Marcos

What version of ESET do you use? What operating system?

It's clearly a phishing:

Did you try disabling IMAP(S) scanning and leaving only Outlook plug-in enabled? What IMAP server do you use?

You can use MySQL as well.

It was added in v11.1. It's an auxiliary service for internal purposes.

After installing ERA Server, you can find the CA under Admin -> Certificates from where you can export the public key:

If you run the batch file via the commandline console, it must be detected on access. Of course if you don't run the batch file directly but only use some of the commands inside, that won't be detected since we cannot detect legitimate system tools.

The version v4.0.88 provided above is for home users, ie. it's not EAV Business Edition which can be managed by ERA. If everything goes well, v4.0.89 for both home and business users will be released next week.

Please provide us with your ticket number so that we can check the status of the ticket with colleagues from our US branch ESET, LLC.

Since you have opted for detection of potentially unsafe applications - PUsA (detection is disabled by default), no wonder that a pot. unsafe application was detected. You can either disable PUsA detection completely (not recommended) or upon detection expand Advanced options, select "Exclude signature from detection" and select No action.

I don't think that we flagged Notepad as PUA. Otherwise it would have been Notepad which would have been deleted and not the .bat file.

Check the firewall troubleshooting wizard or Connected Home Monitor for a list of recently blocked communications from where you can enable a specific communication easily.

Dobry den, nemate nahodou zapnuty Anti-Theft, ktory oi. funguje aj tak, ze vytvara tzv. fantomovy ucet, do ktoreho system prihlasi pouzivatela v pripade, ze sa zariadenie oznaci v Anti-Theft portali ako stratene?

I was unable to reproduce it. As for Anti-Theft, I've always clicked "Do not remind me again" and was never reminded again. If you can reproduce it, report it to customer care, e.g. via the internal support form. How did you find out that the product was connecting to ipm.eset.com? By the way, there are also other messages than marketing ones that are provided by the mentioned server.

That's the way it's meant to be and it was approved by the Russian partner.

The next major version of ESET File Security will be v7 which is planned to be released in H2/2018. It will use the same type of update files as Endpoint 6.6 and therefore will also support creation of a mirror for EP6.6. Nevertheless, we strongly recommend using an http proxy for caching update files instead of using a mirror. That can save a lot of Internet traffic since only files that are really needed by clients for update will be downloaded.

That's how it currently works but it may change in the future. If the firewall is enforced by a policy, you can enter override mode in order to be able to temporarily pause the firewall.

Couldn't it be that you have enabled the firewall via a policy? Ie. is there a padlock icon next to "Enable firewall" in the advanced setup?

Personally haven't heard about such issue yet. Maybe you could create a dynamic group with computers that are reporting the error and then send a Run command task that will perform a restart by running "shutdown -r -t 0".

Honestly, this is the first time I hear about an issue like this. With MS Outlook integration enabled, all received, sent and read emails should be scanned for malware . I'd suggest checking the list of plug-ins that are loaded in Outlook and making sure that your previous Av is not there. If that's not the case, contact Customer care that should provide you with a logging version of the plug-in that should help pinpoint the issue. Do you receive email via MAPI from an Exchange email server?

Without further logs it's impossible to tell. To start off, enable advanced update engine logging in the advanced setup -> tools -> diagnostics, run update, then disable logging and finally collect logs with ESET Log Collector. When done, provide me with the generated archive.

An application running on the machine is touching update files which causes the updater to fail to rename the appropriate folder. The issue may occur intermittently, e.g. one per several weeks. A workaround for this will be included in v12.

The BAT file is not excluded. You have created exclusions for: G:\Software\*.*, C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll and G:\Software\Microsoft\Windows\Windows 10\Batch Files & Registry Tweaks\Clear Event Viewer Logs\Clear Event Viewer Logs.exe. However, the batch file was detected in C:\Users\Tommy\AppData\Local\Temp\932F.tmp\9330.tmp\9331.bat and this folder was not excluded (don't exclude it since temp folders are a typical location of where malware resides). It is in fact a potentially unsafe application because what the batch file does is that it clears system logs via wevtutil.exe. This is often done by attackers to clear traces after compromising a remote system, typically servers after conducting an RDP bruteforce attack. Detection of potentially unsafe applications is disabled by default. They cover legitimate applications and tools that can be misused in the wrong hands. If you don't want this detection to be triggered at all, exclude the signature from detection, e.g. as follows:

I didn't refer specifically to UEFI protection. However, speaking about it ESET is the first security product which has an UEFI scanner integrated in an AV product. The feature is available both for business and home users which is unique too.

This is questionable. As for tests, yes, they often score 100% but in fact there is no security solution capable of 100% detection of threats. In real world results may be quite different then in tests, not only in terms of detection but also in terms of footprint. I'd recommend you try ESET and let us know how you perceive it with regard to your previous AV. I'd like to put into your attention a list of various technologies developed by ESET that protect you from actual malware on different layers: https://www.eset.com/int/about/technology/.