Marcos

Since Insider Preview builds are a kind of beta versions, one must take into account that newer IP builds may introduce new issues. These builds should not be used on production systems where stability and security matters. We don't recommend using pre-release updates on critical systems either. If you want to use a stable system, use standard Windows 10 builds where both Microsoft and 3rd party vendors declare 100% compatibility.

Yes. It's already discussed at https://forum.eset.com/topic/15949-hips-cannot-communicate-with-driver/ so please continue the discussion there.

Are you positive that you are not using Windows 10 Insider Preview builds?

Please upload the files to DropBox, OneDrive, etc. and drop me a private message with download links.

Unfortunately no, only English. You can use an online translator but it looks like your English is quite good so no worries. Please manually generate a complete memory dump at a point when the issue occurs as per the instructions at https://support.eset.com/kb380. When done, compress the dump, collect logs with ELC, upload both archives to a safe location and drop me a private message with download links.

Please create a complete memory dump from time when the issue occurs as per https://support.eset.com/kb380 and also collect logs with ESET Log Collector. When done, compress the memory dump, upload both archives to a safe location and drop me a private message with download links.

Does temporarily pausing real-time protection make a difference? To start off please provide ELC logs.

It should be possible: 1, Enable display of pre-defined rules in the firewall rule editor 2, Create a permissive DNS rule for desired applications and put it on the top of the rule list. 3, Create a blocking DNS rule without any applications specified and put it below the above rule.

1, You can delete the content of the mirror manually if you want but I don't see any reason for doing so. 2, Why do you want to delete update files from a mirror at all? If you don't want to use a mirror any more, you can delete it. 3, You should keep at least 300-500 MB of free disk space for compilation of modules.

I strongly doubt that it would work without admin rights and that it is not detected by ESET. If not detected, please drop me a private message with details.

A couple of offensive posts were removed. @mahmood.hashmabady, please refrain from personal attacks and do not use offensive tone in your posts next time. Since it was confirmed by the OP that the issue was resolved, we'll draw this topic to a close.

First of all, the license is non-transferable, ie. you can only purchase a new license from a reseller or distributor, not from a 3rd person. If you purchase a license from the Chinese distributor, they will also provide you with support and assistance. Only in case you purchased through a distributor in a different country and you moved afterwards, they can transfer the license to your new local distributor. I'm afraid we cannot help you any more. Return the license to the person who sold it to you and purchase a new license from your local distributor.

Please refer to https://forum.eset.com/topic/15949-hips-cannot-communicate-with-driver/. All recent Insider Preview builds are affected.

Please collect logs with ESET Log Collector and drop me a personal message with the generated archive attached. If it's too big, upload it to a safe location and provide me with a download link.

Please check your system date and make sure it's correct.

While eicar is a test file with an exact definition that virtually all AV vendors agreed to detect for testing purposes, RanSim is a tool created by a particular company that does not do actual harm. Definition of eicar (http://www.eicar.org/86-0-Intended-use.html? ... it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* On the other, RanSim tries to simulate of of zillions of ways of encryption. Given that there's no standard defined for detection of ransomware behavior (it'd be useless anyways since malware authors use different ways of encryption to avoid detection), applications that seemingly pass these test may miserably fail in real world when it comes to protection from real ransomware. The lesson to learn is, do not put trust into simulators but real world tests. Since everything has been said and explained in the above topic, we'll draw this one to a close.

Do you use Windows 10 Insider Preview ? If so, the issue is already being discussed at https://forum.eset.com/topic/15949-hips-cannot-communicate-with-driver/.

Please don't take it as a solution but rather an attempt to narrow it down before we continue troubleshooting the issue further.

By registration email address I meant the owner's address. By entering a license key one logs in as an owner of the license whereas a security admin may have limited permissions. Clicking "Forgotten password" will ask the user for the license registration email address that we have on records (ie. the address provided during license purchase). If the email address does not exist any more (e.g. if an administrator has already left the company), it is necessary to contact the reseller or distributor who sold the license to update the email address.

Did you log in to my.eset.com and unmarked the device as missing? I reckon that it may take up to several hours for the device to connect with ESET's AT servers to obtain the information about the missing status. Do you have the latest version of EIS 11.2.49 installed or an older one (11.0, v10) ? Is the tablet currently connected to the network via wi-fi or 3G? Has the device appeared in the AT portal? Didn't you remove it from there without marking it as not missing? According to the data we have, there's only "Samsung SM-T819Y" registered in the AT portal. Is that the former tablet you lost? It appears to be running on Android so EIS could not have been installed, only EMS (ESET Mobile Security). Please clarify.

Does disabling Connected Home Monitor in the firewall setup make a difference? If not, try disabling Network attack protection and Botnet protection as well.

Please let us know if you can reproduce it with default settings. Carry on as follows: - export your configuration - uninstall EIS - install EIS - try to reproduce the issue.

Not sure what the problem could be. No problems here:

I'm getting an alert: https://coinhive.com/lib/coinhive.min.js;JS/CoinMiner.D potentially unwanted application;blocked

Please provide ELC logs as well as Procmon logs from both machines from successful replication of the issue. For instructions how to create a Procmon log, refer to https://support.eset.com/kb6308/. Make sure to enable advanced output in the menu prior to reproducing the issue. When done, upload the logs to a safe location and drop me a personal message with download links.