[E-Mail after signature update]

Please contact your local customer care so that a regular support ticket is created and that it can be tracked properly.

[Internet Sercurity Version 11.2.49.0]

The latest version of ESET Internet Security is 11.1.57. If you are using the Insider Preview version, please post in the appropriate subforum.

Edit: You most likely have pre-release updates enabled where upgrade to v11.2.49.0 is being offered.

[Targeted Attack Protection]

40 minutes ago, itman said:

Will the submitted files be locally sandboxed and suspended if execution attempted? 

Locally files are scanned by advanced heuristics, ie. they are run in a virtual environment. With EDTD, suspicious files will be upload to an actual EDTD sandbox in cloud where they will be run. Besides the sandbox analysis, our EDTD system will also leverage cyberthreat intelligence data that we have gathered worldwide when assessing the dangerousness of a sample.

 

[There is suggestion?]

If you want to report a suggestion for home products, post it in this topic: https://forum.eset.com/topic/51-future-changes-to-eset-internet-security-and-eset-smart-security-premium/

[ESET Endpoint Security Push install by direct package URL Not working]

I will try to find out. 3 slashes are actually used to point to a file on a local disk so I was wrong.

[ESET cloud solution eta?]

Do you mean a kind of light ERA in cloud for smaller companies?

[Update nagging despite autorenewal]

Typically licenses are not renewed automatically. To my best knowledge, in our country it's not possible at all except some special deals with a mobile carrier. I'd strongly recommend contacting ESET UK to find out what's going on.  You can also drop me a personal message with your public license ID so that I can check your current license status.

[HIPS cannot communicate with driver]

This is the official ESET's statement on the subject:

“ESET have been working with Microsoft and the block will be removed in next weeks’ fast insider build. On occasion blocks are implemented to avoid compatibility issues with outdated versions of ESET products and particular scenarios with the OS. In this particular case a block was incorrectly implemented generically in the insider build and is being removed.”

[is it this software false postive or malware?]

It is neither a false positive nor malware but a potentially unwanted application. For information what PUAs are, please refer to https://support.eset.com/kb2629/. It is at users' discretion if they enable PUA detection or not. If you think that benefits of using a particular PUA outweigh possible risk, you can exclude a particular PUA from detection by expanding the yellow alert window and selecting "Exclude signature from detection".

[Problem in creating EP6 mirror for offline update]

Please capture the network communication with Wireshark while running the Mirror tool and provide the generated pcap log for analysis.

[Targeted Attack Protection]

Yes. On the client side we leverage multiple technologies at various layers to prevent infection. While it's easy to bypass one layer, it's much more difficult for malware authors to bypass more of them. For more details about technologies that ESET developed to protect you, please read https://www.eset.com/int/about/technology/

Also we're going to unveil a brand new EDR solution aimed at protection against targeted attacks - ESET Enterprise Inspector which gives administrators visibility into what has been going on in their network, gives them an overview of suspicious operations typically performed by malware and enables them to take the appropriate action accordingly. Also it provides detailed and visualized information about how a particular process or script was executed. Hand in hand with the introduction of EEI, we are also going to provide EEI-based services ESET Threat Hunting and ESET Threat Monitoring for organizations that don't have their own staff for monitoring security in their network or for performing forensic analysis and finding out the infection vector in case of security incidents.

Another service that ESET already provides is ESET Threat Intelligence which leverages intelligence information gathered worldwide. This can be used for instance by financial institutions for monitoring new threats and phishing targeting their clients as the ability to submit files and have them thoroughly be analyzed in ESET's sandbox while leveraging machine learning and other techniques. For more information, please read https://www.eset.com/int/business/it-security-services/threat-intelligence/.

With the release of Endpoint v7, we are also going to introduce ESET Dynanic Threat Defense (EDTD) which is a service that submits suspicious files from endpoints to ESET's sandbox and provides a timely response to the client about the result. Administrators will see a list of submitted files along with further information about them and the result of analysis in the ESET Security Management Console (currently called ERA). What files will be submitted is fully customizable by administrators, with an option to delete submitted files from ESET's servers immediately or after some time. EDTD will enable mail server products to first analyze suspicious attachments in ESET's cloud sandbox and only then deliver emails to clients.

