Marcos

We are positive that it's not an issue on our part since Microsoft has already confirmed it.

I think 11.2.x are insider preview versions. By the way, HIPS is version-independent. Also I'm not sure what you mean by "HIPS correction"; there are no big known issues with HIPS currently. If there are any, it's just minor issues that we have logged on files. If you are having issues with Windows 10 Insider Preview builds, you must wait until the bug is addressed by Microsoft.

Does temporarily disabling Self-defense in Endpoint and rebooting the system make a difference?

Would you pay an extra fee for including a backup application? I think that most of home users wouldn't. A lot of users still prefer ESET NOD32 Antivirus to ESET Internet Security although it doesn't detect and block botnet communication and doesn't protect from attacks from unpatched computers in the network, not speaking about comparison of ESET Internet Security to ESET Smart Security Premium which has Password Manager and Disk Encryption modules added.

Files were encrypted by Filecoder.Crysis. Unfortuately, it is not technically possible to decrypt files. This ransomware is known to be run manually by attackers after they make it to a system with administrator rights after performing a bruteforce RDP attack. It is important that you harden RDP, e.g. by using VPN or 2FA. At least you could restrict RDP connections on a firewall to specific IP addresses or ranges. Also users with administrator rights and RDP allowed must not use weak passwords.

On the server there isn't ESET File Security or another real-time AV protection installed?

You have installed a very old version of ESET NOD32 Antivirus. V4 has already reached its end of life and cannot provide sufficient protection against current threats. Please uninstall it and download and install the latest version 6.6. How many machines with this old version you have? Are they managed by ERA v5?

This should be fixed in Windows 10 before reaching RedStone 5.

Also you can try temporarily disabling self-defense in Endpoint and reboot the machine and see if it helps.

Please provide more information about what ESET product / version is installed on clients and the server. If ESET is installed also on the server, does temporarily pausing real-time protection on the server or on a client make a difference?

Check if temporarily disabling protocol filtering in the advanced setup make a difference. If so, please contact your local customer care for further troubleshooting.

Strange, SppExtComObjPatcher.exe was not listed in the ESI log so it's not running and is not registered in autorun locations either.

You don't need to remove ESET. The fact that ESET is reported as incompatible are changes in Chrome 66 with more restrictions to follow in upcoming versions as per https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html. Simply said, if Chrome crashes, it reports any non-Google and non-Microsoft dll injected in Chrome even if the crash was not caused by it. ESET injects a dll into browsers which enables it to scan scripts before they are executed, to perform redirection of bank sites to a secure browser and to harden the secure browser.

1, The cleaning service is paid. If you contact customer care via the web form (https://www.eset.com/int/support/contact/), US support would arrange a remote session with you. 2, I've checked your logs but didn't find any signs of malware infection. I would say that the computer is clean. PowerShell is not running and is not either registered in the system to run automatically. Maybe you could tell a customer care representative during a remote session what you deem suspicious, he or she would explain you why it is normal and that there's no reason to be concerned. In cases when there is malware infection and we are unable to help, it's possible to request a refund within 30 days after the purchase.

After rebooting the machine ESET should re-try importing the root certificate to browsers and the trusted root CA certificate store. Just to make sure that you perform actual reboot and not just a hybrid reboot, run "shutdown -r -t 0". Alternatively this should work: - disable SSL/TLS filtering - reboot the system - without launching any browsers, re-enable SSL/TLS filtering - after a few seconds launch a browser.

Are the computers in the same subnet?

For backup we offer Xopero products who is our partner: https://www.eset.com/int/business/endpoint-security/xopero-backup-recovery/. However, they don't offer a backup solution for home users.

We've already added a detection, it's just that an update has not been released yet. However, users are protected since the url has already been blocked for some time so the payload cannot be downloaded and executed. The payload is also detected: 8.exe » NSIS » panamas.dll - a variant of Win32/Injector.DZDQ trojan

Do you create the mirror on a local disk?

ELC generates a zip file so you don't have to zip it again. If it's too big, upload it to OneDrive, DropBox, etc. and provide a download link.

@dontdrama Please gather logs with ELC and provide the generated zip archive.

To start off, how do you know that your computer is infected? After you've installed ESET and modules were updated to the latest version, did ESET detect some malware but was unable to clean it?

The malware was removed so the website will be unblocked momentarily. Next time please follow the instructions at https://support.eset.com/kb141.

Unfortunately you didn't mention what version of EAV for Linux you use. Are you having this issue with the latest version 4.0.90?

Please follow my advice above. Only the seller should know the exact reason of cancellation.