[Game is bypassing Parental Control]

Please report it through the internal customer care contact form so that logs from the phone are submitted to customer care.

[Ransomeware]

Please refer to https://techcenter.eset.nl/kb/articles/configure-hips-rules-for-eset-business-products-to-protect-against-ransomware.

Keep in mind that the additional rules may cause false positives, especially if you use scripts for legitimate purposes and you should be able to resolve possible issues by editing or disabling the appropriate rules.

[question RE Cloud]

Offline scans cannot provide the same level of protection / malware recognition as ESET installed on a machine that is connected to the Internet and uses LiveGrid to improve protection and performance.

[HIPS]

Please carry on as follows:

1, Uninstall ESET NOD32 Antivirus.
2, Run the Uninstall tool in safe mode to make sure it's removed completely.
3, Install the latest version 11.2.63 from scratch with default settings.

Should the problem persist, gather logs with ELC and provide the generated archive for perusal.

[Does Firewall Automatic Mode use filter rules created in Interactive Mode?]

Yes, it does.

[Kids with Android Parents with iPhone?]

You can monitor your children through the web parental control portal.

[Gamma malware help]

1 hour ago, Rami said:

What about the chances of cracking the encryption key?

It is not possible in the case of Crysis. I'd say one would need a very huge computing power to crack it within years.

[Computer very slow / frozen]

Appears to be a faulty disk / controller. Run chkdsk to fix disk errors. Consider replacing the HDD.

"Entry" = "taskhost (1028) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\F......i\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 401 (0x00000191). This logfile has been damaged and is unusable." 07/10/2018 06:06:33 ;

"Entry" = "The following boot-start or system-start driver(s) failed to load:
discache
eamonm
ehdrv
spldr
Wanarpv6" 07/10/2018 10:31:14 ;

The driver detected a controller error on \Device\Harddisk1\DR2." EXTRA="07/10/2018 09:13:23"
The driver detected a controller error on \Device\Harddisk1\DR2." EXTRA="07/10/2018 09:13:21"
The driver detected a controller error on \Device\Harddisk1\DR2." EXTRA="07/10/2018 09:13:20"
The driver detected a controller error on \Device\Harddisk1\DR2." EXTRA="07/10/2018 09:13:18"

 

[Warning about "https://list-cloud.com"]

9 minutes ago, Ian Ng said:

Here attached the log files. I wish it can help to solve the problem.

In your case the url was accessed by C:\Windows\SysWOW64\Microsoft\Protect\S-1-96-82\RB_1.4.42.60.exe  and Chome. Do you known what the application RB_1.4.42.60.exe is? If you don't use Chrome but another browser ideally without extensions, is the url still blocked?

 

[EMSC upgrade task generates big network traffic]

Have you been upgrading ERA Agent to ESMC Agent on clients? If agent was configured to connect through http proxy, the proxy server should have cached the installer and all other clients should have fetched the installer from cache.

[Installed apps report]

Create or edit an existing ESMC agent policy and enable reporting of other 3rd party applications:

[Warning about "https://list-cloud.com"]

Currently we don't know what is accessing the site.  Unfortunately, there's no info about the registrant available:

Registrant Organization: Privacy Protect

Please provide me with ELC logs for perusal.

[ESET Endpoint Security Blocking Unknown Website]

You can upload them to DropBox, OneDrive, etc. and then drop me a private message with a download link. You should be able to upload even bigger files here with the size up to 512 MB, however.

[Detection Problem]

Please provide the subject of the email that you submitted to samples[at]eset.com.

Batch files and basically scripts in general can be created in millions of ways. Especially if they are very small and run only system commands, it may be even impossible to detect them because some users might use them for legitimate purpose. Example: assume a batch file that adds a new user through the system net command. On one hand, it can be a part of a malicious batch file, however, on the other hand it can be used by administrators for perfectly legitimate purposes. And even if a detection is added, malware writers can obfuscate it in many ways or even wrap it into an executable (that can be again obfuscated / protected) to evade detection.

[Need help to enable Web-access/Anti-Phishing protection]

19 hours ago, Ryan Clark said:

I did as instructed.  I'm not sure how to gather the logs with ESET Log Collector.  I clicked 'Create Diagnostic Dump', and there's a .dmp file now.  Is that what you are referring to? 

Let's submit the generated archive and we'll see if the logs contain everything we need for further analysis.

[Need help to enable Web-access/Anti-Phishing protection]

Well, it's not a hyperlink but the acronym expand feature of the forum. Its only purpose is to show the full name when hovering the mouse cursor over it.

[ESET Endpoint Security Blocking Unknown Website]

Please gather ELC logs and provide me with the generated archive for perusal.

[Gamma malware help]

36 minutes ago, DamianTodarello said:

You mean that there will NEVER be a decryptor for filecoder.crysis? Is it impossible to make a decryptor?

If the author of the ransomware decides to publish the master decryption key, it will be possible. However, as you understand the chances it would happen are very slim.

[ESET Endpoint Security Blocking Unknown Website]

Do you think that the url should not be blocked? Couldn't it be a suspicious browser extension (maybe ad-related) that accesses the site in question?

Registrant Name: Registration Privacy

[DNS requests to ESET servers blocked by PaloAlto]

DNS requests are used by Parental / Web Control and for license-related purposes. This is a perfectly legitimate use of DNS that is employed by plenty of vendors of legitimate software. If the "spyware" detection is not removed soon, we'll raise an official complaint.

[Version 7 File Server Reporting to ESET SMC7 Detected attack against security hole ( How do I exclude Nessus)]

14 hours ago, B-G said:

We have log / block / notify all set to "No" and are still getting alerts, anything else to try ?   

Could you please post a screen shot of your IDS exclusion setup as well as the appropriate records from the Network protection log that were generated with the exception in place?

[Version 7 File Server Reporting to ESET SMC7 Detected attack against security hole ( How do I exclude Nessus)]

I'd recommend not to create exceptions for any alert, otherwise you'd effectively disable IDS protection against potential attacks coming from the excluded IP address.

[Computer very slow / frozen]

Please provide me with logs gathered with ELC. Obviously a process has crashed while a Procmon log with protection enabled was being generated. However, the very first Procmon log you provided didn't contain any records of a crash.

[The installation was not completed successfully]

Try uninstalling ESET in safe mode using the Uninstall tool.

Should the problem persist, gather logs with ELC and provide me with the generated archive. Also if possible, create and provide a Procmon log from a failed install as well.

[Long Endpoint Security on-demand smart scan task]

If you have gigabytes of iso files or other archives / containers with dozens of thousands files inside, it can take quite long to complete the scan. Try running a scan with archives disabled to see if it improves the speed.