[HIPS cannot communicate with driver]

57 minutes ago, dcconn said:

Of course, we are the guys stuck in the middle who just want a resolution. 

We are positive that it's not an issue on our part since Microsoft has already confirmed it.

[HIPS cannot communicate with driver]

Quote

I saw EAV 11.2.46, but on update channel is missing. I hope there is HIPS correction in this version

I think 11.2.x are insider preview versions. By the way, HIPS is version-independent. Also I'm not sure what you mean by "HIPS correction"; there are no big known issues with HIPS currently. If there are any, it's just minor issues that we have logged on files. If you are having issues with Windows 10 Insider Preview builds, you must wait until the bug is addressed by Microsoft.

[Cannot uninstall or repair ERA Agent]

Does temporarily disabling Self-defense in Endpoint and rebooting the system make a difference?

[Eset feature]

Would you pay an extra fee for including a backup application? I think that most of home users wouldn't. A lot of users still prefer ESET NOD32 Antivirus to ESET Internet Security although it doesn't detect and block botnet communication and doesn't protect from attacks from unpatched computers in the network, not speaking about comparison of ESET Internet Security to ESET Smart Security Premium which has Password Manager and Disk Encryption modules added.

[Arquivos criptografados .BIP (Encrypted .BIP files)]

Files were encrypted by Filecoder.Crysis. Unfortuately, it is not technically possible to decrypt files.

This ransomware is known to be run manually by attackers after they make it to a system with administrator rights after performing a bruteforce RDP attack. It is important that you harden RDP, e.g. by using VPN or 2FA. At least you could restrict RDP connections on a firewall to specific IP addresses or ranges.

Also users with administrator rights and RDP allowed must not use weak passwords.

[Excel 2016 - Slowness]

On the server there isn't ESET File Security or another real-time AV protection installed?

[virus scanner initialization failed]

You have installed a very old version of ESET NOD32 Antivirus. V4 has already reached its end of life and cannot provide sufficient protection against current threats. Please uninstall it and download and install the latest version 6.6.

How many machines with this old version you have? Are they managed by ERA v5?

[ESET Internet Security not wotking on Windows Insider 17711]

This should be fixed in Windows 10 before reaching RedStone 5.

[Cannot uninstall or repair ERA Agent]

Also you can try temporarily disabling self-defense in Endpoint and reboot the machine and see if it helps.

[Excel 2016 - Slowness]

Please provide more information about what ESET product / version is installed on clients and the server. If ESET is installed also on the server, does temporarily pausing real-time protection on the server or on a client make a difference?

[Canon lbp 2900 printer taking long time to print]

Check if temporarily disabling protocol filtering in the advanced setup make a difference. If so, please contact your local customer care for further troubleshooting.

[How to remove Dllhost.exe *32 COM Surrogate Virus]

Strange, SppExtComObjPatcher.exe was not listed in the ESI log so it's not running and is not registered in autorun locations either.

[Chrome Warning to remove Eset Endpoint Antivirus]

You don't need to remove ESET. The fact that ESET is reported as incompatible are changes in Chrome 66 with more restrictions to follow in upcoming versions as per https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html. Simply said, if Chrome crashes, it reports any non-Google and non-Microsoft dll injected in Chrome even if the crash was not caused by it. ESET injects a dll into browsers which enables it to scan scripts before they are executed, to perform redirection of bank sites to a secure browser and to harden the secure browser.

 

[How to remove Dllhost.exe *32 COM Surrogate Virus]

1, The cleaning service is paid. If you contact customer care via the web form (https://www.eset.com/int/support/contact/), US support would arrange a remote session with you.
2, I've checked your logs but didn't find any signs of malware infection. I would say that the computer is clean. PowerShell is not running and is not either registered in the system to run automatically. Maybe you could tell a customer care representative during a remote session what you deem suspicious, he or she would explain you why it is normal and that there's no reason to be concerned.

In cases when there is malware infection and we are unable to help, it's possible to request a refund within 30 days after the purchase.