Marcos

1, From the ERA console you send a product activation task where you also select a license to be used for activation. Make sure that you have added your license in Admin -> License management: 2, You receive a license key shortly after the purchase within a registration email. It doesn't matter if you activate Endpoint manually on a client or from ERA.

A computer restart is needed after uninstallation or upgrade in order for drivers that are loaded to be removed. Do that during the regular server maintenance if the server cannot be restarted.

I'm sorry, it was a typo. The latest version is 11.1.54. V11.2.49 is being distributed to users with pre-release updates and will be released for the general public within the next few days.

Sometimes ESET can upload files with a suspicious behavior or characteristics to LiveGrid. However, it should upload dozens of MB and exhaust the bandwidth for a longer time. Do you know by chance what server it was connected to?

To accomplish that, after creating the necessary rules switch the fw to the policy-based mode.

What operating system do you use? If Windows XP, any http(s), pop3(s) and imap(s) communication appears to the system and other applications as it was coming from ekrn since it works as a local proxy for filtering the communication.

I for one don't think that having a rule with no source and target applications selected but limited to specific operations should be considered too general.

As Cyberhash wrote, ESET's firewall is not just as simple as the Windows firewall. Not only can ESET protection modules communicate with each other, providing the others with information contributing to better detection and protection, but the ESET firewall also provides Botnet and Network protection modules. That said, even if malware bypassed all protection layers, the firewall can identify it based on the communication protocol which is not that easy to update to evade detection. Also in network environment, Network protection protects the system from malicious exploits in network communication protocols such as SMBv1. As a result, it protected our users from the infamous WannaCry ransomware spreading from unpatched computers already at the network layer.

Version 11.2.49 is currently available only as a program update for those with pre-release updates enabled. It will be released as an installer within the next few days. Of course, it won't solve issues you are probably having with Windows 10 Insider Preview since it's Windows itself that needs to be updated in order for the issue to go away.

Do you mean this is somehow related to ESET?

ESET cleaned malware from the registry since the first version for Windows was introduced years ago and the cleaning has been gradually improved over the years.

It's not possible to wait with execution for several minutes, otherwise the system could become unusable. That will work only with mail servers and scanning email attachments.

Uninstall it and install the latest release version. The best would be if we could get a complete memory dump from a crash so that we can determine the cause of the crash. If nobody else will report issues, v11.2.49 will be released as is. Therefore we would appreciate if you could cooperate on this matter.

Do you have at least a kernel memory dump if not a complete dump from the crash? Does the machine crash again after a reboot?

Please contact your local customer care so that a regular support ticket is created and that it can be tracked properly.

The latest version of ESET Internet Security is 11.1.57. If you are using the Insider Preview version, please post in the appropriate subforum. Edit: You most likely have pre-release updates enabled where upgrade to v11.2.49.0 is being offered.

Locally files are scanned by advanced heuristics, ie. they are run in a virtual environment. With EDTD, suspicious files will be upload to an actual EDTD sandbox in cloud where they will be run. Besides the sandbox analysis, our EDTD system will also leverage cyberthreat intelligence data that we have gathered worldwide when assessing the dangerousness of a sample.

If you want to report a suggestion for home products, post it in this topic: https://forum.eset.com/topic/51-future-changes-to-eset-internet-security-and-eset-smart-security-premium/

I will try to find out. 3 slashes are actually used to point to a file on a local disk so I was wrong.

Do you mean a kind of light ERA in cloud for smaller companies?

Typically licenses are not renewed automatically. To my best knowledge, in our country it's not possible at all except some special deals with a mobile carrier. I'd strongly recommend contacting ESET UK to find out what's going on. You can also drop me a personal message with your public license ID so that I can check your current license status.

This is the official ESET's statement on the subject: “ESET have been working with Microsoft and the block will be removed in next weeks’ fast insider build. On occasion blocks are implemented to avoid compatibility issues with outdated versions of ESET products and particular scenarios with the OS. In this particular case a block was incorrectly implemented generically in the insider build and is being removed.”

It is neither a false positive nor malware but a potentially unwanted application. For information what PUAs are, please refer to https://support.eset.com/kb2629/. It is at users' discretion if they enable PUA detection or not. If you think that benefits of using a particular PUA outweigh possible risk, you can exclude a particular PUA from detection by expanding the yellow alert window and selecting "Exclude signature from detection".

Please capture the network communication with Wireshark while running the Mirror tool and provide the generated pcap log for analysis.

Yes. On the client side we leverage multiple technologies at various layers to prevent infection. While it's easy to bypass one layer, it's much more difficult for malware authors to bypass more of them. For more details about technologies that ESET developed to protect you, please read https://www.eset.com/int/about/technology/ Also we're going to unveil a brand new EDR solution aimed at protection against targeted attacks - ESET Enterprise Inspector which gives administrators visibility into what has been going on in their network, gives them an overview of suspicious operations typically performed by malware and enables them to take the appropriate action accordingly. Also it provides detailed and visualized information about how a particular process or script was executed. Hand in hand with the introduction of EEI, we are also going to provide EEI-based services ESET Threat Hunting and ESET Threat Monitoring for organizations that don't have their own staff for monitoring security in their network or for performing forensic analysis and finding out the infection vector in case of security incidents. Another service that ESET already provides is ESET Threat Intelligence which leverages intelligence information gathered worldwide. This can be used for instance by financial institutions for monitoring new threats and phishing targeting their clients as the ability to submit files and have them thoroughly be analyzed in ESET's sandbox while leveraging machine learning and other techniques. For more information, please read https://www.eset.com/int/business/it-security-services/threat-intelligence/. With the release of Endpoint v7, we are also going to introduce ESET Dynanic Threat Defense (EDTD) which is a service that submits suspicious files from endpoints to ESET's sandbox and provides a timely response to the client about the result. Administrators will see a list of submitted files along with further information about them and the result of analysis in the ESET Security Management Console (currently called ERA). What files will be submitted is fully customizable by administrators, with an option to delete submitted files from ESET's servers immediately or after some time. EDTD will enable mail server products to first analyze suspicious attachments in ESET's cloud sandbox and only then deliver emails to clients.