Marcos

Staci zmazat subor c:\windows\system32\tasks\WinMgr, ktory spusta uz neexistujuci skript.

ESET NOD32 Antivirus is a consumer product and cannot be managed by ESET Remote Administrator. By contrast, ESET Endpoint Antivirus is intended for business environment and is fully manageable by ERA. Although the current version does not have ransomware shield integrated, we are about to release v7 which will have all protection features known from the latest consumer versions. If you have only a small number of computers, it's ok to use a consumer product.

Please provide me with logs gathered with ESET Log Collector as per the instructions at https://support.eset.com/kb3466. Before you start to collect logs, also select "quarantined files" in the list.

You can just create an agent policy with the new peer certifacate which is easier than re-deploying the agent.

Generate a new peer certificate and create a new agent policy in which you will pick the new certificate. Alternatively you can re-deploy agent while using the new peer certificate.

The detection is correct. It's PUA which is detected or blocked.

Please drop me a personal message with logs gathered by ESET Log Collector on a troublesome machine.

Dobry den, Zozbierajte logy podla navodu v clanku https://support.eset.com/kb3466/?locale=en_US&viewlocale=sk_SK a taktiez vytvorte Procmon log tak, aby v nom bol zachyteny moment, kedy sa zobrazi dana hlaska.

When opening a website, the connection is not maintained active unless some data is transmitted. Therefore it's not possible to measure for how long a particular website has been opened. Also blocking of websites works only in supported browsers which enable us to know what website is being accessed. There are quite many technical limitations on Android (or generally on mobile phones) that prevent 3rd party applications from tightly integrating into the system or other applications like on Windows for instance.

That is most likely because every http connection goes through esets_proxy.

Thanks for the heads-up. I assume the author of the help meant "HKEY_CURRENT_USER" instead of "HKEY_USER". We'll rewrite that part of the help. Currently wildcards (asterisk) can only be used in registry paths, e.g. HKEY_USERS\*\Software\Policies. As for using variables, only system variables will work since ekrn.exe runs in the local system account and therefore has no visibility into user variables.

Even offline computers can be connected via a proxy to the Internet with access limited only to ESET's servers. If that's not an option, you can use the Mirror tool to create a mirror: https://help.eset.com/era_install/65/en-US/mirror_tool_windows.html

What operating system is on the client ? If a standard user clicks the link to restart the system in the ESET gui, the system doesn't restart? Clicking the link should actually restart the system as opposed to selecting Restart in the Start menu which performs only a hybrid restart.

Do you use ERA Server virtual appliance or you installed ERAS on an existing Linux system ? Is the following command executed without an error? smbclient '\\poste_si14.protection24.lan\ADMIN$' -U 'Administrator'

The problem here is with seccomp sandbox which has never been supported by pac and which limits the allowed syscalls for a whole process. We use such syscall and the OS kills the process then. There is no workaround but recompiling the kernel with seccomp disabled. To prevent this from happening, we'll have to detect that seccomp is used by a protected process and behave accordingly. This detection will be added soon and will be included most likely in version 4.0.89.

What browser and version do you use? Not all re supported by Anti-phishing.

Email providers usually use an antispam solution. If you access your email via a browser, there's no way for you to use a 3rd party antispam.

Keystrokes are already scrambled in a secure browser to prevent keyloggers from stealing what you type.

Antispam is supported in the following email clients: Microsoft Outlook, Outlook Express / Windows Mail, Windows Live Mail.

None of the above. A fixed version was provided by developers on Thursday evening. I've installed it and made sure that the issue doesn't manifest and then made it available for users here in the forum. Testing like everything else is planned in advanced; it's not that we compile a newer version and it will be tested overnight by robots. Testing is done by staff, not automatically by robots. Since it's weekend now and testing hasn't finished yet, I can't promise that everything will go well and that the new version will be released next week. If everything goes well and no further issues are found, then there's a good chance we could release it next week at earliest. Generally speaking, releasing a new version within a week since it was built is quite fast when speaking about software. More complex software products take event months to be properly tested and released. As for a refund, contact your local distributor from whom you purchased the renewal. I expect it should be possible within 30 days since purchase.

These scam web pages vary from simple html ones to more complex ones that utilize javascript and obfuscation. Since there's nothing malicious in them, it's usually only possible to detect them based on the content or by blocking the url or IP address. Since we cannot block a web page generically just because it contains keywords like "Microsoft", "Google", etc. it's not possible to effectively detect them proactively, only reactively, especially given that they also use certain trick to avoid blocking of IP addresses.

The "Invalid digital signature" error appears if update files were tampered with on their way, ie. between your computer and your ISP or between your ISP and ESET's update servers (outside ESET's infrastructure). If the error occurs frequently, I'd suggest trying to connect to the Internet via another ISP, if possible and avoiding any proxy servers. You can capture such communication with Wireshark so that we can check what modifications were made to the update files.

By turned off you mean that ekrn.exe is not running? What version of ESET NOD32 Antivirus do you have installed? Did you try uninstalling it and installing it from scratch?

Unfortunately, you have posted in the General discussion forum and didn't mention what product you meant. Please post in the appropriate product forum and elaborate more on what you mean by settings mismatch and problems with displaying the product's icon.

Do you use Microsoft Outlook or Windows Mail as an email client?