Marcos

If the license was canceled, please contact the distributor or seller from whom you purchased it.

For cleaning Powershell malware that is either not recognized or not possible to clean by a product for whatever reason, we have a standalone tool that can be used with the assistance of customer care. The malware cleaning service is provided to users with a paid license.

Please post a screen shot of how ESET detects the malware. Also providing relevant details from the Detected threats log would help.

That is correct. Startup scan tasks can be disabled in Scheduler, however, we don't recommend that. As a result, if you had a new malware running in memory and ESET would update modules to recognize it, it might not be recognized until a computer restart. Pausing protection has no effect on startup scans, AMS, etc. It simply pauses real-time protection, web and email protection, document protection, etc.

1, If you mean patch management, we don't offer currently any such products. 2, ESET has had advanced heuristics for ages (for almost 20 years if I remember correctly) which runs scanned files in a virtual environment. This enables generation of so-called DNA genes and extraction of various metadata that subsequently serve to create (X)DNA detections which are basically "descriptions" of the malicious operations the file performs and enables ESET to proactively detect a lot malware initially missed by other on-demand/on-access competitive scanners. 3, The Ransomware shield has been in consumer products since v9. What you mean is a basic protection of folders in which only authorized processes (Office applications) can modify files. There are many such applications made for this purpose and Microsoft also provides such a feature. You can achieve this with simple HIPS rules as well. However, this kind of protection is not effective against malware injected in Office processes or script malware that is run by Office applications. The Ransomware shield provides advanced protection and takes into account many aspects, including cloud information, monitoring running processes for suspicious ransowmare-like behavior, etc.

It's another protection layer. While AMS scans process memory upon execution, the startup scan (available as tasks in scheduler) scans files registered in startup locations and memory after each module update and user's logon.

The problem has turned out to be at Microsoft's part. If we have information when Microsoft is going to address this, we'll let you know.

Since incorrect and misleading information were provided by the OP and "A" vs "B" discussions are not permitted by forum rules (https://forum.eset.com/topic/76-rules-of-the-eset-security-forum/), we'll draw this topic to a close. For instance, the statement " Eset have 2-4 bases update to 94 or 100 viruses" is completely incorrect because we cover dozens of thousands of newly emerging threats on a daily basis which is far from what the OP wrote. Needless to say that most AVs, including the one mentioned by the OP, often add detections after ESET, at least in terms of on-demand/on-access detection.

Maybe this is the reason: "Entry" = "A corruption was discovered in the file system structure on volume E:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. " 11/05/2018 10:07:12 ; The system temp/tmp variables point to e:\temp. Replace disk e: with a new 100% working hdd/sdd or at least try pointing the system temp/tmp variables to c:\windows\temp and carry out a full reboot (e.g. by running "shutdown -r -t 0"). Also run a scan with HD Tune Error Scan on drives e:, s: and t:

The user can create a mirror on a computer with Internet connection and point the client to update from it. For more information, refer to https://support.eset.com/kb3641/.

Not sure what blue ESET window you mean so please post a screen shot for clarification. As far as I know, there is no blue window shown by ESET. Also let us know what ESET product and version you use and what is your version of Windows.

Please provide ELC logs to start off. If you are using Windows 10 Insider Preview build 17704 or newer, this is expected since it's not fully supported yet (will be soon).

1, Taking into account only basic modules that are released with each update (ie. the engine, the rapid response module and the antispam module), the last update was 14,305 + 46,450 + 21,898 bytes, ie. ~83 kB in total. It depends also on other modules that are released at times and also on how many updates a particular client has missed. 2, There are 6 updates during work days, 4 during weekends. 3, If you use an http proxy to cache update files, only the necessary files needed by clients will be downloaded. In an ideal case, with an http proxy in use clients would download ~500 kB + some data for LiveGrid per day in total. 4, I don't understand this question, please elaborate. The recommended configuration are default settings.

You have some old v4.2 drivers running with EES 6.6. How did you upgrade to v6.6? Did you reboot the machine? Was v4.2 previously installed in the default or a custom folder, e.g. on other then the c: drive? I'd suggest uninstalling EES and installing it from scratch. Should the problem persist, after uninstalling EES also run the Uninstall tool in safe mode prior to installing EES from scratch.

Does temporarily disabling the firewall make a difference? Did you mark the detected network as home/office trusted network upon detection?

This forum is rather meant for sharing knowledge and does not substitute contacting customer care. Reports here cannot be tracked and also tackling certain issues may require several iterations with developers during which various logs or dumps may be requested.

Please contact your local customer care to troubleshoot the issue. However, the fact that EP6.3 can update indicates that you have downloaded files for EP6-EP6.5, not for EP6.6 which uses a different format of update files. If you use both older versions of Endpoint and EP6.6, you'll need to create 2 mirrors.

If it's locked because you marked it as missing in the Anti-Theft portal, simply unmark it there.

Try the following: - disable SSL/TLS filtering - reboot the system - without launching any browser, re-enable SSL/TLS filtering

That's not possible. However, for scheduled scans you can choose whether users will be able to pause or cancel them. I for one don't see any sense in having such option; scans would then always end before they are completed if they started at a fixed time and had to be terminated at a fixed time too. Do the users have a lot of big archives or images on disks that scans take more than 7 hours?

Please remove all exclusions seen they are entered incorrectly. A full path must be used and exclusions like *.log will not work but may rather cause issues. The ERA CE validator will need to be adjusted to prevent such exclusions from being entered. If you want to exclude the mentioned PUA from detection completely, use an exclusion like this:

Please post the appropriate records from the Detected threats log as well as a screen shot of your exclusion setup.

Isn't it possible to exclude just the IP address of the server or application from protocol filtering?

Does temporarily disabling protocol filtering in the advanced setup make a difference?

With the change of the ISO to isohybrid, we stopped providing a SysRescue medium creator. Use an arbitrary application for that, such as UNetbootin, Etcher, Rufus, etc.