Marcos

Generally I'd recommend to avoid using more security applications together. If the other sw doesn't install a driver it might work with ESET. Otherwise the chance of clashes will increase.

Which of the following steps resolves the issue? 1, Pausing all protection modules 2, Pausing only real-time protection 3, Temporarily disabling automatic start of real-time protection followed by a reboot 4, Temporarily disabling HIPS followed by a reboot

Please gather and provide ELC logs from the machine for perusal.

If you download eicar from http://www.eicar.org/download/eicar_com.zip and https://secure.eicar.org/eicar_com.zip, is it detected? If not, please enable advanced protocol filtering and network protection logging under tools -> diagnostics, download eicar from the above links, disable logging and gather logs with ELC. Contact your local customer care so that the case is properly tracked and supply them with the generated archive.

If running a full disk scan with strict cleaning doesn't remove the PUA, please gather logs with ESET Log Collector and upload the generated archive here.

Please refer to https://support.eset.com/kb6551/. It is important to disable syncing of extensions to stop PUA extensions from being synced and detected again.

It's only a v11.2 hotfix. As for v12, there is currently no release date set.

I assume it was merely a scam website that you ran into and it didn't pose a threat otherwise. There are thousands of new scam urls with fake alerts being created on a daily basis so expecting an antivirus to detect and block every single one is unreal.

This is probably not related to the topic. Please create a new topic in the appropriate forum, specifically in Malware Finding and Cleaning if you want to discuss malware.

I'm not sure what you mean by that it goes to a new tab. If a website is blocked, its content is replaced with an alert. Maybe you could post a screen shot for clarification.

It is version 11.2.63.0 which will be officially released next week. It's a v11.2 hotfix with a couple of reported bugs fixed. The naming like "2019" is used by marketers and probably refers to v12.0.

We would need to know the public IP address through which ESMC communicates. You can pm it to MichalJ.

You didn't mention what sw you use for backup. Would it be possible to try a different one to see if the same issue occurs? At any rate, I'd suggest contacting customer care and providing them with a Procmon log from an issue replication as well as ELC logs gathered from that machine.

What about temporarily pausing only real-time protection?

Currently you can't avoid creating new rules or editing paths in existing rules but from a long-term perspective there should be a solution to this.

Do you mean that it works when real-time protection is paused? Because it is not possible to turn off protection unless you rename ekrn.exe in safe mode or uninstall ESET.

The config was ok. Please contact your local customer care to troubleshoot the issue further. To start off, provide them with logs gathered by ELC.

It is not possible. If we had to back up every file, e.g. when the user intentionally moves files to a password protected archive, the computer could become unuseable. Ransomware often encrypts media files and such files may be dozens of GBs in size. The rollback setting is in the advanced update setup.

I'm sorry but I have no clue what you mean by rolling back files.

Please follow the instructions at https://support.eset.com/kb141 to request a website re-check. It appears that malware has been removed, the website was unblocked.

If possible, please continue as follows: - temporarily uninstall EAV - install ESET Internet Security 11.2.49 and activate a trial version - under Help and support in the main gui, click Details for customer care and enable advanced logging - reboot the machine - stop logging - collect logs with ESET Log Collector and post the generated archive here. There is probably a problem with registration to BFE, e.g. the Base Filtering Engine service might not be running. After we get EIS work alright, you can uninstall EIS and install EAV which should then work alright.

It's been there for a couple of years already:

Please provide fresh ELC logs so that I can make sure the drivers are no longer loaded. Beforehand I'd suggest running the ESET Uninstall tool in safe mode and trying to install Endpoint v7 from scratch. Should the problem persist, also create a Procmon log from installation.

Please gather and provide ELC logs for perusal.

I think the following would work if the logical operator could be set to OR which is not currently possible. Maybe @MichalJ or @MartinK will be able to comment on it.