Marcos

We haven't supported F5 VPN in any way. I assume it's F5 that needs to add recognition of v11.2 and newer versions, therefore I'd suggest contacting their customer care.

Please elaborate more on what you mean. What exactly worked with v11.1 and doesn't work with v11.2 ?

It can be turned off via E-store as per https://support.eset.com/kb6205/ or by contacting customer care.

There's been an outage of Microsoft Azure cloud services in South Central US which may affect activations and some other cloud services: https://azure.microsoft.com/en-us/status/

It is a very bad idea to disable startup scan tasks. By disabling them, you lose an important protection layer since only the startup scan can check vulnerable areas, such as the WMI repository, Powershell scripts in the registry, etc. Also without scanning the memory after an update it could happen that a possible malware will run undetected until you restart the computer, ie. it will have enough room to do the damage. Is the scan named "Initial scan" ? Please gather logs with ESET Log Collector and upload the generated archive here. I'd also recommend uninstalling ESET and installing the latest version 11.2.49 from scratch.

Is it somehow related to ESET? Does the issue go away if you uninstall ESET Mobile Security?

The file is not infected, it's just a keygen. Normally ESET doesn't detect keygens but if they are, they are usually detected as potentially unwanted applications. Detection of potentially unwanted applications can be enabled either during install or later in the advanced setup.

Please try the following: 1, In safe mode, rename "C:\Program Files\ESET\ESET Security\Drivers" to "Drivers_noload" 2, Rename C:\Windows\System32\drivers\eamonm.sys, e.g. to eamonm.bak 3, Restart Windows and reproduce the issue. Should the problem persist, instead of eamonm.sys rename ehdrv.sys. Let us know if renaming either driver helped. Finally rename the drivers and the Drivers_noload back to their original names.

Maybe shooting a video showing the process of replication from the download and installation of Firefox to issue reproduction could shed more light. Also gather ELC logs when Firefox is installed and running and post the generated archive here.

Does temporarily disabling automatic start of real-time protection and rebooting the machine make a difference?

Yes. That is exactly what triggers the detection and a screen shot of this was also included in the write-up mentioned above.

Here's a good write-up of exploitation of Mikrotik routers' webproxy feature: https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-–-First-we-cryptojack-Brazil,-then-we-take-the-World-/

In the menu select License -> Enter license key and type in your license key. Hyphens are added automatically.

Are you able to reproduce it on another machine, e.g. on a VM? For now do not perform the tests using a portable Firefox.

Do you mean that if you download the eicar test file from http://www.eicar.org/download/eicar_com.zip it is not detected by web protection?

Please let us know what ESET product and version you use so that we can move the topic to the appropriate product forum. Also please provide steps-by-step instructions how to reproduce it, including the exact version of Firefox that you have installed and information how you performed the test. With portable versions of Firefox , SSL/TLS filtering won't work unless you manually import the ESET root certificate to the trusted root CA certificate store.

We appreciate your feedback José. In other cases with different brands of routers, a factory reset followed and upgrading the firmware didn't help.

It depends on what product you purchased. We also sell security packs which cover a certain amount of devices regardless of the operating system. If you purchased only one license for ESET NOD32 Antivirus, then it won't work on Android.

Hello, 1, What ESET product do you use? 2, Is it Windows that is reporting "Check Internet Connection..." ? Please post a screen shot.

I'd suggest creating a SysRescue medium, booting from it and opening a website through the built-in browser. If the threat is detected, it's likely either the router or ISP that was compromised.

Basically it is not possible. According to https://support.eset.com/kb3678/, v8 will reach its end of life in Dec 2018, ie. in less than 4 months. After that date, updates will not be guaranteed and may be cut without any prior notice. If you are using a newer OS than Windows XP, please upgrade to the latest version v11.2.49. On Windows XP, v9 is the latest version which is officially supported.

1, Enable advanced logging under Help and support -> Details for Customer care 2, Run manual update 3, Stop logging 4, Gather logs with ESET Log Collector and upload the generated archive.

Check your inbox. No, detecting encrypted files would be a big mistake that would lead to a lot of problems (e.g. quarantining GBs of files for no good/useful purpose). In fact, detecting them would normally be considered a false positive. Your answer was wrong. Infected is a file that causes encryption. Already encrypted files are not infected, they are just encrypted and do not pose any risk. If that was another round of encryption, ie. if the user didn't take measures to prevent attackers from getting logged in via RDP and the attackers exploited RDP again and disabled or uninstalled ESET prior to running the ransomware, even theoretically encrypted files could not be detected simply because protection had been disabled by the attacker.

The hotfix version 11.2 I mentioned earlier has not been released yet. About a week ago I wrote that it was pending for WHQL certification and afterwards it would undergo QA tests before it's released. There should be more information about the release next week since it's weekend now.

Hard to say what happened without a complete memory dump from time when the error is reported.