Marcos

We do not share information about preliminary plans, only if a release date has been set. In individual cases we may say that a fix for a specific issue will be addressed in version XY which is preliminary planned for Q1/2019, however. As for CA regarding module updates, we release them once a month, ie. it's a soft of digest that includes changes in modules released in the previous month.

This is just a response to one of their tests that was made earlier this year. However, you asked about comments on the recent accusation.

If malware, adware or whatever is detected, a proper way of dealing with it is fixing the issue, not working it around by disabling detection, adding exceptions, etc. Otherwise one may get infected. Rather than excluding a website from filtering I'd recommend excluding a particular detection by the detection name if you are ok with that JS/Adware.Agent.AA javascript will run. Although it's related to a particular ad provider, we cannot guarantee that circumventing the detection is safe.

https://www.bleepingcomputer.com/news/security/nss-labs-sues-crowdstrike-symantec-eset-amtso-for-alleged-testing-conspiracy/ "We are aware of the allegations made by NSS Labs. However, as legal proceedings have just been initiated, we are unable to say more at this time beyond the statement that we categorically deny the allegations. Our customers should be reassured that ESET’s products have been rigorously tested by many independent third-party reviewers around the world, received numerous awards for their level of protection of end users over many years and are widely praised by industry-leading specialists."

I was unable to reproduce the detection. The JS/Adware.Agent.AA application is correct. It's very unlikely that it could be false positive.

Let's start off with the following: - enable advanced firewall logging (or network protection logging in latest versions) in the advanvced setup -> tools -> diagnostics - clear the firewall log - restart the computer - wait until a notification is triggered - disable logging - gather logs with ESET Log Collector and provide me with the generated archive.

On a troublesome computer, please enable the following in the setup -> tools -> diagnostics: 1, Advanced network protection logging 2, Advanced licensing logging Then try to activate Endpoint manually by entering the license key in the activation window. Then disable logging, gather logs with ESET Log Collector and provide me with the generated archive. If manual activation works, do the same on another machine but try to activate it via an activation task sent from ESMC.

On one of the troublesome Windows machine, enable advanced network protection and update engine logging in the setup -> tools -> diagnostics and run update. Then disable logging, gather logs with ESET Log Collector and provide me with the generated archive.

Just out of curiosity, what Chrome extension it was?

Please run a full disk scan. If adware is found and cleaned, reboot the machine and run another scan to make sure it's no longer detected. Should the detection continue, please gather logs with ELC and provide me with the generated archive.

Are you getting this notification without opening the url in question in a browser? Check the filtered websites log for more information about what application was attempting to access it.

If you haven't used ERA v6.5 for a longer time, I'd suggest installing or deploying (in case of VA) ESMC from scratch. Then you'll deploy agent v7 to clients with Endpoint v5 and v6 so that they report to ESMC. If you want to preserve the existing ERA v6.5 server and upgrade to ESMC later, do not deploy agent v7 but agent v6.5 to clients where needed (v7 agent cannot communicate with ERAS v6). When you decide to upgrade ERA to ESMC, after upgrading the server you'll simply upgrade agent on clients via an ESCM component upgrade task. Note that as of ERA v6 it is agent that communicates with the ERA/ESMC server and not the Endpoint security product itself. Also in case of Endpoint v5, the agent will reconfigure the product to report to the agent on localhost and it will take care of further communication with the ERA/ESMC server. As for changes in configuration, I'd suggest using a policy to change settings, if really needed.

You can manage Endpoint 7 with ERA v6.5 but some features may not be available. Also to use new products and features, such as ESET Enterprise Inspector or ESET Dynamic Threat Defense that you might be interested in require ESMC.

The server still serves Win32/Adware.Agent.NTH. We strongly recommend that the owner removes it so that the url can be removed from blacklist.

Currently there's no news on this. As soon as we have some, we'll let you know.

To avoid having multiple topics on this subject, we'll draw this one to a close. Please continue with the discussion in https://forum.eset.com/topic/15877-chrome-warning-to-remove-eset-endpoint-antivirus/.

Try disabling Feedback hub in the Privacy -> Camera setup:

It is probably legit and related to China Telecom.

If there is some news about a newer service release, we will communicate it here as well as via other standard channels.

We too have a decryptor for very old versions of Crysis but newer versions are not decryptable.

Does Endpoint update from a mirror or from ESET's update servers? Is the client able to update from ESET's servers when outside the corporate network?

Is this new to EPv7 and the issue didn't manifest with EP6.6? I assume this behavior must have been for ages.

Please provide links to some new issues related to Endpoint v7.

In case of Filecoder.Crysis decryption is not possible. However, you can provide me with ELC logs to review your configuration and logs and to make sure that your ESET product is configured properly. If using RDP, we strongly recommend using it only internally. For connections from outside, use VPN or at least use 2FA to prevent attackers from getting to the machine, disabling AV and running ransomware.

I'd say most users would vote for 1. Honestly, hardly recall any new issue that was reported with regard to Endpoint v7.