Marcos

You can temporarily set logging verbosity to diagnostic on the client and in case the issue returns, check the ESET event log for more details about the failure.

The detection is related to dubious ad providers. I'd suggest avoiding websites where the detection is triggered.

The ESMC server has nothing to do with Endpoint's communication with LiveGrid servers and restarting the ESMC server cannot affect it in any way. I rather suspect that the server got into a state when it stopped accepting replication attempts from agents for some reason. Should you run into the issue again, check if a troublesome machine has recently connected to the ESMC server.

Unfortunately I can't figure out what you wanted to say. I'd recommend contacting your local customer care to communicate in your mother tongue.

If you have advanced setup completely blank as shown above, remove ESET in safe mode using the uninstall tool (https://support.eset.com/kb2289/) and then install v12 from scratch.

Probably a firewall or proxy between your machine and ISP or between the ISP and ESET's servers interrupt the network communication. If you have a possibility to connect to the Internet through a different ISP, try it and see if it makes a difference.

This detection is known to cause false positives since many applications send data in ICMP packets. If I remember correctly, Skype is one of them. The detection was planned to be removed from IDS completely in the future. If you would like us to investigate the detection, enable advanced network protection logging, capture such communication, disable logging and provide me with ELC logs.

Please post a screen shot of the pop-up that you're getting with Details unfold.

Does the plug-in get disabled repeatedly even after you re-enable it?

You are using ESET NOD32 Antivirus v8 which reached its end of life in Oct 2018. If you are using Windows 7 or newer, uninstall it and install the latest v12. After a system restart run a full disk scan, then reboot the machine again if necessary for the cleaning to complete.

Try temporarily changing logging verbosity to diagnostics and check the ESET Event log for more details about the error.

Since this is an English forum, we kindly ask you to post in English so that moderators and other users can understand and be able to help you. Please start off by upgrading Endpoint to the latest v7. Should the problem persist, configure the OS to generate complete memory dumps as per https://support.eset.com/kb380/. The next time the system crashes, a complete memory dump will be generated. Please contact your local customer care and supply them with the dump (compressed in an archive) for further analysis by ESET engineers.

I've just activated ESSP alright. Are you still unable to activate ESET?

There are two options how to update ESET Endpoint in networks besides updating directly from ESET's update servers: 1, Using an http proxy (recommended, will save a lot of traffic) 2, From a local mirror created by the mirror tool or a v7 product To update Endpoint through an http proxy that will cache update files, simply set the proxy under Tools -> Proxy server in the advanced Endpoint setup (can be set through an ESMC policy too and it's set by default if you install EMSC using the all-in-one installer and choose to install HTTP Proxy). To update from a mirror, please read the KB https://help.eset.com/eea/7/en-US/idh_config_update_mirror_advance.html.

It's possible to disable it directly in the EFSW advanced setup. Approximately in a month it will be possible to disable it via a policy from ESMC as well.

First of all, you have posted in the ESET NOD32 Antivirus (consumer) forum. I assume you use ESET File Security on servers, could you confirm? If you want to keep protocol filtering disabled, you can disable the appropriate status in the Application statuses setup.

Your assumption is wrong. It's not sethc.exe which starts cmd.exe. In the example below I launched notepad.exe from the start menu, ie. from explorer.exe process: As for the first reported issue, please use Problem Steps Recorder (psr.exe) to generate a package with a mht and other files that will show what you exactly did step by step.

I'd disagree with this statement. The interface hasn't changed much since v9 which was released several years ago. ESS v4 that you were referring to was released in 2008.

It is necessary to read the instructions provided with the promo code. Most likely it has to be entered on a special web page of the partner who is behind the promo campaign.

Since this is an English forum, we kindly ask you to post in English, otherwise moderators and most of users will not understand and won't be able to help you. Regarding the ARP cache poisoning detection, this occurs if an ARP response is received from a different MAC address than it was previously received (e.g. if more network adapters sharing the same IP address are installed, e.g. for load balancing purposes). As for Device Control, this feature serves for controlling access to peripherals, such as USB devices, disk storage devices, USB printers, etc. It has nothing to do with devices in your network or with firewall IDS detections. If you suspect that an unauthorized person connects through your wi-fi, make sure that encryption (ideally WPA2-PSK) is enabled. Do not use a weak key which could be easily guessed by other persons.

Simply because in safe mode Windows loads only the most crucial drivers and services.

Does the issue persist after reinstalling agent on the client?

Prepend is not needed since the order of zones has no effect on the firewall functionality. The order matters only in case of rules.

Please gather logs with ESET Log Collector and upload the generated archive here. It appears that you have a Web Control rule created that blocks access to the urls in the screen shot.

1, What other option are you missing? I, for one, can't think of any other than the two. 2, I'd say that DC should be in the trusted zone although I haven't tried it so I can't tell what issues you could run into if it wasn't. At least sharing is enabled only in the trusted zone which may be needed for software installation through GPO to work.