Marcos

The website was compromised. The owner or admin should remove the reference to an external js at mXXXXu.com (some letters were intentionally replaced) and take measures to prevent further re-infection.

The notification doesn't read "error". It's a known bug in v11.2.49 that update notifications are sent out. It will be fixed in the next v11.2 hotfix.

Theoretically yes since it has nothing with the update cache. Do you have v11.2.49 installed? In case the error occurs frequently, a Procmon log would shed more light.

Please refer to https://forum.eset.com/topic/15949-hips-cannot-communicate-with-driver/. The latest Insider Preview build 17728 currently available on fast ring addresses the bug. To prevent duplicate topics on the same subject, we'll draw this one to a close.

Did you right-click the msi installer and select Run as administrator?

If blocking webcam usage for the svchost.exe service prevents facial recognition from working properly, then you'll need to permit it if you want to take advantage of the feature.

If you are being reported issues with HIPS in the main gui and you are not using a Windows 10 Insider Preview build, we'll need a complete memory dump for analysis. The best course of action would be contacting customer care so that the case is properly tracked.

It appears they have already fixed the cert. issue. An SSL check didn't report any issues and ESET is scanning the website alright too:

Please collect logs with ESET Log Collector and provide me with the generated archive.

It was already confirmed as a bug and fixed. The fix will be included in the next hotfix. I will check if it's possible to provide you with a fixed binary in the mean time.

It's not necessary to install it since the only change is that a computer restart is not required any more in order for HIPS/AS to work.

The only change is that it creates a special registry value during installation to ensure compatibility with Windows updates. Otherwise HIPS/AS would not start after installation and would require update and a computer restart for it to start working. An announcement should be posted soon.

Windows Security Center was first introduced with Windows XP SP3 if I remember correctly. Module updates should not cause re-registration to WSC. If you are not continually getting an error related to WSC, I would ignore it.

Yes, it's the last version. For instance, there's also the Rootkit detection and cleaning module which hasn't been updated for 1 year. Simply there were no changes in it and reasons to update it.

The network protection module is not updated on a daily basis but as needed. Actually there are only 3 modules that are updated on a daily basis.

Please contact your local customer care since this is something that we can't help you with in the forum.

Thank you all who have confirmed that the fix provided resolved the issue. It will be included in the upcoming service release of v11.2. As for ETA, I can't tell right now but will keep you posted.

It should be ransomware instructions which are detected. The last variant of Magniber was seen about 10 days ago. If you've got infected recently, it should be due to having outdated modules or disabled protection (e.g. if an attacker logged in via RDP and disabled the av). However, without further logs it's impossible to tell how the infection occurred.

The files were encrypted by Filecoder.Magniber. Most likely decryption won't be possible. Please email the following stuff to samples[at]eset.com: 1, Payment instructions 2, Logs collected with ESET Log Collector (a zip archive) 3, A couple of examples of encrypted files (ideally documents)

Upgrade to a newer version of the same ESET product has always been free. Since we are approaching the release date of ESMC (ERA v7), I'd strongly recommend that you wait a few days until ESMC is released and then test upgrade on a small number of computers. There is a comprehensive guide how to perform upgrade (https://help.eset.com/era_install/65/en-US/export.html?migration_tool.html, https://support.eset.com/kb3607/) and we too are here to assist you should you need help. In such case, also let us know how many computers you have in your network, if you want to perform migration or install ERA v6 from scratch and if you want to use a Linux-based virtual appliance or you'll install it on a Windows Server.

The file should be reported to the AV maker as a possible false positive. Judging from the name, it could be ClamAV which detected it.

We have pinpointed the issue and will have a fix for testing soon. Will keep you posted.

We have tested build 17728 currently available on fast ring and confirm that it resolves the issue with HIPS/AS/firewall.

If the archive generated by ELC is too big to be attached to a personal message, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide me with a download link.

If those files were modified from another machine in the network that is not running ESET with Ransomware shield, the ransomware could not be detected. The Ransomware shield monitors running processes and not just files on disks.