Marcos

Please name only those that do not have support in browser add-ons which is quite trivial to implement. We do the filtering deeper at the Windows Filtering Platform level which gives us the possibility to be browser-independent and filter the http(s) communication of any application, not just browsers' communication.

By the way, do you know of another AV that doesn't use a web browser add-on for filtering and already fully supports HTTP/2?

It's not clear what you mean by "ESET status interface". Is it the Protection status window in the gui?

I've checked the msg files that you've attached and all were detected as spam. If you re-scan the messages in Outlook, are they detected now?

Unfortunately files encrypted by GandCrab 5.0.4 cannot be decrypted. If you are an ESET user and had ESET installed at the time the files got encrypted, we can try to investigate what happened and what led to the infection.

Please contact the seller from whom you purchased your license. I was unable to find a valid license registered to your email address.

Since you have only few machines that are probably not managed through ESET Security Management Center or ESET Cloud Administrator, you can enter your license key in the Endpoint gui here:

You have one valid license. I have re-sent your license email to your registration email address.

There was a bug with the sound signal not being generated at the end of a scan which has been fixed recently. The fix will be included in the next v12 service release.

Please check the last connection in client details and make sure the client has recently connected to the ESMC server.

The middle screen shot shows results from a context scan that was run on Nov 19 with the version of the detection engine 18404 which was installed at that time. The last screen shot shows two different modules: the detection engine and the Rapid response module. They obviously must be of different versions.

Unfortunately, uninstalling Endpoint and installing it from scratch is the only viable solution besides editing a specific registry value in safe mode. The issue doesn't occur on systems that had HIPS enabled before upgrade.

Remote admin tools have an option to re-establish connection after booting to safe mode where you could run the ESET Uninstall tool to remove the era agent completely. Wouldn't that be an option? Then you could install the latest version of the ESMC agent from scratch.

After installing ESET, Windows should turn off Windows Defender as soon as ESET registers in the Security Center. Please make sure that Windows Defender is not running when ESET is installed.

Did you have HIPS enabled in Endpoint v5? Are all machines affected? Does uninstalling EPv7 on one machine and installing it from scratch resolve the issue?

Please make sure that you have proxy server set up correctly in the advanced setup -> tools -> proxy server. If that's not an issue, check https://support.eset.com/kb332/ for a list of addresses and ports that need to be allowed on a firewall in order for Endpoint to work properly.

It is not possible to log all files scanned by real-time protection. It would generate huge logs and have a big performance impact. The option you mentioned is for logging all files that are scanned in self-extracting archives.

What do you mean by "still updating up to this moment" ? Did the update end with an error? If so, disable logging, gather logs with ESET Log Collector and provide me with the generated archive.

Not sure what you meant by "continuous scanning option", there's no such setting in ESET's products. If modules were updated between the scans, the scan cache would have been reset so more files would be scanned the next time. You could perform scans with elcs.exe which doesn't take advantage of the local cache and therefore should always scan the same number of files.

Not really. That setting enables reporting of non-ESET applications that are installed for all users. There is currently no option to report applications installed only for specific user accounts.

I've noticed that the driver C:\Windows\system32\drivers\MBAMSwissArmy.sys is loaded. Try uninstalling MBAM for a while and see if it makes a difference.

It's weird but there was no communication with ESET's activation servers nor the appropriate DNS request logged. Please generate fresh logs, now also with "advanced licensing logging" selected. Also temporarily change logging verbosity to Diagnostic. Before activation, please close any network-aware application (browsers, email client, etc.) so that the log contains only related network communication. After enabling advanced logging, click Help and support -> Change license -> Enter a license key. If activation fails with an error, disable logging, change the logging verbosity back to Informative and gather fresh logs with ELC.

You can enable advanced update engine logging in the advanced setup -> tools -> diagnostics and then run update. Next disable logging, gather logs with ESET Log Collector and provide me with the generated archive. Unfortunately you don't have ESET Internet Security installed which can also log network communication during update due to the Network protection module that it has but the update log should be enough to start off.

Endpoint communicates with activation servers even if no or expired license is installed. Please provide a Wireshark pcap log from an activation attempt. Alternatively you can enable advanced network protection logging in the advanced Endpoint setup -> Tools -> Diagnostics, try to activate the product, then disable logging and gather logs with ESET Log Collector. When done, upload the log(s) here.

To make sure that correct update servers are used, uninstall ESET, download the installer from www.eset.com and install it. Afterwards activate it (either with a paid license key or activate a trial version) and it should update instantly. Also make sure that the machine is connected directly and not through a proxy server.