Marcos

How long does it take to scan the disk using the in-depth scan profile?

In automatic (default) mode, the firewall allows all outgoing communication and blocks all non-initiated communication unless blocked by custom rules. Please carry on as follows: - with EIS v11.1.54 installed, in the main gui navigate to Help and support -> Details for Customer care and select "Create advanced logs" - reproduce the issue - disable logging - gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a message with a download link.

Please carry on as follows: 1, Install Wireshark. 2, Enable advanced protocol filtering logging in the advanced setup -> Tools -> Diagnostics. 3. Start logging with Wireshark. 4, Reproduce the issue. 5. Disable logging, save the Wireshark log (pcap/pcapng) and compress it. 6. Gather logs with ESET Log Collector. Upload the generated archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.

Try this syntax: eav_nt64_ENU.exe --silent --accepteula --msi-property-ehs PRODUCTTYPE=eav --msi-property PRODUCT_LANG=1033 PRODUCT_LANG_CODE=us-US ADMINCFG=“C:\Install\cfg.xml“

Since the firewall does not currently support wildcards, you can only create a new rule each time the folder changes. It should be improved in the future, however.

We don't have SysInspector for Mac and to my best knowledge there are currently no plans to have it in the future either.

We're not aware of any repository problem. There was a problem when the agent was accessing IP addresses instead of the host name repository.eset.com for some reason but this was solved more than 12 hours ago.

Disabling HIPS and protected service are two different things. While disabling HIPS would substantially deteriorate protection capabilities, disabling protected service has much negligible impact on security. Please disable only Protected service in the HIPS setup, not the whole HIPS feature and reboot the machine. We are still waiting for Microsoft to come up with a solution to the issue since it's a standard Windows API function call that started to fail after upgrade to v1803.

We have classified the executable as Win32/RiskWare.ProcessCritical.A application.

We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from http://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection?

Please submit the sample as per the instructions https://support.eset.com/kb141/ for analysis.

By just a quick look it's a non-onfuscated Autoit script with "Joakim Schicht" listed as the author, so probably related to https://github.com/jschicht. I've passed the script for further analysis to confirm or deny that it should be detected.

Please contact the distributor or seller from whom you purchased your license. We have only one license on files registered to the email address that you provided and that license expired last year.

Please submit the file as per the instructions at https://support.eset.com/kb141/. By the way, ServerGUi.exe is detected as a CoinMiner PUA. Make sure that you have detection of pot. unwanted applications enabled. NTRIGHTS.exe is a benign file.

If clearing proxy cache doesn't help, I'd suggest generating pcap logs from both the client and http proxy from time when a software install task is executed by the agent. Especially we'd need to know if it attempts to connect to an IP address or to the host repository.eset.com.

Please refrain from shouting at moderators which is against forum rules and keep your posts polite. Your message has been edited and unnecessary exclamation marks and formatting was removed.

And also post a hash of the file HelloWorld.exe. It's not a typical name for malware so it could have been crafted to be not detected. One could take any malware and modify it until it becomes undetected by the AV that he or she focuses on so making any conclusions just based on one undetected and probably not real file doesn't make any sense. Knowing a hash of it would help us find out how many users have encountered it. My estimation is 1 or 2 if the "tester" had the LiveGrid feedback system enabled.

We've already got enough memory dumps so no further dumps are needed. As a workaround, you can try disabling Protected service in the HIPS setup and rebooting the machine. The only 100% solution known to date is upgrading Windows 10 RS4 x86 to x64 version.

Windows firewall should be turned off automatically after installing EIS as shown below:

You can open logs in a new window that can be stretched to the full screen.

It is agent that downloads the Endpoint installer from ESET's repository. if you use a firewall or proxy server, is the client able to reach the repository? Please check https://support.eset.com/kb332 for a list of ports and addresses that need to be allowed. Are you able to download the installer http://repository.eset.com/v1/com/eset/apps/business/ees/windows/v6/6.6.2078.5/ees_nt64_enu.msi directly through a browser using the same proxy settings as those used by ERA agent?

I'd suggest carrying out as follows: 1, Connect the desired device to a machine. 2, In the Device Control rule editor, click Populate. 3, Select the desired device in the list and click OK. This will create a new Device Control rule with parameters of the device already filled in which will help you also avoid typos in spaces in device information. If that doesn't help, please post a list of DC rules that you have created so that we know what rules they are and what order they are applied in. Also provide device information about devices which are blocked but shouldn't be (copy & paste whole records from the Device Control log).

This forum does not serve as a channel for reporting blocked websites. Please follow the instructions at https://support.eset.com/kb141/.

The alert is like that by design. I get the same with v11.1.

If it's really the shadow that concerns the OP, I'm getting it on any context menu so it doesn't appear to be related to ESET only.