Marcos

Unfortunately it's not clear what issue you are having. Do you mean that blocking some urls via the url management doesn't work?

Does temporarily disabling the firewall make a difference and ESET updates alright then?

Most likely a firewall is blocking Internet access for ekrn.exe. That happened on June 26 between 15:18 and 19:19.

I've tested it and both c:\%folder%\* and c:\%folder%\*.* exclude everything in %folder% and its subfolders.

As of v11, activation of gamer mode does not change the color of the ESET icon to yellow any more.

Do you use VA or ERA is installed on Windows or Linux using either AiO installer or stand-alone installers? The error "Incorrect string value: '\xC5\x86\xC5\xA1' for column '_license_owner_name'" indicates that the db is likely using a latin1 encoding while ERA supports only UTF8 encoding. At any rate, please create a regular support ticket as well so that the case is properly tracked.

If a user runs a scan, there's no sense in not allowing him or her to stop it or pause it. As for preventing users from pausing or stopping removable media scans, it's not currently possible. Since such scans may take really long (even hours) and may have a noticeable impact on performance, I'm not sure if it would be ok to prevent users from pausing or stopping them.

There are no default rules. Self-defense uses its own internal rules.

Wildcards work only at the end of paths in file names unless the threat name is specified. Try excluding only the path d:\foobar. Also please explain why you want to exclude a specific folder or file; is it because a PUA is detected there and you want to use it anyways?

1, Kryptik is a generic detection. 2, Until the suspicious files has been analyzed, it's too early to make any conclusions. It could be both FP or an undetected variant. 3, There is no security solution that would protect you from 100% of malware. Please submit the file detected as Win64/Kryptik to samples[at]eset.com for analysis.

Just a patched TeamViewer executable, not malicious.

Please gather logs with ESET Log Collector as per https://support.eset.com/kb3404/ and provide the generated Customer_info.tgz to customer care for perusal.

We do not load mdnsNSP.dll. I assume it's Bonjour itlsef which attempts to inject the dll into ekrn which fails due to self-defense protecting ekrn from this.

You can already control if scheduled scans can be paused by the user or not:

ERAR is an obsolete tool which was useful at time of infamous LockScreens before the era of Filecoders that encrypt files. I will check if it's still available for download and we'll most likely remove it from download servers.

Even though the rtf file is not detected, the payload is detected either as: u.b - Suspicious Object or u.b - Win32/GenKryptik.CDTU, depending on what version of the ESET product you use (v11.1 / EPv7 or older) and the time you scan it. In ~3 hours from now all versions will detect it as Win32/GenKryptik.CDTU and the rtf dropper will be detected as well.

It is weird because if Endpoint is really managed via ERA and the agent reports to ERAS, potentially unsafe and unwanted applications should be cleaned automatically. Does the machine appear in the ERA console?

I was unable to reproduce the block. Please report it to ESET as per https://support.eset.com/kb141/ and provide also logs gathered by ESET Log Collector.

The IP address was unblocked yesterday. Next time please follow the instructions at https://support.eset.com/kb141/ to report a FP to ESET.

Please do not ask about that every few days. There are still some tasks (of more than one hundred in total if I remember correctly) pertaining to http2 support to complete.

I've just realized that you have posted in the ESET NOD32 Antivirus forum. The above mentioned solution will only work with firewall-enabled products, ie. ESET Internet Security and ESET Smart Security Premium.

You could accomplish this as follows: 1, Create a new firewall profile (e.g. "Unprotected wifi profile") 2, Create a new fw rule blocking all communication with the profile set to the profile you created in step 1. 3, Move the blocking rule on top of other rules (you may need to enable display of default built-in rules) 4, Create a new network in the Known networks list and assign it the firewall profile created in step 1: 5, On the Network identification tab, enable the following parameters which will be used to identify unprotected wifi networks:

Please elaborate more on what you mean by "managing password protection on scanning".

You can disable application updates in the advanced setup. However, we don't recommend doing so since only keeping the product up to date will ensure maximum protection against newly emerging threats and only new versions with new and improved protection features are able to keep pace with ever evolving threats. As for v11, it's more like a facelift of v10 with a lot of bugs under the hood fixed. One of the biggest advantages of v11.1 are streamed updates which enable it to protect users from newly emerging threats better than ever. Protection will be improved even further with future versions that will bring new protection features. If you have any specific issues that prevent you from upgrading to latest versions, we'd like to hear about them and possibly address them so that you can upgrade without concerns and benefit from all that new versions bring.

If possible, temporarily uninstall ESET NOD32 Antivirus, install ESET Internet Security (EIS) and activate a trial version. With EIS installed, enable creation of advanced logs as follows: Next reboot the machine. After the reboot, disable logging and gather logs with ESET Log Collector again. After we have pinpointed the issue, you can downgrade to EAV through "Change product" in the "Help and support" section and reactivate it using your paid license by clicking "Change license" and entering your license key.