[HIPS V1320-20180516 - all of a sudden content of field 'operation' always 'unknown operation'!]

I've filed a bug ticket for developers since the issue is easily reproducible.

[Eset Internet Security issue in Windows 10 version 1803.]

9 hours ago, eHM said:

Windows 10 64bit (latest build from catalog) here, security runs however downloads don't install properly they hang on the last percentage. cause anything attempting to access said location to crash.

Please contact customer care and provide step-by-step instructions how to reproduce the issue  as well as logs gathered by ESET Log Collector. Also share the steps with us here so that we can try to reproduce it and look into it as well.

[Change "Password protected setup" Password]

Please make sure that the policy with the changed password is actually applied. I'd enforce this setting to ensure that it's not overridden by another policy:

[What Does Eset Do With Suspicious Files?]

Files evaluated by ESET products as suspicious for whatever reason (e.g. they look similar to known malware) are replicated automatically after they are submitted. If they turn out to be malicious, a detection is added either automatically or manually by detection engineers. Such file is also blacklisted in LiveGrid if possible so that all users with LiveGrid enabled can benefit from it and be protected within a few minutes.

As for manual submissions, if we spot a suspicious file submitted manually via the built-in form, we check it. However, since there are too many irrelevant files submitted (clean files, media files, etc.), we don't recommend using this way for submitting suspicious files. Instead, please follow the instructions at https://support.eset.com/kb141.

[Uninstall causes BSOD]

Should the issue persist, please configure Windows to generate complete memory dump as per the instructions at https://support.eset.com/kb380/. After the system crashes and the system restarts, compress the dump and supply it to ESET for analysis.

[Infection Alert - Log Results Are not Clear]

"Unable to clean" is reported also in cases with insufficient privileges or if the file has been moved before ESET could clean it which could be this case given the folder name C:\Users\dcombs\Downloads.

We'd need to get a Procmon log with advanced output enabled from the time when ESET is attempting to clean it as well as logs gathered by ELC as advised above by JamesR.

"Archive damaged" messages are reported on archives that are either damaged or they are extremely large. Check if the size of the archives is in GB.

[ESET File Security for Linux/BSD PAC agent exlusion]

Wildcards can be used only in file names at the end of the path, ie. not to substitute folder names unless a specific threat you want not to be detected is specified.

Why is it a problem if /home/*/.ssh is scanned? How many folders are under the /home folder? If you don't use a wildcard, does the exclusion work alright?

[HIPS V1320-20180516 - all of a sudden content of field 'operation' always 'unknown operation'!]

Those records are likely logged only if you have logging of all blocked operations enabled. It serves for troubleshooting HIPS-related issues and should remain otherwise disabled. Enabling it may cause performance issues and may unnecessarily waste disk space.

[eset premium]

First of all, since this is an English forum we kindly ask you to post in English so that moderators and other users understand you and can respond accurately.

As for your question, VPN is not a standard feature provided by antivirus programs. As I have seen, it's mainly provided as a stand-alone product approximately for the same price as antivirus itself. Currently there are no plans to sell a separate VPN solution.

[eset product is installed but not running?]

After installing Endpoint on clients, it should be up and running alright after activation. If not and some errors are reported on the main screen, the best course of action would be to gather logs with ESET Log Collector and providing the generated zip file to customer care for analysis. You can also provide the archive to me and in case the cause of issues is obvious, I'd let you know how to fix it.

[Live view of blocked connections]

You can see blocked communications in Connected Home Monitor or in the Firewall troubleshooting wizard. If a particular communication was blocked and was logged, it's also possible to unblock it through the context menu after right-clicking the appropriate record in the firewall log.

[Virus keep coming back?]

What version of MS do you use? Do you have all critical updates for MS Office installed?

Please drop me a message with logs gathered by ESET Log Collector attached.

[Outlook add-in problem]

On 5/29/2018 at 7:12 PM, Nobaly said:

The problem startet when we started to digitally sign and encrypt (COMODO certificate) mails. All replies (and only the replies) which are signed or encrypted are going out as completely empty mails (even without subject). When I disable scanning of Sent Mails in NOD32 the problem is gone.

This is most likely a different issue than the one discussed in this topic. At least I assume that no one of the above users sign outgoing email; at least it was not explicitly mentioned. Keeping scanning of sent email off is basically safe since any file you attach to an email is scanned by real-time protection with the exception of archives. We are currently in the process of revamping the plug-in and the new version will address several issues. There's a good chance it will fix also this one. The new plug-in should be included in Endpoint v7.1.

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

13 minutes ago, ilyak said:

Is ESMC a replacement for ERA or will work in conjunction with it?

ERA v7+ will be called ESET Security Management Center.

[Remote uninstall of ESET Endpoint Antivirus]

It shouldn't be possible to uninstall any AV software easily via scripting. Otherwise any malware or attacker could do that to disable protection first prior to performing other malicious actions. Since you mentioned that ERA Agent was installed, did you try uninstalling ESET via ERA ?

[Add MDM role to existing ERA appliance?]

To my best knowledge this is not possible. It wouldn't make much sense anyways since both products are resource intensive with the rising number of devices and with the growing amount of data they have to send to ERAS.

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

4 minutes ago, ilyak said:

Description: Global variables for notifications

This is already implemented in ESMC that will be unveiled in a few weeks

[Re-check alerts manually?]

Please check details of the client and check when it connected to ERAS last time. If too long ago, try sending a wake-up task to enforce connection to ERAS. If that doesn't help, check the ERA Agent log status.html on the client for possible errors.

[http2 support]

Support for HTTP2 will be added later this year.

[how to unblock app]

For anyone who has accidentally blocked a web camera, Webcam protection rules can be configured in the advanced setup -> Device Control -> Webcam protection -> Rules.

[Windows 10 Spring Creators Update and Nod32 AV]

1 hour ago, Chris Todd said:

After ther last Windows 10 update to   Version 1803 (OS Build17134.48)  I get this message ...

If you are using a 32-bit Windows 10, then it's a known issue which is being investigated by Microsoft. Rebooting the machine should fix it for a while. You can try disabling protected service and rebooting the machine which usually mitigates the issue. I'd recommend upgrading to 64-bit Windows 10, if possible.

[100% disc]

Do you have the latest version 11.1.54 installed? Does the problem persist after uninstalling EAV and installing the latest version from scratch using default settings? Does pausing real-time protection make a difference?

[Gamer mode doesn't activate automatically]

I'm not sure if multi-monitor systems are supported by gamer mode if the screen is not stretched to all monitors. I'd suggest contacting customer care and creating a regular support ticket.

[Anti-phishing protection and network protection non functiional after 11.1.54.0 release]

Unfortunately, the relevant log contained too little information for some reason. Try creating advanced logs again but wait at least 2-3 minutes after Windows starts before you disable advanced logging. It will be enough to provide just EPFW.etl from the C:\ProgramData\ESET\ESET Security\Diagnostics folder.

[Windows 10 Spring Creators Update and Nod32 AV]

1 minute ago, FGol said:

Is ESET working with MS to figure this out? At the place I support, there are three computers (and will be more as the Spring update rolls out) running Windows Pro 32bit and NOD32 11.1.54 getting the security alert "Antivirus function not functional" message from ESET. Disabling HIPS and restarting doesn't help; we still get the not functional alert along with an alert that HIPS is turned off.

Yes, we have reached out to Microsoft and provided them with all stuff they requested for investigation. Some other AV vendors been reporting more severe issues after upgrade to v1803 and Microsoft allegedly temporarily stopped providing the update to their users while the issue is being investigated.