Marcos

By default notifications about successful updates do not pop up. You have to turn off the above mentioned setting.

Using the numeric keys at the top of the keyboard should help if it's Windows XP with ESET v9. It's a known issue which will be addressed in a new build of v9 shortly. If you are using a newer OS than Windows XP, please upgrade to the latest v11.1.54.

First of all, please update to the latest version 11.1.54. You can install it from scratch to make sure that update servers are set correctly in the registry. Should the problem persist, carry on as follows: - In the advanced setup -> Tools -> Diagnostics, enable advanced update engine logging - Manually run update - Disable logging - Gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link.

For instance, Apache HTTP Proxy is provided with the ERA All-in-one installer or as a stand-alone installer from https://www.eset.com/int/business/remote-management/remote-administrator/download/#standalone: For instructions how to configure it, read https://help.eset.com/era_install/65/en-US/mirror_tool_windows.html?http_proxy_installation_windows.html. For instructions on using the mirror tool, please refer to https://help.eset.com/era_install/65/en-US/mirror_tool_windows.html.

What error do you get when you attempt to update manually?

EFSW 6.5 doesn't create mirror files for Endpoint 6.6. This will be first supported in EFSW v7. We strongly recommend using HTTP Proxy instead of a mirror to save bandwidth and to ensure that only files that are really needed by clients are downloaded. If you need to use a mirror, use the command line Mirror tool or create it using Endpoint 6.6.

As long as it works and updates are provided for that version (which will be for the next several years), it's ok to use it. As far as I know, the latest version didn't bring any fix for a critical issue that would prevent users from temporarily using a slightly older version of the program.

Developers have reproduced the issue and are working on finding the root cause with highest priority. We'll keep you updated.

It appears that a permissive rule for system with the local port 8770 should solve it. You can also try temporarily switching the firewall to interactive mode. When you are asked about the communication, select to create a rule from the drop-down menu and allow the communication. Then you can switch to automatic mode again.

Please gather logs with ESET Log Collector on one of the troublesome clients and provide me with the generated archive via a personal message. Also create a Procmon boot log from a system start as per the instructions at https://support.eset.com/kb6308/.

This malware was released shortly after we started building the noon update so it made to update 17503 which was released 2 hours ago (at VT ESET isn't updated yet). We made sure that the payload was detected so that our users were protected from the very first moment even if the file was not detected by the on-demand scanner.

The website is not blocked by ESET. If you can prove it with a screen shot for instance, contact ESET as per the instructions at https://support.eset.com/kb141.

Let me understand your use case, when you come home you will never want to connect your notebook to the Internet?

VT is not using the most current engine. The sample is detected: 4646921ee4c0666a15a188dadbffd97632b245b9 » RAR5 » Swift.exe - a variant of Win32/Injector.DYKM trojan

If you look up a description of the detection, you'd found out that it's a kind of a cloud-based machine learning detection. If it raises a question about ESET's detection capabilities, doesn't it rise the very same question when the mentioned vendor misses thousands of malicious samples that ESET detects? There's no security solution that would proactively protect from 100% of threats, especially if malware authors focus on specific vendors and modify the malware until it becomes undetected. And if they also test it also upon execution in real conditions and perform modifications until it becomes undetected, they will eventually evade detection. Security vendors make it harder for attackers to infect systems but making it 100% impossible is unreal. Nope. ESET uses multiple protection layers to make it difficult for malware to get in even if attackers take measures to evade traditional detection: https://www.eset.com/int/about/technology/

It's an rtf document with a NSIS/Injector inside. Among those 10/59 detections were none from a popular AV with a concrete detection name; all were generic detections. It is a fact that no AV detects 100% of all threats; what matters is the reaction time of vendors when a malware is not detected heuristically / generically without update. There have been numerous cases when ESET was the only vendor to detect certain new threats. The detection will be added in the next update as DOC/TrojanDropper.Agent.EN and the dll inside as Win32/Injector.DYKG. As of Endpoint v7, you will be able to take advantage of the new technology ESET Dynamic Threat Defense which will allow for running any suspicious files in ESET's sandbox and apply also machine learning in order to asses the dangerousness of a file. The client will then be informed about the result and block or allow the file accordingly.

Please provide me with a link to the VT results so that we can comment on it. Without knowing what wasn't detected and how your ESET product is configured no conclusions should be made.

This is really weird because Microsoft says on the mentioned website: Prerequisites To apply this hotfix, you must be running one of the following operating systems: Windows Server 2008 R2 Service Pack 1 (SP1) The 64-bit version of Windows 7 Service Pack 1 (SP1) Please try creating a Procmon log from the time you attempt to install the update, maybe it will show incorrect detection of the OS. Also I'm going to drop you a personal message shortly.

Most likely you have enabled logging of all scanned files: Please disable it and delete the big dat files in safe mode.

Please provide me with the ticket number for identification of your ticket. The best would be to know the ID of the ticket that your local customer care used in communication with ESET HQ. In the mean time, make sure that this update is installed: https://support.microsoft.com/en-us/help/2883492/sec-e-internal-error-error-when-a-32-bit-application-calls-the-schanne

ESET never uninstalls itself automatically. It sounds like an issue while upgrading from an older version. Do you know by chance if you had a legacy version (up to v8) installed or you had v10 or v11 before you chose to upgrade to the latest version? You should be able to uninstall / reinstall ESET from scratch. In case of issues, try running the ESET Uninstall tool in safe mode first.

I'd say very soon. It will require a special license for activation since it will be provided as an extra paid service.

No, it's not possible since the tool gathers logs from the system as well as ESET's logs, configuration, etc.

Do you use the latest EIS v11.1.54? Would using the numeric keys above letter keys work as a workaround in the mean time ?

I'm sorry but the archive is password protected. Without knowing the password, neither humans nor AV scanners can scan inside password protected archives. If we were to brute force the password, it could take more than a day for a 6-char. password provided that 500,000 passwords were tried per second.