Marcos

The next major version of ESET File Security will be v7 which is planned to be released in H2/2018. It will use the same type of update files as Endpoint 6.6 and therefore will also support creation of a mirror for EP6.6. Nevertheless, we strongly recommend using an http proxy for caching update files instead of using a mirror. That can save a lot of Internet traffic since only files that are really needed by clients for update will be downloaded.

That's how it currently works but it may change in the future. If the firewall is enforced by a policy, you can enter override mode in order to be able to temporarily pause the firewall.

Couldn't it be that you have enabled the firewall via a policy? Ie. is there a padlock icon next to "Enable firewall" in the advanced setup?

Personally haven't heard about such issue yet. Maybe you could create a dynamic group with computers that are reporting the error and then send a Run command task that will perform a restart by running "shutdown -r -t 0".

Honestly, this is the first time I hear about an issue like this. With MS Outlook integration enabled, all received, sent and read emails should be scanned for malware . I'd suggest checking the list of plug-ins that are loaded in Outlook and making sure that your previous Av is not there. If that's not the case, contact Customer care that should provide you with a logging version of the plug-in that should help pinpoint the issue. Do you receive email via MAPI from an Exchange email server?

Without further logs it's impossible to tell. To start off, enable advanced update engine logging in the advanced setup -> tools -> diagnostics, run update, then disable logging and finally collect logs with ESET Log Collector. When done, provide me with the generated archive.

An application running on the machine is touching update files which causes the updater to fail to rename the appropriate folder. The issue may occur intermittently, e.g. one per several weeks. A workaround for this will be included in v12.

The BAT file is not excluded. You have created exclusions for: G:\Software\*.*, C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll and G:\Software\Microsoft\Windows\Windows 10\Batch Files & Registry Tweaks\Clear Event Viewer Logs\Clear Event Viewer Logs.exe. However, the batch file was detected in C:\Users\Tommy\AppData\Local\Temp\932F.tmp\9330.tmp\9331.bat and this folder was not excluded (don't exclude it since temp folders are a typical location of where malware resides). It is in fact a potentially unsafe application because what the batch file does is that it clears system logs via wevtutil.exe. This is often done by attackers to clear traces after compromising a remote system, typically servers after conducting an RDP bruteforce attack. Detection of potentially unsafe applications is disabled by default. They cover legitimate applications and tools that can be misused in the wrong hands. If you don't want this detection to be triggered at all, exclude the signature from detection, e.g. as follows:

I didn't refer specifically to UEFI protection. However, speaking about it ESET is the first security product which has an UEFI scanner integrated in an AV product. The feature is available both for business and home users which is unique too.

This is questionable. As for tests, yes, they often score 100% but in fact there is no security solution capable of 100% detection of threats. In real world results may be quite different then in tests, not only in terms of detection but also in terms of footprint. I'd recommend you try ESET and let us know how you perceive it with regard to your previous AV. I'd like to put into your attention a list of various technologies developed by ESET that protect you from actual malware on different layers: https://www.eset.com/int/about/technology/.

Staci zmazat subor c:\windows\system32\tasks\WinMgr, ktory spusta uz neexistujuci skript.

ESET NOD32 Antivirus is a consumer product and cannot be managed by ESET Remote Administrator. By contrast, ESET Endpoint Antivirus is intended for business environment and is fully manageable by ERA. Although the current version does not have ransomware shield integrated, we are about to release v7 which will have all protection features known from the latest consumer versions. If you have only a small number of computers, it's ok to use a consumer product.

Please provide me with logs gathered with ESET Log Collector as per the instructions at https://support.eset.com/kb3466. Before you start to collect logs, also select "quarantined files" in the list.

You can just create an agent policy with the new peer certifacate which is easier than re-deploying the agent.

Generate a new peer certificate and create a new agent policy in which you will pick the new certificate. Alternatively you can re-deploy agent while using the new peer certificate.

The detection is correct. It's PUA which is detected or blocked.

Please drop me a personal message with logs gathered by ESET Log Collector on a troublesome machine.

Dobry den, Zozbierajte logy podla navodu v clanku https://support.eset.com/kb3466/?locale=en_US&viewlocale=sk_SK a taktiez vytvorte Procmon log tak, aby v nom bol zachyteny moment, kedy sa zobrazi dana hlaska.

When opening a website, the connection is not maintained active unless some data is transmitted. Therefore it's not possible to measure for how long a particular website has been opened. Also blocking of websites works only in supported browsers which enable us to know what website is being accessed. There are quite many technical limitations on Android (or generally on mobile phones) that prevent 3rd party applications from tightly integrating into the system or other applications like on Windows for instance.

That is most likely because every http connection goes through esets_proxy.

Thanks for the heads-up. I assume the author of the help meant "HKEY_CURRENT_USER" instead of "HKEY_USER". We'll rewrite that part of the help. Currently wildcards (asterisk) can only be used in registry paths, e.g. HKEY_USERS\*\Software\Policies. As for using variables, only system variables will work since ekrn.exe runs in the local system account and therefore has no visibility into user variables.

Even offline computers can be connected via a proxy to the Internet with access limited only to ESET's servers. If that's not an option, you can use the Mirror tool to create a mirror: https://help.eset.com/era_install/65/en-US/mirror_tool_windows.html

What operating system is on the client ? If a standard user clicks the link to restart the system in the ESET gui, the system doesn't restart? Clicking the link should actually restart the system as opposed to selecting Restart in the Start menu which performs only a hybrid restart.

Do you use ERA Server virtual appliance or you installed ERAS on an existing Linux system ? Is the following command executed without an error? smbclient '\\poste_si14.protection24.lan\ADMIN$' -U 'Administrator'

The problem here is with seccomp sandbox which has never been supported by pac and which limits the allowed syscalls for a whole process. We use such syscall and the OS kills the process then. There is no workaround but recompiling the kernel with seccomp disabled. To prevent this from happening, we'll have to detect that seccomp is used by a protected process and behave accordingly. This detection will be added soon and will be included most likely in version 4.0.89.