Marcos

Are you positive that the phone is marked as missing in the Anti-Theft portal?

Please make sure that you have Endpoint installed on all machines. Let us know if Endpoint v6 or v7 fails to update through the proxy.

You can try temporarily removing ESET and see if it makes a difference. However, I don't know of anything particular that ESET would do when the battery reaches 15% that would drain the battery more than before, especially if the device is not marked as missing.

Could you please check directly on the client if the following setting is actually enabled? It's enabled by default. Since the ESMC Agent is signed, the firewall should automatically allow communication for this application. Also check if the ESMC Agent has a valid digital signature.

All ESET products detect documents with malicious macros. If you want to specifically filter documents containing macros on a mail sever, you can create a transport agent rule for such files: https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_rules.html To improve protection from malware in documents, we strongly recommend purchasing ESET Dynamic Threat Defense (EDTD) which will enable ESET Mail Security to upload documents with macros and other suspicious attachments to ESET's cloud sandbox that leverages most recent internal detections as well as Augur, ESET's advanced machine learning system to evaluate the dangerousness of analyzed files. ESET Mail Security will pass emails only after it receives information about the analyzed attachments from ESET's EDTD sandbox. This substantially minimizes the risk that potential new malware spreading via email will make it to users' mailboxes. For more information about EDTD, please read https://www.eset.com/us/business/dynamic-threat-defense/and https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_cmps.html. For information about other technologies developed by ESET that protect you from threats, please read https://www.eset.com/int/about/technology/.

ERA v5 does not create a mirror for Endpoint v6.6/v7. It's a quite old product that doesn't support business v6 products and newer. We strongly recommend using ESMC (ERA v7) without a mirror but utilizing http proxy to cache update files which will save a lot of traffic compared to mirror.

@novicewe kindly ask you to stop trolling. You were already warned before and we won't tolerate such behavior any more. If you don't like ESET and think that Windows Defender is better for you, you have the right to use it instead of ESET.

I'm unable to download any fresh malware from there with web protection enabled. Even after disabling web protection new variants are detected as Suspicious object.

It could be that they were PUAs or some malware in an archive which were detected by v12 after PUA detection was enabled or a full disk scan / initial scan was run. Since v11 and v12 have the same detection capabilities, there's no reason why malware would not have been detected by v11 but would be detected with v12.

Try disabling scanning of archives. Since they may contains gigabytes of data that needs to be unpacked and scanned, it obviously takes a lot of time.

If you don't receive an email with your license after entering your registration email address at https://www.eset.com/int/support/lost-license/ within a few minutes, contact the partner from whom you purchased your license which is probably ESET UK in your case.

I don't think it's possible to purchase several renewals of the same license. Why would you do that? No one knows how the situation in IT and the AV industry will look like in 3 years.

Unfortunately you didn't mention if you use ESET Parental Control for Android or ESET Internet Security or ESET Smart Security Premium. Please provide a screen shot of the notification.

Since this is an English forum, we kindly ask you to post in English so that moderators and most of users can understand and be able to help you. If cleaning the machine by running a full disk scan with cleaning from a SysRescue USB or CD doesn't render the system 100% working, consider reinstalling the OS. For more information about ESET SysRescue, please read https://support.eset.com/kb3509/.

Hm, I don't see any download link there. The url that the malware was previously downloaded from seems to have been dead since Oct 19.

ESET has blocked the url with the malicious payload for 3 months already so even if it hadn't been blocked by LiveGrid, it would have been blocked because of the url being on blacklist. Therefore it surprises me that another AV could not protect the user from it.

ESET works alright even with Chrome v70. If you can reproduce the issue, you could try temporarily disabling advanced scanning of browser scripts and see if it makes a difference.

Is the agent service running? Does C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html show any issues? Are there any recent errors logged in the trace log?

In this case the issue doesn't appear to be related to the firewall. I was able to reproduce it and merely disabling SSL/TLS filtering helped. Switching the firewall to automatic mode didn't make any difference. I'll report it to devs and provide them with logs. We'll keep you posted.

Do the clients connect directly to the Internet or though a proxy server? If they are behind a firewall, agent must be allowed access to the repository, activation and update servers (refer to https://support.eset.com/kb332). You could also capture the network communication with Wireshark and check if agent actually receives a response from the repository server.

Are you having the issue only with that particular website or with any other website as well ?

It had been blocked by LiveGrid about 40 minutes before the sample was submitted to VT.

Actually my answer was not accurate since self-defense protects the AV itself as well as crucial system processes. However, an isolated scanner prevents potential (ie. not yet known) vulnerabilities in the AV itself from being exploited. This is crucial because AVs run with highest system privileges and exploiting vulnerabilities would give attackers highest privileges to do further malicious operations on a compromised system. As I've read, the sandbox feature is disabled by default in Defender. This is understandable since it will likely have adverse effect on performance. I'm also glad to inform you that we should add support for isolated scanning relatively soon as well, hopefully with negligible impact on performance which, however, takes a lot of time.

ESET has leveraged self-defense for ages which is not the case of Defender so MS had to obviously had to eventually address the Achilles heel.

Please click the "untrusted certificate" link and provide a screen shot of the certificate details. Endpoint v5 didn't have SSL/TLS scanning enabled by default. It was first enabled for browsers by default in Endpoint v7. If you temporarily disable protocol filtering in the advanced setup, do you get a warning from the browser itself?