[HIPS default rules]

No problem here with the HIPS module 1322:

[Reinstalled Remote Admin]

What errors are reported in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html  and trace.log?

[ESLC cache cleared on reboot?]

I assume that records about whitelisted files are kept. Just for the record, cached data have to be invalidated also after each update of modules. Currently ESLC has minimal impact on performance since caching and whitelisting is basically done in ESET products.

[Exlusion Wildcard --- Invalid Path?]

1, This will be fixed.
2, This cannot be fixed / changed.

Exclusions like "...\*" are equal to "...\*.*".

[HIPS cannot communicate with driver]

This is a known issue with Insider preview build 17704. We should have a solution soon.

I'd like to emphasize that standard builds of Windows 10 are not affected, only new insider preview build(s).

[Exlusion Wildcard --- Invalid Path?]

Will be fixed in the Configuration Engine module 1685.8 so entering e.g. c:\folder\* will be possible. Currently you can use c:\folder\*.* instead which has the same effect.

[HIPS default rules]

ESET's approach is not to bother users with prompts and pop-ups; instead all actions are performed automatically. The fact that you haven't ever seen any notification from HIPS/Advanced Memory Scanner/Exploit Blocker and Ransomware shield is good; otherwise it'd mean you were hit by malware which ESET detected and blocked.

[Administration URL directions]

Make sure to disable QUIC in Chrome, clear browser's cache and restart the browser. Also make sure that you have SSL/TLS filtering enabled and the ESET root certificate has been properly imported in the system Trusted root certification authorities certificate store.

[HIPS default rules]

HIPS is a fundamental component that provides information about system operations to other HIPS-based protection modules, such as Self-defense, Advanced Memory Scanner, Exploit Blocker and Ransomware shield. Therefore disabling HIPS would subsequently reduce detection and protection capabilities of the product. Simple HIPS rules cannot work without producing false positives.

[ESET Livegrid is not accessible]

There is no http communication which is weird. I've found that you have Transocks installed which probably intervenes in network communication.

1, Enable advanced update engine logging in the advanced setup -> tools -> diagnostics, then run manual update. Next disable logging and gather fresh ELC logs.
2, Provide a Wireshark log from time when you open http://update.eset.com/eset_upd/v10/update.ver in a browser.

I'd also suggest contacting your local customer care so that the ticket is properly tracked.

[Administration URL directions]

What url did you block that doesn't work in Chrome? Isn't it youtube.com by chance?

[ESET Livegrid is not accessible]

Don't use any filter. Just select your network interface and start logging.

[HIPS cannot communicate with driver]

Please contact your local customer care so that the case is tracked properly. A complete memory dump will be needed as well as a registry dump and other logs gathered by ESET Log Collector. A customer care representative should be able to assist you with this and prepare the stuff for analysis by developers.

[ESET Livegrid is not accessible]

Please capture the network communication with Wireshark during an attempt to update and provide the generated pcap file.

[ESET Livegrid is not accessible]

Are you prompted for a username and password if you open this in a browser? http://update.eset.com/eset_upd/v10/update.ver

Also please check services and make sure the firewall service is not running, just to rule it out completely.

[Administration URL directions]

Unfortunately it's not clear what issue you are having. Do you mean that blocking some urls via the url management doesn't work?

[ESET Livegrid is not accessible]

Does temporarily disabling the firewall make a difference and ESET updates alright then?

[ESET Livegrid is not accessible]

Most likely a firewall is blocking Internet access for ekrn.exe.

That happened on June 26 between 15:18 and 19:19.

 

[Exlusion Wildcard --- Invalid Path?]

I've tested it and both c:\%folder%\* and c:\%folder%\*.* exclude everything in %folder% and its subfolders.

[Gamer mode does not detect full-screen applications]

As of v11, activation of gamer mode does not change the color of the ESET icon to yellow any more.

[License in ERA not updating]

Do you use VA or ERA is installed on Windows or Linux using either AiO installer or stand-alone installers? The error "Incorrect string value: '\xC5\x86\xC5\xA1' for column '_license_owner_name'" indicates that the db is likely using a latin1 encoding while ERA supports only UTF8 encoding. At any rate, please create a regular support ticket as well so that the case is properly tracked.

[Password Protection on Scanning Eset Endpoint Security]

If a user runs a scan, there's no sense in not allowing him or her to stop it or pause it. As for preventing users from pausing or stopping removable media scans, it's not currently possible. Since such scans may take really long (even hours) and may have a noticeable impact on performance, I'm not sure if it would be ok to prevent users from pausing or stopping them.

[HIPS default rules]

There are no default rules. Self-defense uses its own internal rules.

[Exlusion Wildcard --- Invalid Path?]

Wildcards work only at the end of paths in file names unless the threat name is specified. Try excluding only the path d:\foobar. Also please explain why you want to exclude a specific folder or file; is it because a PUA is detected there and you want to use it anyways?

[W64/Kryptik trojan not detected]

1, Kryptik is a generic detection.
2, Until the suspicious files has been analyzed, it's too early to make any conclusions. It could be both FP or an undetected variant.
3, There is no security solution that would protect you from 100% of malware.

Please submit the file detected as Win64/Kryptik to samples[at]eset.com for analysis.