Marcos

If you have v11 installed,it should update automatically without popping out any notification.

The problem had been there even before, it's just that we didn't notify about it. As a result, it could happen that Windows Defender ran simultaneously and the user didn't have any indication about issues in ESET's gui. I'd recommend contacting customer care so that the case is properly tracked and can be looked into by developers.

If you run sysinpector.exe, you'll see there's no such option, probably mainly due to security reasons. Also running an unsigned service script requires confirmation from the user via gui.

Your license for consumer product ESS/EIS doesn't entitle you to active ESET File Security for MS Windows servers. Please contact your local distributor.

I have replied to this in the topic you quoted. ESET had detected Filecoder.Crysis for months before the user got infected. That happened most likely because RDP was not properly secured and virtually anybody could get into the system with administrative rights and disable ESET easily prior to running the ransomware. However, the fact that RDP was not configured properly in no way means that ESET failed to protect the user. General advice: - disable RDP if not really needed, or limit its use to users who really need it - make sure users with RDP access don't use weak passwords that are easy to guess or bruteforce - use RDP only within VPN - use 2FA - restrict RDP to specific IP addresses or ranges on a firewall - keep the OS and all applications updated, regularly install critical security updates - use the latest version of the ESET Security product (preferably ESET Endpoint Security with the Network protection module to protect machines from exploits coming from unpatched computers and exploiting vulnerabilities in network protocols to proliferate over LAN) - use default settings of your ESET Security product and customize settings only if you are aware of the impact on security (otherwise consult it with customer care first) - enable detection of potentially unsafe applications to prevent ESET from being disabled - protect ESET settings with a password I kindly ask anybody to stay on topic. Any unrelated posts may be removed or moved elsewhere.

Don't pick just the sentence that suits you best without quoting the rest: " In vast majority of cases it is that the user hasn't applied security measures and RDP is allowed for every user even if a strong password is not used. " If one doesn't pay attention to locking a car which would also turn on the car alarm and a thief steals the car, then it's not the fault of the vendor of the alarm that the car was stolen. In case of Filecoder.Crysis which was also reported by the OP you quoted, we find out that the ransomware had been recognized by ESET for months before users got infected simply because the users didn't pay enough attention to security and let virtually anybody connect via RDP easily and with admin rights do whatever they wanted to, including disabling or uninstalling the AV and subsequently running ransomware. Since everything has been said and to prevent further bashing and ranting, we'll draw this topic to a close. We are open to constructive discussion and criticism as well if there's a reason for it, however, trolling in our forum will not be tolerated. Discussions must be reasonable, polite and without ranting and personal attacks.

If uninstallation from ERA fails, are you able to uninstall EES manually on the client? If not, you'll need to resort to uninstalling it in safe mode using the Uninstall tool. As for using ESET Endpoint Antivirus vs ESET Endpoint Security, I'd strongly recommend upgrading your license to the latter and keep EES installed. Unlike EEA, EES protects machines from threats exploiting vulnerabilities in network protocols and therefore can stop new threats originating from unpatched systems from infecting them.

First of all, please check if the time of the last connection is more-less current and that agent is still connecting to ERAS. Did you uninstall ESET Endpoint Security and reboot the machine prior to sending a new software install task? By the way, downgrading from EES to EEA is not a good move. EES provides also Network protection layer which protects the machine from various exploits in network protocols. For instance, it had protected ESET users for 2 weeks already from the EternaBlue SMBv1 exploit when the infamous WannaCry outbreak occurred and millions of machines in the world got encrypted. On the contrary, ESET Endpoint Antivirus does not provide this level of protection.

We recommend deploying agent via GPO or an all-in-one installer via the ERA Deployment tool where deployment via psexec is provided as an option.

Files with the arrow extension were encrypted by Filecoder.Crysis. Unfortunately, decryption is not possible. It is common that Filecoder.Crysis is run by attackers after performing a bruteforce RDP attack on a system and getting in with administrator rights. Subsequently they either disable or remove the security product in order to be able to run ransomware and encrypt files. I will drop you a personal message with further instructions shortly. If you had important files which were encrypted, we suggest keeping them in case that decryption would be possible in the future.

The reason why it pays off investing into a good AV is that such vendor has more resources not only for paying gui programmers but also also for investing into research and development. And ESET has increased investments into R&D in recent years a lot. Another advantage of a paid AV is that users receive technical support. In our country, in urgent matters even developers can pay a visit to VIP customers having issues that are not reproducible in-house. Also remember that the more computers an AV is installed on, the more attractive it is for malware writers since focusing on that AV will enable them target more victims with less effort. And by the way, this is a new malware that I've just run into and that was dropped by TeamViewer, probably misused by an attacker. Names of other AVs were removed except the first letter. Of course the results don't tell if it would be detected upon execution or if the payload would be detected but it at least tells something about detection capabilities on systems where malware is not executed (e.g. mail servers, gateways, etc.). ESET Win32/TrojanDownloader.Nymaim.BA trojan S clean A clean M clean D clean B clean A clean A clean K clean

Why do you need that version? It contains bugs and suffers from issues that were fixed in later builds.

AS from boot means that Anti-Stealth was started with the start of the OS and was not loaded by SysInspector itself.

First of all, there's no security solution that would detect 100% of malware. You could pick an AV with 100% detection in tests and sooner or later you could get infected. Real world and tests are different things and what matters is how an AV performs in real world. On behalf of ESET I can say that I hardly recall a malware-related ticket where the infection was caused by ESET letting malware in. In vast majority of cases it is that the user hasn't applied security measures and RDP is allowed for every user even if a strong password is not used. Secondly, there is nothing like free AV. You "pay" for it e.g. by displaying ads, limited settings, features, or the price is included in the price of the OS.

A couple of inappropriate posts were removed.

Kedze uloha sa vykonava o 2 hod. rano, bezi v tomto case system? Nie je nahodou v hibernation/ sleep / stand-by mode?

Please submit the whole zip file to ESET as per the instructions at https://support.eset.com/kb141.

I'm unable to reproduce it with Chrome v"67.0.3396.87 (Official Build) (64-bit)" and ESET Endpoint Antivirus 6.6.2078.5. If anybody knows how, please let us know.

Basically all you need to do is send a Remote administrator components upgrade task. Only to upgrade non-ESET components like Apache HTTP Proxy or Tomcat, it takes more steps to upgrade them.

Installing RDS in each of the subnets should do the trick.

That's because "[" is followed by an underscore "_" so it looks like "[_" then.

Do these machines update from a mirror or from ESET's servers? If from a mirror, how is it created? With Endpoint 6.6 or using the Mirror tool? If they update from ESET's servers, do you use a proxy server? Besides the error "module update failed" there should be also additional information about the cause of the failure displayed, e.g. Server not found:

This can happen in ultra power saving mode or when you have an aggressive power-saving application installed. When reporting issues on Android, please always include information about your phone (brand, type) as well as what version of Android you have installed.

Blocking rules are never created automatically. I assume you are using interactive firewall mode and when you were asked to allow or deny/block the communication, you chose deny and also checked the option to create a rule. If you delete such rule, it won't do any harm. Only if the application was installed and the same communication was attempted, you'd be asked to select the action again. You could simply not choose to create a rule when running an installer if you know that you won't run it again any time soon.

You can only hide the icon ("minimal" start mode) or gui completely ("silent" start mode).