Marcos

Please contact the distributor or seller from whom you purchased your license. We have only one license on files registered to the email address that you provided and that license expired last year.

Please submit the file as per the instructions at https://support.eset.com/kb141/. By the way, ServerGUi.exe is detected as a CoinMiner PUA. Make sure that you have detection of pot. unwanted applications enabled. NTRIGHTS.exe is a benign file.

If clearing proxy cache doesn't help, I'd suggest generating pcap logs from both the client and http proxy from time when a software install task is executed by the agent. Especially we'd need to know if it attempts to connect to an IP address or to the host repository.eset.com.

Please refrain from shouting at moderators which is against forum rules and keep your posts polite. Your message has been edited and unnecessary exclamation marks and formatting was removed.

And also post a hash of the file HelloWorld.exe. It's not a typical name for malware so it could have been crafted to be not detected. One could take any malware and modify it until it becomes undetected by the AV that he or she focuses on so making any conclusions just based on one undetected and probably not real file doesn't make any sense. Knowing a hash of it would help us find out how many users have encountered it. My estimation is 1 or 2 if the "tester" had the LiveGrid feedback system enabled.

We've already got enough memory dumps so no further dumps are needed. As a workaround, you can try disabling Protected service in the HIPS setup and rebooting the machine. The only 100% solution known to date is upgrading Windows 10 RS4 x86 to x64 version.

Windows firewall should be turned off automatically after installing EIS as shown below:

You can open logs in a new window that can be stretched to the full screen.

It is agent that downloads the Endpoint installer from ESET's repository. if you use a firewall or proxy server, is the client able to reach the repository? Please check https://support.eset.com/kb332 for a list of ports and addresses that need to be allowed. Are you able to download the installer http://repository.eset.com/v1/com/eset/apps/business/ees/windows/v6/6.6.2078.5/ees_nt64_enu.msi directly through a browser using the same proxy settings as those used by ERA agent?

I'd suggest carrying out as follows: 1, Connect the desired device to a machine. 2, In the Device Control rule editor, click Populate. 3, Select the desired device in the list and click OK. This will create a new Device Control rule with parameters of the device already filled in which will help you also avoid typos in spaces in device information. If that doesn't help, please post a list of DC rules that you have created so that we know what rules they are and what order they are applied in. Also provide device information about devices which are blocked but shouldn't be (copy & paste whole records from the Device Control log).

This forum does not serve as a channel for reporting blocked websites. Please follow the instructions at https://support.eset.com/kb141/.

The alert is like that by design. I get the same with v11.1.

If it's really the shadow that concerns the OP, I'm getting it on any context menu so it doesn't appear to be related to ESET only.

I don't see any issue in the screen shot.

I don't know what the response from LiveGrid servers was, however, regardless of the response the cached file would have been either deleted or submitted. If it was deleted and nothing was logged, it had to be rejected by LiveGrid servers. Next time you can make a backup copy of such file so that we can investigate it further.

How do you know that gamer mode doesn't activate automatically? Did you schedule a scan to be run at a time when an application was running in full-screen mode and the scan was actually started?

We didn't change anything with regard to the issue and are currently anticipating more information / resolution from Microsoft.

You don't have to care what action was exactly performed, otherwise you'd have to distinguish between clean files infected with a parasitic virus and other kind of threats that contains only malicious code. The point is that cleaning means removing the malicious code, ie. either the whole file or the malicious code added to otherwise legitimate files and also removing all references to the malicious file from the registry. A copy of the original file is always put into quarantine so that it could be restored later, if needed.

Cleaning means: 1, placing a copy of the original file to quarantine 2, deleting the whole malicious file or cleaning the malicious code in case of VBA macro malware or sanitizing the file in case of file infectors (viruses) 3, removing references to the malicious file from the registry as well as fixing possibly malicious modifications in the registry.

There should be only shortcuts (.lnk files) in these folders. If you scan the folder with the on-demand scanner, does it take long or the scanner freezes?

This is not currently possible but we'll consider adding this option in the future versions of ESET security products.

If you think that ESET is responsible for the crashes, please contact customer care and provide a complete memory dump from such crash for perusal. Also supply logs gathered by ESET Log Collector.

How do you know they were actually submitted? If someone else has submitted them, then the submission was rejected and the files in the cache were deleted.

Please generate a dump of ekrn.exe via the advanced setup -> tools -> diagnostics -> create (dump) when you notice a high memory use by ekrn. Then gather logs with ESET Log Collector and provide us with the generated archive for analysis.

It's highly unlikely they would be false positives. Please post the appropriate records from the Detected threats log.