Marcos

Apparmor is not supported. It is not necessary to contact customer care because you would get the same response from developers.

Check also Endpoint policies and make sure it's not configured to report missing OS updates:

Please contact your local customer care for help with further troubleshooting. We've seen this error only in connection with Apparmor. Make sure that you don't have other security software installed.

After installing ESET, the plug-in adds a special flag to all messages in the inbox folder (not subfolders) which may take some time if there are thousands of messages. Had the user been using an older version of Endpoint with integration to Outlook enabled prior to installing Endpoint v7?

Couldn't it be that there are thousands of emails directly in the inbox folder? At any rate, I'd suggest contacting customer care since diagnostic logs from the Outlook plug-in will be needed for further troubleshooting.

The application was found in UEFI. According to https://en.wikipedia.org/wiki/LoJack_for_Laptops, it drops its files to system folders after purchasing a license. I'd like to emphasize that the application is not detected by default. Detection of potentially unsafe applications is disabled after installation. If there's no new update for your UEFI firmware without the application included, you can exclude the application from detection by its detection name so that it's no longer reported during scans.

Hello, Since this is English forum, we kindly ask you to post in English so that the others can understand and be able to help you. If you install an incorrect language version, simply uninstall it and install a correct language version from scratch. There won't be any problem with activation of your license. During uninstall, the product is properly de-activated also on ESET's servers. You can check your license usage via the License manager at my.eset.com.

Please check your personal messages for instructions how to carry on.

Glad to hear that I was unable to reproduce the detection at that time but it could have been due to limitation to a specific browser or user's location, otherwise the malicious code wasn't injected.

That may happen if you remove the original msi installer from c:\windows\installer, e.g. while cleaning up disk space. In such case uninstalling ESET in safe mode with the Uninstall tool should do the trick: https://support.eset.com/kb2289/.

It is possible to run ecls via a "run command" task but since it logs only to a text log that is not transferred to ESMC, that's probably not what you want. In my opinion, it's safer to have PUAs cleaned automatically and restore / exclude a particular one if really needed than letting a user run it for some time and only then evaluate whether it's ok to use it or not.

ESET started detecting Computrace components back in 2012. With the addition of the UEFI scanner, the detection has been recently extended to UEFI too. There is no HIPS rule to detect Computrace.

There is only a global settings for PUAs. What you could do is run a scan with the command line scanner ecls.exe and disable PUA detection using the appropriate switch. Moreover, PUAs are cleaned automatically in a managed environment. However, you can restore particular PUAs from quarantine via ESMC and exclude them from detection, if needed.

Please let us know if you want to keep your forum account. If so, please pick a new nickname since the current one is not appropriate. Feel free to drop me a private message.

Currently the ERA component upgrade task upgrades only agents on clients to v7. Since v7 agent cannot communicate with ERA v6.X server, do not upgrade it until you have upgraded ERA to ESMC. Within a few weeks (probably in less than a month) it will be possible to upgrade ERA to ESMC via the task as well.

I for one can't imagine how installing ESET could cause screen flickering. Could you please shot a short video to demonstrate the issue? Do you have a regular build of Windows 10 installed or you are using an Insider Preview build? Have you tried uninstalling ESET and installing the latest version 11.2.63 from scratch with default settings? Please gather logs with ESET Log Collector and post the generated archive here.

If uninstallation via the Start menu or through Add and remove programs doesn't work (e.g. if the original msi file has been deleted from c:\windows\installer in the mean time), use the Uninstall tool in safe mode. Also we would like to hear about the reasons why you are removing ESET. Is it just temporary or you've been having an issue that you couldn't resolve? If possible, change your nickname to a more appropriate one or we can do it for you if you would like to stay a member of our forum and would like to post here in the future.

Have you carried out a forensic analysis of the case that you have come up with a conclusion that it was ESET's fail? Are you positive the ransomware was not run from an unprotected device and didn't encrypt files in remote shares due to incorrect privileges set on the server? I'm sure you didn't so please refrain from making any conclusions and trolling. Just moments ago I received a case from our partner : "We have a government customer using K and got infected with krab ransomware. We installed EFWS on the server and the Filecoder was able to detect with our product we have an opportunity with this customer for 1.8K units." I, for one, do not blame that AV for letting the ransomware infect the machine. Obviously there was a bruteforce RDP attack performed and if the AV didn't have settings protected, the attacker could have disabled it.

If you view the file mcbuilder.exe, it most likely doesn't start with "MZ" and it's size is smaller than 64kB. Could you confirm? Files should not have the EXE extension unless they are PE executables. In this case it's scanned by heuristics because it treats it as an executable but in fact it is not an executable.

Please provide: - ELC logs from the server - a handful of encrypted files (ideally Office documents not containing sensitive data) - payment instructions (the ransomware note dropped by ransomware) - information about what folders contain encrypted files - logs from the tool that I'll provide you with via a personal message momentarily. Compress all stuff into a single archive and upload it to our ftp server as per the instructions I'm gonna send you.

Please elaborate more on what issues you are having. What do you mean by "messages about it not scanning"? Would it be possible to temporarily install English version 11.2.63 and post a screen shot from it for clarification? Also elaborate more on "it slows down or stops me opening programmes". What programs? What operating system do you have? Do you have the latest version of ESET 11.2.63 already installed? Do you have also another security software installed?

Please provide ELC logs with also quarantined files selected prior to gathering them. I'd need to check the exact file that was detected.

Please provide your public license ID.

This issue cannot be addressed by a module update. A fix will be included in the next hotfix build.

If it's detected on ESET's website, it's unlikely to be FB. It could be your router that might have been hacked and is injecting a malicious script into downloaded web pages. Please gather ELC with also "quarantined files" selected and post the generated archive here.