Marcos

Please post the appropriate records from the Detected threats log.

That would happen if a process accessed the web cam while the system is starting and the device control has not been fully initialized yet. The issue is being investigated and hope there could me more information available on this within the next few days. It also appears it has something to do with processes running in the local system account.

I'd suggest contacting your local customer care. After entering a license key no further user information is requested unless you activate a trial version.

Hello, There's no attempt to run chromesetup.exe logged in the logs you have provided. Please provide ELC logs.

My fault, I actually meant logging severity.

It depends. Some licenses may be locked down to a specific country.

This is beyond the scope of support here but you can find many guidelines on the Internet how to create one, e.g. at https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl, https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs and many others.

Changing the logging verbosity to warnings in rules that you want to have reported to ESMC when applied should do the trick.

Maybe a Procmon log with advanced logging enabled generated during an attempt to launch Chrome could shed more light. I assume that temporarily uninstalling ESET wouldn't make any difference,would it?

Agent 6.x can communicate with ECMS, however, agent v7 cannot communicate with ERA. After upgrading from ERA to ECMS, send an ECMS upgrade component task to machines to upgrade the agent.

If you have Windows 10 Enterprise, check AppLocker rules if you don't have one which would block a path or publisher: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules

I take liberty to correct you - it's Windows 10 October 2018 Update (aka RedStone 5). Versions 10.1 and newer fully support it.

Please submit the suspicious attachment (ideally the whole email in the eml or msg format) to samples@eset.com in an archive protected with the password "infected". If it's a new macro malware, using ESET Dynamic Threat Defense would likely improve the response and you'd get it detected quicker without waiting for the next engine module update.

If egui.exe was running and you were logged in at that time, you should have received a warning. If you would like more info on the detection, supply me with ELC logs that also include quarantined files (can be selected in the ELC list of artifacts to gather).

ACT.0 may be a temporary overload of activation servers, however, we haven't observed any issues with them recently. Please contact your local customer care.

Can both ESMC Server and agent on endpoints access epns.eset.com?

Please contact customer care. This forum is intended rather for sharing knowledge and actual issues requiring several iterations should be tracked through standard support tickets.

The fix was made to v12 which will be available later this year. Currently we don't plan to release any further v11.2 hotfixes since v12 is virtually imminent.

Make sure that you have logging of all blocked operations disabled in the advanced HIPS setup. If the HIPS log contains too many records, you can delete the appropriate dat file in safe mode.

It could be that the website has been cleaned in the mean time.

If disabling the firewall helps, please carry on as follows: - enable advanced network protection logging under tools -> diagnostics - reboot the machine - reproduce the problem - disable logging - gather logs with ELC and provide me with the generated archive.

It should be available later this year.

If you have ESMC installed the best would be to add licenses by adding an EBA account to ESMC and add licenses to EBA (eba.eset.com). Some products, such as ESET Dynamic Threat Defense, won't work without that.

Please carry on as follows: - temporarily uninstall EAV - install ESET Internet Security and activate a trial version - in the advanced setup -> tools -> diagnostics enable advanced network protection logging - reboot the machine - disable logging - gather logs with ELC and provide me with the generated archive.

Did you check the licenses and seats in EBA?