Marcos

nsis7z.dll is a legitimate very popular dll. It's clean and not subject to detection. In this case it was two js files inside an embedded archive which are malicious and are now detected.

Yes, there will be newer versions of ESET products compatible with macOS Sonoma shortly before its release.

Yes, there will be newer versions of ESET products compatible with macOS Sonoma shortly before its release.

All products from ESET NOD32 Antivirus to ESET Smart Security Premium are same in terms of SSL filtering / scanning feature. That said, if disabling SSL filtering makes a difference, then the issue must occur also with ESET NOD32 Antivirus installed. Please try installing ESET Smart Security Premium v16.1, then switch to the pre-release update channel in the advanced update setup and have it upgrade to the latest version v16.2. If that doesn't resolve the issue, try temporarily disabling Banking and payment protection and see if it helps.

 

It's a scam email to scary you, just ignore it and delete it.

I've checked your forum email address. Your personal data leaked in some 3rd party breaches which is where the sender might have got the passwords from. You should urgently change your password if you haven't done so since the breaches:
2,844 Separate Data Breaches (unverified): In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single "unverified" data breach.
Compromised data: Email addresses, Passwords
Cit0day logo
Cit0day (unverified): In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.
Compromised data: Email addresses, Passwords
Gaadi logo
Gaadi: In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes. The site was previously reported as compromised on the Vigilante.pw breached database directory.
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Usernames
GeniusU logo
GeniusU: In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles
Royal Enfield logo
Royal Enfield: In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details
ShareThis logo
ShareThis: In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by dehashed.com.
Compromised data: Dates of birth, Email addresses, Names, Passwords

Release Date: July 11, 2023
ESET Endpoint Antivirus for Linux version 10.0.3.0 has been released and is available to download.
Changelog:
Version 10.0.3.0
NEW: Web Access protection for monitoring HTTP & HTTPS communication
NEW: Advanced Machine Learning – a high-powered detection engine in the cloud
NEW: Detection level settings in Real-Time & Machine Learning protection
NEW: Scanning of kernel modules
NEW: Support of RHEL 9
NEW: Support of Linux Mint 21
NEW: ESET Bridge support
NEW: Configuration section "Protections" with Web Access Protection
IMPROVED: On-access scan improvements
FIXED: Product does not reconnect to ESET LiveGuard servers after network connection outage
FIXED: Other minor improvements and bugfixes
REMOVED: Support of RHEL 7
REMOVED: Support of SUSE Linux Enterprise Desktop 15
Upgrade to Latest Version
Upgrade my ESET Endpoint products for Linux to the latest version
Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support.
Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

The reason is that one cannot re-enable protection features locally unlike on Windows if a particular protecton feature is not disabled by a policy.

Support for redirection in Firefox v115 will be added later this month. We recommend either using the Secure-all-browsers mode or using the isolated browser accessible via the BPP desktop shortcut.

Windows Defender is running:
c:\programdata\microsoft\windows defender\platform\4.18.23050.5-0\msmpeng.exe
Please refer to my last reply in https://forum.eset.com/topic/36914-copy-paste-issue-eset-conflict and make sure that Defender is not enforced via a policy.

Currently only a few VPNs listed at https://help.eset.com/eeau/10/en-US/web_access_protection.html are supported. It is possible that the list will be extended in the future as we find workarounds for particular VPNs.
Please raise a support ticket so that we can research the possibility to add Forticlient VPN support as well.

Did you try to upgrade to v16.2 either using the installers downloadable here from the Downloads section as early access or by switching to the pre-release update channel? V16.2 should have it fixed.

Endpoint v10.1 should be available soon, we don't plan to have a beta version.

Malware has been cleaned, we have removed the website from blacklist.

1, If malware is already running it could prevent any antivirus or program from running so it may be necessary to clean the machine first. However, honestly I haven't heard about any such real case for a long time, if ever.
2, I don't think malware could misuse DisallowRun to block the crucial process ekrn.exe, especially not if ESET is installed and protecting the machine. More info would be needed on if and how you managed to block ekrn, if at all.
3, An antivirus is not supposed to modify permissions on existing files or folders.
4, See point 1. In certain cases it may be necessary to clean malware first, e.g. by running an online scanner or an offline scan after booting from a clean disk.
5, See point 4 and 1.
6, What Miner are you referring to? Any hash, sample or a link to VirusTotal? Without more information, we can't tell if it's really: a) subject to detection, b) undetected by ESET even upon execuction and with PUA/PUsA enabled.

Does the issue persist if you set "Turn off Microsoft Defender Antivirus" policy to "Not configured"?
Local Group Policy Editor -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus -> Turn off Microsoft Defender Antivirus

"If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.
Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured."

I'd also add that we recommend switching to the pre-release update channel in the advanced update setup which supports the new firewall in v16.2. The module will be available to all users at the time of the release of v16.2.

Please download and install v16.2.10 from https://forum.eset.com/files/category/3-early-access/ and see if it makes a difference. We recommend switching to the pre-release update channel in the advanced update setup to get full support for the new firewall before v16.2 is released for general public.

While creating many exclusions would not affect performance, each exclusion creates a potential security hole so exclusions should be used only as a last resort if a particular issue cannot be resolved otherwise.

Please run the ESET Uninstall tool in safe mode.

A hotfix 10.0.12012 has been released that addresses this issue: https://forum.eset.com/topic/36837-eset-server-security-10012012-for-microsoft-windows-server-hotfix

A hotfix 10.0.12012 has been released that addresses this issue: https://forum.eset.com/topic/36837-eset-server-security-10012012-for-microsoft-windows-server-hotfix

A hotfix 10.0.12012 has been released that addresses this issue: https://forum.eset.com/topic/36837-eset-server-security-10012012-for-microsoft-windows-server-hotfix

Release date: June 28, 2023
ESET Server Security for Microsoft Windows Server version 10.0.12012.0 has been released and is available to download.
Changelog
Version 10.0.12012.0
IMPROVED: Introduced new Hyper-V on-demand scan result state of "completed with warnings" to indicate the presence of critical issues in the scan log.
IMPROVED: eShell cluster initialize command now accepts file containing list of nodes separated by newlines.
CHANGED: eShell scheduler command renamed from „action“ to „type“.
FIXED: A problem where a non-admin user was unable to restart the server via GUI.
FIXED: A problem where it was not possible to activate ESET Inspect Connector with offline license.
FIXED: Addressed the customer-reported issues of slow application openings and timeouts for specific applications.
FIXED: Issue upon logoff when the system is stuck at the screen "Notification text for system events"
Support Resources
Online Help (user guide):
ESET Security for Microsoft Windows Server For more information and to download the product, visit the ESET Security for Microsoft Windows Server download page or contact your local reseller, distributor or ESET office.

According to https://help.eset.com/protect_cloud/en-US/index.html: ESET PROTECT Cloud enables you to manage ESET products on workstations and servers in a networked environment with up to 50,000 devices from one central location.
That said, even with this number of devices the replication interval of 10 minutes guarantees flawless operation.