with ESMC if you don't want Endpoint to download updates directly from ESET's servers: 1, Use an http proxy to cache updates (you can use an existing proxy that you might already be using) 2, Use the mirror tool to create a local mirror and then share its content using an http server (not included but there are many free ones). We do not recommend using mirror since a lot of unnecessary data would be downloaded with each update.

What country / region do you have selected in the system setup? Also check https://help.eset.com/eshp/7.0/en-US/installation_cmd.html for information how to define language through commadline parameters PRODUCT_LANG and PRODUCT_LANG_CODE.

1, Are you really from the USA? 2, Did you download v12 installer from www.eset.com? Please carry on as follows: - under Help and support -> Details for customer care, enable advanced logging - reboot the machine - disable advanced logging - gather logs with ESET Log Collector and provide me with the generated archive.

Um.wbtrk.net indeed uses an expired, ie. untrusted certificate: https://www.ssllabs.com/ssltest/analyze.html?d=um.wbtrk.net&latest

Does disabling integration with Outlook make a difference?

Protocol filtering in Endpoint for Windows can be enabled here:

Do you mean the following respective IB pages? https://www.scotiaonline.scotiabank.com/online/authentication/authentication.bns?convid=1114919 https://www1.bmo.com/onlinebanking/cgi-bin/netbnx/NBmain?product=5 https://www1.royalbank.com/english/netaction/sgne.html

Please provide me with exported configuration so that I can check if you didn't disable a setting that could affect it.

Please gather logs with ESET Log Collector and upload the generated archive here. Only moderators have access to attachments.

Please provide your public license ID (Help and support -> Details for customer care) so that I can check what country the license is from. The feature in question is not available in all countries.

Do you have the latest v12 installed? Could you post a screen shot of your gui?

I've tried to log in at Bank of Montreal's site and I was prompted to open the website in a secure browser. Please provide a complete url of a bank's login page that doesn't open in a secure browser for you.

What operating system is on clients? In case of Windows 8 or 10, a hybrid shutdown or restart is not enough and machines must be actually restarted, not just waken up.

Please refer to the KB article Server migration in ESET Remote Administrator 6.x. Alternatively you can re-deploy ESMC agent on clients from the new ESMC server to make them report to it.

You can restart machines automatically if you choose so in a software install task. This is not recommended if people work on machines when sending the task to clients.

If agent has not been deployed yet, you must do so first. Otherwise the client won't be able to communicated with the ESMC server and receive tasks, including software install tasks. Once agent has been installed, you can update it later to a newer version by means of an ESMC component upgrade task.

Make sure that you have ESET v12.0.27 installed which addressed the issues with webcam notifications.