Marcos

Both Endpoint v7 and ESMC (ERA v7) are going to be released soon (H2/2018).

If the computers are completely offline (ie. connection to ESET's servers is not possible even via an http proxy with connections restricted to ESET's servers), activate them using an offline license file. For information how to generate an offline license file, please refer to https://help.eset.com/ela/en-US/downloading_offline_legacy_licenses.html. On a computer with Internet connection, use the Mirror tool to create a local mirror (https://help.eset.com/era_install/65/en-US/mirror_tool_linux.html?mirror_tool_windows.html). You can transfer its content to a computer that is accessible from the offline computers and point them to update either from a share or use a simple http server to provide the mirror content via http.

It appears that the malware has been removed so the domain will be unblocked momentarily.

All files in the installation folder (C:\Program Files\ESET) are important for the installed ESET's product to work. You can try disabling creation of module snapshots which may save quite a lot of space:

Albeit Endpoint v5 is manageable by ERA v6, I reckon that ERA Agent won't install on Windows 2000. In prerequisites Windows Server 2003 is listed. Therefore a temporary solution would be to use Endpoint v5 and ERA v5 for managing these machines.

Are you able to reproduce the error? If so, how often does it occur?

Please contact your local distributor from whom you purchased your license. They should be able to provide you with a username and password assigned to your license.

Create a rule blocking all communication. Then create a permissive rule for Thunderbird and move that rule on the top.

Did you restart the computer after upgrade to v11.1? I mean a true restart (e.g. by clicking "Restart computer" in ESET's gui), not a hybrid one via the Start menu. Try restarting the computer via "shutdown -r -t0" and let us know if the issue goes away. Does uninstalling v11.1 and installing it from scratch resolve the issue?

You have already opened a topic on this subject at https://forum.eset.com/topic/15764-replace-expired-certificate/. You wrote that you had exported the ini file for use with deployment via GPO. Do you mean that if you re-deploy agent via GPO utilizing the ini file to machines without agent installed results in an invalid peer certificate error and the time of occurrence in the ERA console is current? If agent was not uninstalled, uninstall it via GPO and re-deploy agent while utilizing a correct ini file with currently used certificates.

Did you configure your network as home/office when detected after installation of EIS? You can check that in the advanced setup -> Firewall -> Known networks. If that's not an issue, run the firewall troubleshooting wizard which will give you a list of recently blocked communications with an option to create the appropriate permissive rule easily.

I'd suggest contacting Customer Care. Parental Control on my mobile phone has been using < 2% of battery so it even doesn't appear in the list of applications with highest battery usage. Currently it's showing 0,01% per hour.

Please post a screen shot of the dialog that popped up. Also provide step-by-step instructions how you created the usb stick so that we could try to reproduce it.

Yes, Advanced memory scanner scans memory upon execution to detect and block malware that somebody re-compiled and changed the enveloped to evade detection by traditional on-demand scanners. ESET is the first AV vendor that has integrated a UEFI scanner into AV products for both business and home users. As for fileless malware, ESET also scans the registry and WMI repository.

Next-gen is nothing new, it's rather a buzzword. I'd strongly recommend reading https://www.welivesecurity.com/2017/02/13/next-gen-security-software-myths-marketing/ to find out what is behind. If you want to read more about machine learning, read https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/. At https://www.eset.com/int/about/technology/ you can read about various technologies developed by ESET that work on different layers to protect your computer even if malware writers bypass a particular layer.

Please provide me with logs gathered by ESET Log Collector. Also report the issue to your local customer care since this forum is not meant to be a support channel that would allow for tracking particular cases.

The errors were logged only once. Are you experiencing the issue frequently? If you are able to reproduce it, we'd need a complete memory dump from such state as well as ELC logs with a registry dump included.

In the advanced setup -> Web and email -> Protocol filtering, you can exclude applications or IP addressed from protocol filtering.

What version of ESET do you use? What operating system?

It's clearly a phishing:

Did you try disabling IMAP(S) scanning and leaving only Outlook plug-in enabled? What IMAP server do you use?

You can use MySQL as well.

It was added in v11.1. It's an auxiliary service for internal purposes.

After installing ERA Server, you can find the CA under Admin -> Certificates from where you can export the public key:

If you run the batch file via the commandline console, it must be detected on access. Of course if you don't run the batch file directly but only use some of the commands inside, that won't be detected since we cannot detect legitimate system tools.