Marcos

Please provide me with logs collected by ESET Log Collector to start off. Also try uninstalling v11.2 and installing it from scratch with default settings. Let us know if that makes a difference. Real-time protection shouldn't prevent applications from starting unless application files are detected as PUA or malware.

I don't see any reason to think there's a problem with ESET. ERAS is not contacted by ESET's servers but it's ERAS that initiates a connection. For a list of ESET servers, refer to https://support.eset.com/kb332/.

We've never run into a case with such error. Please contact customer care for further assistance. ELC logs as well as a Procmon log from an installation attempt should suffice to start off.

Endpoint older than v6 didn't support activation at all. In order for RMM activation commands to be accepted, you need to have RMM support enabled for all operations in Endpoint: I would test it with authorization method set to None and only if no issues occur, change it to "Application path" and specify the path to the RMM application below. Re. support for the Autotask plug-in, please contact your local customer care.

1, What version of Endpoint did you have installed before? 2, There has never been an official way of activating Endpoint via PowerShell. How exactly did you use to do it? As for activation issues, what error do you get if you attempt to activate Endpoint manually via Help and support -> Change license? Are the computers connected to the Internet through a proxy server? Are they able to reach activation servers? (https://support.eset.com/kb332)

Please provide us with your public license ID.

I'm sorry to inform you but the license key that was used for activation leaked and therefore was cancelled. It also appears it was issued in another country than the one you come from. Please contact the company or person that sold you the license.

There's no such functionality in the forum system to mark topics as solved. Simply we leave resolved topics as they are.

We can't tell now if this version will be released or if it will remain available on demand. Normally the next hotfix would take several weeks or months to be released since we are working on changes that are urgent and need to be done with regard to planned restrictions in Chrome.

We expect to have at least an internal fixed build ready within 1-2 weeks and will provide it to those who have reported the issue in the forum and on demand.

The new fixed driver is not WHQL signed and therefore doesn't load on systems with Secure Boot enabled. Getting WHQL certification is not a fast process but takes time. A proper WHQL driver will be included in the next hotfix of v11.2 along with other fixes. Those who have installed the fixed driver it will need to remove it or uninstall EIS before upgrading to a newer version.

To update ERA components, send an "RA Component upgrade task" to the VA: As for updating the OS, you can do it manually from the terminal or by sending an OS update task: If ODBC driver is updated, you'll need to downgrade it to v5.3.

Of course that if a backup of the original file is created, the file will have the same name as the original file. If I get "mypersonalcv.docx" infected with a macro virus and "somerandomname.docx" would appear in quarantine, that would be a mess that would help nobody. Since everything has been said on this topic and unclear things were explained, we'll draw this topic to a close.

Do you have current modules installed? What version of the Confguration Engine module do you have? Does temporarily switching to pre-release updates in the advanced update setup make a difference?

Not really. Most of malware are trojans which do not contain any benign original code so they are cleaned by deletion. Cleaning such malware must remove it from its original location completely. File infecting viruses and VBA macro malware make up a very small group of cleanable malware. In such case, the malicious part of the code is removed/sanitized and a copy of the original file is placed in quarantine in an encrypted form in case one would need to restore it at a later time.

Is the malware being detected after a system restart? Even if you disconnect the computer from network? The Process Monitor log you've created is not from a boot. Please generate a boot log as per the instructions at https://support.eset.com/kb6308 , section Gather boot log files.

If a file is in quarantine it means that it was detected and cleaned unless you quarantined it manually. That said, it should not exist anywhere but in quarantine in an encrypted form. There are no benefits of removing files from quarantine permanently except that you will save a few kB or MB of disk space, depending on the size of the quarantined files that you delete.

And what product creates the mirror? Endpoint v6.5 or v6.6? Updates for EP6.5 and 6.6 are not compatible and a separate mirror needs to be created for each. Instead of using the mirror, we strongly recommend using HTTP Proxy which will save you a lot of traffic. The thing is a big portion of files downloaded to the mirror with each update is not used by clients at all.

How do you create the mirror? With the Mirror tool or you are using an ESET product for that? If so, what product and version? What is the version of Endpoint that is reporting the general compiler error?

Probably next week we'll release a module that should address this.

It was reported to developers for investigation.

This will be fixed soon. Endpoint 6.6 is not affected. We strongly recommend upgrading to v6.6 and later to v7.

Do you have WD periodic scanning disabled? After activation ESET registers in the WSC and unregisters only during uninstallation or when real-time protection is turned off. Therefore my understanding is that WD's real-time protection shouldn't kick in even if there was malware undetected by ESET running.

To prevent duplicate topics on a subject, we'll draw this one to a close.

Did you run the firewall troubleshooting wizard to get a list of recently blocked communication with an option to permit the desired ones?