Marcos

If you have Endpoint installed on the machine, does uninstallation work after temporarily disabling self-defense and rebooting the machine? Is the ERA Agent still listed as running among running processes?

LiveGrid is an online system so it won't work if computers have no Internet connection. If you used an http proxy with Internet access restricted to ESET's servers, it'd work. As for PCUs, we haven't released any for Endpoint and server products since they are prone to failures. In the future, we should As for creating a full repository, I wouldn't recommend doing that as all installers would be downloaded which is about 20 GB. Just download the installers you need and make them accessible via a simple http server for instance.

For a list of addresses of ESET's servers and ports that need to be opened on a firewall, please refer to https://support.eset.com/kb332/ (may not be 100% accurate at all times). Here is a list of rules from httpd.conf used by ESET's HTTP Proxy:

In my opinion, all that needs to be done is to update the expression verifier so that it prevents entering file names without paths to the process exclusion list or using wildcards in file paths in rules.

Clicking "Sign in" will open a login web page with an option to reset the password ("Forgot password" link).

There are 2 automatic startup scan tasks that would detect any malware in memory or autorun locations.

@Pamq and @Rod_Grant, did a complete system restart as suggested above resolve the issue for you?

Both Endpoint v7 and ESMC (ERA v7) are going to be released soon (H2/2018).

If the computers are completely offline (ie. connection to ESET's servers is not possible even via an http proxy with connections restricted to ESET's servers), activate them using an offline license file. For information how to generate an offline license file, please refer to https://help.eset.com/ela/en-US/downloading_offline_legacy_licenses.html. On a computer with Internet connection, use the Mirror tool to create a local mirror (https://help.eset.com/era_install/65/en-US/mirror_tool_linux.html?mirror_tool_windows.html). You can transfer its content to a computer that is accessible from the offline computers and point them to update either from a share or use a simple http server to provide the mirror content via http.

It appears that the malware has been removed so the domain will be unblocked momentarily.

All files in the installation folder (C:\Program Files\ESET) are important for the installed ESET's product to work. You can try disabling creation of module snapshots which may save quite a lot of space:

Albeit Endpoint v5 is manageable by ERA v6, I reckon that ERA Agent won't install on Windows 2000. In prerequisites Windows Server 2003 is listed. Therefore a temporary solution would be to use Endpoint v5 and ERA v5 for managing these machines.

Are you able to reproduce the error? If so, how often does it occur?

Please contact your local distributor from whom you purchased your license. They should be able to provide you with a username and password assigned to your license.

Create a rule blocking all communication. Then create a permissive rule for Thunderbird and move that rule on the top.

Did you restart the computer after upgrade to v11.1? I mean a true restart (e.g. by clicking "Restart computer" in ESET's gui), not a hybrid one via the Start menu. Try restarting the computer via "shutdown -r -t0" and let us know if the issue goes away. Does uninstalling v11.1 and installing it from scratch resolve the issue?

You have already opened a topic on this subject at https://forum.eset.com/topic/15764-replace-expired-certificate/. You wrote that you had exported the ini file for use with deployment via GPO. Do you mean that if you re-deploy agent via GPO utilizing the ini file to machines without agent installed results in an invalid peer certificate error and the time of occurrence in the ERA console is current? If agent was not uninstalled, uninstall it via GPO and re-deploy agent while utilizing a correct ini file with currently used certificates.

Did you configure your network as home/office when detected after installation of EIS? You can check that in the advanced setup -> Firewall -> Known networks. If that's not an issue, run the firewall troubleshooting wizard which will give you a list of recently blocked communications with an option to create the appropriate permissive rule easily.

I'd suggest contacting Customer Care. Parental Control on my mobile phone has been using < 2% of battery so it even doesn't appear in the list of applications with highest battery usage. Currently it's showing 0,01% per hour.

Please post a screen shot of the dialog that popped up. Also provide step-by-step instructions how you created the usb stick so that we could try to reproduce it.

Yes, Advanced memory scanner scans memory upon execution to detect and block malware that somebody re-compiled and changed the enveloped to evade detection by traditional on-demand scanners. ESET is the first AV vendor that has integrated a UEFI scanner into AV products for both business and home users. As for fileless malware, ESET also scans the registry and WMI repository.

Next-gen is nothing new, it's rather a buzzword. I'd strongly recommend reading https://www.welivesecurity.com/2017/02/13/next-gen-security-software-myths-marketing/ to find out what is behind. If you want to read more about machine learning, read https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/. At https://www.eset.com/int/about/technology/ you can read about various technologies developed by ESET that work on different layers to protect your computer even if malware writers bypass a particular layer.

Please provide me with logs gathered by ESET Log Collector. Also report the issue to your local customer care since this forum is not meant to be a support channel that would allow for tracking particular cases.

The errors were logged only once. Are you experiencing the issue frequently? If you are able to reproduce it, we'd need a complete memory dump from such state as well as ELC logs with a registry dump included.

In the advanced setup -> Web and email -> Protocol filtering, you can exclude applications or IP addressed from protocol filtering.