Peter Randziak

A detection for this variant was added on Oct 31, 2022:
@Trojan.Linux/Filecoder.RansomEXX.B

I thought you were referring to adding exactly 0x0000 to the code. No, inflated binaries do not create a problem for ESET to scan them.

Hi Peter, 
I'll try to read between the lines for j-gray here.  (this is also true to me) 
usual change log available for any EEA\EES\EP related updates are massively longer.( That's a good thing!)
can you please escalate to EI team to invest some love into the change log too? 
As you can see people like me and j, we dig deep. we want to understand the product better and get the broader picture to know if this update is critical or not and whether should be push it to production sooner than later. 
This is true and important just as much for EEA\EP as it should be for EI. 
 
Thanks again for all the support mate, really appreciate all that you do for the community here.

I found there is new feature replacing the HTTP Proxy - "ESET Bridge", pretty straight forward and easy to set.
finally we can manage all our endpoint in one web console  

Hi Peter,
Sorry for the delay.  I ended up contacting support who confirmed there was an issue.  I never received a response back but later that same day, things started to magically work again. 🤔

We will consider adding a setting for this notification in future versions.

Version 10.0.2045 is scheduled for release on February 21 with auto updates to be fully released until March 23.
Below is a preliminary changelog:
FIXED: Product reports incorrect version number when manual installation is executed, and Auto-update is pending.
FIXED: Device Control not blocking particular disk storage model from Western Digital®.
FIXED: Offline license file product activation in specific scenarios.
FIXED: Missing configuration section of Document protection after otherwise successful Auto-update.
FIXED: Attaching data to technical support report from SysInspector.
FIXED: Updating modules from Removable media storage.
FIXED: Minor typos and localization fixes.
FIXED: Incorrect order of attachments scanning if message contains related attachments.
IMPROVED: Miscellaneous fixes in Graphical user interface after redesign.
IMPROVED: Improve stability and compatibility of Email client protection for MS Outlook.

Just installed Feb 2023 patches on servers with issues previously. No problems now. Thanks. 😍

The issue is fixed in the Banking & payment protection module 1296. As of now it is available on pre-release update channel, full release is expected during the next week if no issues will be reported.
The Protected websites redirection feature for Chrome and MS Edge browsers will be enabled back with the module update.
The browsers restart is required after the module update to apply the fix.
Peter on behalf of the teams involved

Yep and the beta will update to the stable

There is a setting in product "Enable temporary rejecting of undetermined messages"
in Advanced antispam settings, that can help to fight first waves of spam by temporarily rejecting suspicious emails for the specified period until our antispam cloud gathers enough data.
For malware it is recommended to enable ESET LiveGuard (cloud sandbox).
 

The dev team decided to disable Protected websites redirection feature for Chrome and MS Edge browsers, until the issue is resolved in order to prevent the browsers crashes.
The change will be distributed via an Rapid response module update (probably with version 21778).
After the automatic update, the Chrome and MS Edge won't crash anymore, but the Protected websites redirection feature will not work until we release the full fix.
Disabling the Protected websites redirection feature resolves the issue.
Another way to resolve the issue is to use the Secure all browsers option.
We apologize for the inconvenience caused by this issue.

The dev team decided to disable Protected websites redirection feature for Chrome and MS Edge browsers, until the issue is resolved in order to prevent the browsers crashes.
The change will be distributed via an Rapid response module update (probably with version 21778).
After the automatic update, the Chrome and MS Edge won't crash anymore, but the Protected websites redirection feature will not work until we release the full fix.
Disabling the Protected websites redirection feature resolves the issue.
Another way to resolve the issue is to use the Secure all browsers option.
We apologize for the inconvenience caused by this issue.

The dev team decided to disable Protected websites redirection feature for Chrome and MS Edge browsers, until the issue is resolved in order to prevent the browsers crashes.
The change will be distributed via an Rapid response module update (probably with version 21778).
After the automatic update, the Chrome and MS Edge won't crash anymore, but the Protected websites redirection feature will not work until we release the full fix.
Disabling the Protected websites redirection feature resolves the issue.
Another way to resolve the issue is to use the Secure all browsers option.
We apologize for the inconvenience caused by this issue.

...currently (after ~ 1 month) approx. 1GB of private bytes (according to taskmgr) - creating dump (via procexp) and sharing through IM (as before), based on Marcos' request

No, it is not possible to disable the warning in the console because the application status was not supported by the program when it was released. Current versions of Endpoint support it so once Windows 10 is due to lose support and the program will notify about it, it will be possible to silence the warning in the console.

Hello,
The problem solved. 
Thanks.

Sorry... The problem is fixed. It's the primary dns server in the ESET PROTECT server don't work.

Yep it was the ISP. All working now.
 
Thanks again!
D

Hello @karsayor and @st3fan,
I apologize for the confusion.
We ere checking it internally and it seems that the statement 
"In order to speed up the process and receive update right after the web/repository release administrators can use "Check for updates" button available in the application GUI." is not correct 😞 
The Auto-updates will be available on February 13, before that manual upgrade would be required.
 
Such task is planned to be added to the ESET PROTECT console.
Peter

Hello @karsayor,
The release to web/repository  was on January 30 and will be followed by first phase of Auto-update/uPCU release (50%) on 13 February, while the last phase (100%) is scheduled for 27 February.
In order to speed up the process and receive update right after the web/repository release administrators can use "Check for updates" button available in the application GUI.

It is a new version and we speak of servers so for sure we need to proceed with caution...
Peter

if they were asked by the HQ support I prefer to use that channel so we won't fork it and to prevent checking them twice.
I checked the queue and I found the ticket, which your local support has opened with the HQ support so it should arrive there shortly.

I had a similar problem, the installer didn't download.
In the logs "C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs\trace.log" there were entries:
2023-02-01 05:41:43 Error: ConsoleApiModule [Thread 2b4ec]: 2670 Unexpected error while processing GetFileProgress request: GetFile: Failed to process HTTP request (error code: 20019, url: 'hxxp://repository.eset. com/v1/com/eset/tools/installers/bootstrapper_era/v4/4.0.17.0/epi.exe')
Although the server has full access to the Internet, there was a problem with downloading via HTTP hxxp://repository.eset.com/v1/com/eset/tools/installers/bootstrapper_era/v4/4.0.17.0/epi.exe
I redirected (on the Internet gateway) requests to https and it all worked.
https://repository.eset.com/v1/com/eset/tools/installers/bootstrapper_era/v4/4.0.17.0/epi.exe
 

ESET PROTECT console: Products should not be marked as outdated until the next product's auto-upgrade is released.
Let's refer to this existing post:
 
My ESET PROTECT console dashboard's Component Version Status is lit up in red (Legacy) despite being properly configured for automatic upgrades/updates and all of the clients being on EEA v9.0/9.1. The endpoints' status should remain in a blue "Waiting" status for any supported versions until the auto-upgrade is released.
 

Yes, it needs to be installed and the machine rebooted prior to the next Windows update which could trigger verification of loaded dlls. As of Endpoint v9.1, Microsoft dlls embedded in ESET installers have been counter-signed so verification after Windows update by catalogs would not occur.