Marcos

Please provide more information about what ESET product / version is installed on clients and the server. If ESET is installed also on the server, does temporarily pausing real-time protection on the server or on a client make a difference?

Check if temporarily disabling protocol filtering in the advanced setup make a difference. If so, please contact your local customer care for further troubleshooting.

Strange, SppExtComObjPatcher.exe was not listed in the ESI log so it's not running and is not registered in autorun locations either.

You don't need to remove ESET. The fact that ESET is reported as incompatible are changes in Chrome 66 with more restrictions to follow in upcoming versions as per https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html. Simply said, if Chrome crashes, it reports any non-Google and non-Microsoft dll injected in Chrome even if the crash was not caused by it. ESET injects a dll into browsers which enables it to scan scripts before they are executed, to perform redirection of bank sites to a secure browser and to harden the secure browser.

1, The cleaning service is paid. If you contact customer care via the web form (https://www.eset.com/int/support/contact/), US support would arrange a remote session with you. 2, I've checked your logs but didn't find any signs of malware infection. I would say that the computer is clean. PowerShell is not running and is not either registered in the system to run automatically. Maybe you could tell a customer care representative during a remote session what you deem suspicious, he or she would explain you why it is normal and that there's no reason to be concerned. In cases when there is malware infection and we are unable to help, it's possible to request a refund within 30 days after the purchase.

After rebooting the machine ESET should re-try importing the root certificate to browsers and the trusted root CA certificate store. Just to make sure that you perform actual reboot and not just a hybrid reboot, run "shutdown -r -t 0". Alternatively this should work: - disable SSL/TLS filtering - reboot the system - without launching any browsers, re-enable SSL/TLS filtering - after a few seconds launch a browser.

Are the computers in the same subnet?

For backup we offer Xopero products who is our partner: https://www.eset.com/int/business/endpoint-security/xopero-backup-recovery/. However, they don't offer a backup solution for home users.

We've already added a detection, it's just that an update has not been released yet. However, users are protected since the url has already been blocked for some time so the payload cannot be downloaded and executed. The payload is also detected: 8.exe » NSIS » panamas.dll - a variant of Win32/Injector.DZDQ trojan

Do you create the mirror on a local disk?

ELC generates a zip file so you don't have to zip it again. If it's too big, upload it to OneDrive, DropBox, etc. and provide a download link.

@dontdrama Please gather logs with ELC and provide the generated zip archive.

To start off, how do you know that your computer is infected? After you've installed ESET and modules were updated to the latest version, did ESET detect some malware but was unable to clean it?

The malware was removed so the website will be unblocked momentarily. Next time please follow the instructions at https://support.eset.com/kb141.

Unfortunately you didn't mention what version of EAV for Linux you use. Are you having this issue with the latest version 4.0.90?

Please follow my advice above. Only the seller should know the exact reason of cancellation.

If the license was canceled, please contact the distributor or seller from whom you purchased it.

For cleaning Powershell malware that is either not recognized or not possible to clean by a product for whatever reason, we have a standalone tool that can be used with the assistance of customer care. The malware cleaning service is provided to users with a paid license.

Please post a screen shot of how ESET detects the malware. Also providing relevant details from the Detected threats log would help.

That is correct. Startup scan tasks can be disabled in Scheduler, however, we don't recommend that. As a result, if you had a new malware running in memory and ESET would update modules to recognize it, it might not be recognized until a computer restart. Pausing protection has no effect on startup scans, AMS, etc. It simply pauses real-time protection, web and email protection, document protection, etc.

1, If you mean patch management, we don't offer currently any such products. 2, ESET has had advanced heuristics for ages (for almost 20 years if I remember correctly) which runs scanned files in a virtual environment. This enables generation of so-called DNA genes and extraction of various metadata that subsequently serve to create (X)DNA detections which are basically "descriptions" of the malicious operations the file performs and enables ESET to proactively detect a lot malware initially missed by other on-demand/on-access competitive scanners. 3, The Ransomware shield has been in consumer products since v9. What you mean is a basic protection of folders in which only authorized processes (Office applications) can modify files. There are many such applications made for this purpose and Microsoft also provides such a feature. You can achieve this with simple HIPS rules as well. However, this kind of protection is not effective against malware injected in Office processes or script malware that is run by Office applications. The Ransomware shield provides advanced protection and takes into account many aspects, including cloud information, monitoring running processes for suspicious ransowmare-like behavior, etc.

It's another protection layer. While AMS scans process memory upon execution, the startup scan (available as tasks in scheduler) scans files registered in startup locations and memory after each module update and user's logon.

The problem has turned out to be at Microsoft's part. If we have information when Microsoft is going to address this, we'll let you know.

Since incorrect and misleading information were provided by the OP and "A" vs "B" discussions are not permitted by forum rules (https://forum.eset.com/topic/76-rules-of-the-eset-security-forum/), we'll draw this topic to a close. For instance, the statement " Eset have 2-4 bases update to 94 or 100 viruses" is completely incorrect because we cover dozens of thousands of newly emerging threats on a daily basis which is far from what the OP wrote. Needless to say that most AVs, including the one mentioned by the OP, often add detections after ESET, at least in terms of on-demand/on-access detection.

Maybe this is the reason: "Entry" = "A corruption was discovered in the file system structure on volume E:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. " 11/05/2018 10:07:12 ; The system temp/tmp variables point to e:\temp. Replace disk e: with a new 100% working hdd/sdd or at least try pointing the system temp/tmp variables to c:\windows\temp and carry out a full reboot (e.g. by running "shutdown -r -t 0"). Also run a scan with HD Tune Error Scan on drives e:, s: and t: