Peter Randziak

Certificate that is considered by ESET products as untrusted, i.e. injected into communication has following identifiers inside:
IP Address=fe80:0000:0000:0000:...:2a5a IP Address=192.....204 DNS Name=localhost DNS Name=G....net.local which might help you identify source.
Otherwise certificate contains no other details, it actually like like default certificate that is generated for ESMC Webconsole, but it makes no sense to be injected into communication. Could you verify this certificate is used by your ESMC console for Apache Tomcat connections (I have made some redaction of data present in certificate)?
Also as you mentioned, MAC addresses from communication with ESET licensing server (IP=13.91.57.145) indicates that next device is Sophos, but it does not mean it is source of this injected certificate.

Hello,
We checked multiple browsers to identify which one produces this error (seems like you posted chrome error), However for future reference (and potentional improvement) can you please answer following?
browser(s) (in case of IE ideally export security settings for security zone console is in) - you already said you tried multiple, however platform/browser still matters for reproduction. webconsole behind reverse proxy/application firewall ESET (or other) product with TLS filtering enabled installed on computer connecting to console Any "uncommon" setup you can think of This issue can arise in case _some_ https requests on same site (in this case as Pavel said seems like js script) is blocked from download. Which in case of TLS (to my knowledge) requires MITM interception (product/WAF/RP/actual attack) or extremely restrictive browser rules.
Thanks,
M.

Hello,
It's possible CloudFlare incorrectly caches some parts of configuration editor and returns out-of-date data causing this. Please create HAR log @PavelP mentioned it might help us determine whether issue is with CloudFlare or webconsole itself.
Ideal would be to have tomcat access log paired with this log to determine which requests made it to server and which did not.
Thanks.

Hi yardstudio,
Releasing of spam from mail quarantine should work even if you don't report the false positive. The message is resent using replay directory and antispam is not evaluated again.
If the email was marked as spam again, it means that it was routed through SMTP agent and tested for spam again - this is not the usual case. Do you have more Exchange servers in your environment? If yes can you describe routing of mail?
Information about delivery of the message can be seen in "Received" headers (in the detail dialog) of the message that returned to quarantine. Please post the "Received" headers.
BTW, which version of EMSX do you use?

We have identified a problem when upgrading a Windows 10 system with ESET Endpoint Encryption installed to the 1903 feature update. Installing the update can cause the system to crash (blue screen) when booting.
We are currently investigating the cause and recommend not upgrading an encrypted system to 1903 until further notice.
Systems that have been affected will need to be decrypted using our recovery tool (if full disk encryption was enabled) and then repaired using the Windows recovery console. See this knowledgebase article for more details: https://support.eset.com/kb7309/

I already created the offline license file. Thank you for support.

The issue has been resolved, you should be able to generate the offline license file now, can you confirm?
Peter

When referring to objects, we mean basically files, but we prefer using this general term since objects may also mean archives, processes, WMI, UEFI, streams, etc., ie. anything that can be scanned. As for the settings referring to newly created or modified files, it really concerns files only. We could use the general term "objects" as well but "files" sounds more natural to users.

Let's analyze this in detail.
First screen shot is ThreatSense settings for Web Access protection. The important setting to note is "Advanced heuristics/DNA signatures":

 
The next two screen shots are for Realtime protection. The important thing to note is the omission of the "Advanced heuristics/DNA signatures" protection on base ThreatSense settings:

And for file creation and execution,  advanced heuristics are performed for both. Of note is the absence of any reference to "DNA signatures":

 
From the above, we can conclude that "DNA signature" usage is only used by default by Web Access protection. And that is indeed an issue. The solution to me appears to enable "Advanced heuristics/DNA signatures" scanning option for Realtime time protection. I assume that is disabled by default for system performance reasons.
Also this issue doesn't just apply to FireFox Send delivered files. What about anything not Internet downloaded such as files on USB media?

The only reason I was mentioning this is because web protection has more sensitive heuristics than on-demand scan or realtime scan, as Marcos has stated in this thread.
This means though the realtime scan or AMS will anyway catch the malware if the file is extracted to disk or memory, it might missed the more sensitive heuristic in the web protection layer, if my understanding is correct. As for how much more sensitive the web protection is compared to normal scanner, I've no idea

Didn't notice this inconsistency until now. Advanced heuristics always also means DNA detections.

Hi Paul,
Have you tried also with the latest version - 6.7.876.0 ?
There have been a couple of changes regarding MacOS compatibility. 
Thanks

This is untrue. We contacted VMware and provided them with details about the problem in their driver. It's their turn now.

Thank you for pointing this out, last time it was an issue with a cache, we reported this again to the service provider, so hopefully it will be resolved soon.
Tomas

I checked the version ODBC-driver and re installed 5.3.10, then ESMC installer run correctly.
Thank you very much, @MartinK and @Peter Randziak !

Problem seems to be in MySQL ODBC driver used. Unfortunately ESMC 7.0 does not support latest versions as there is some bug in driver itself. It was supposed to be fixed in ODBC driver 8.0.16 released recently but seems there might be some another issue.
I would recommend to check documentation where latest supported version of MySQL ODBC driver is mentioned. If I recall correctly, latest working version is 5.3.10.

There is also import command:
"C:\Program Files\ESET\ESET Security\eshell.exe" server as filtering import APPROVED-SENDERS ${file}
Show all supported commands for particullar list:
"C:\Program Files\ESET\ESET Security\eshell.exe" server as filtering APPROVED-SENDERS ?
 

This just started today. All I see is myself?

Hello, this has now been fixed, you should be able to see all online users again.

I would recommend to check file:
%PROGRAMDATA%\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\startupconfiguration.ini which contains connection string as used by ESMC. Please make sure you create backup before doing modifications. Resulting connection string is passed to SQLServer ODBC driver and thus all parameters supported by driver should be working. Also be careful with using reserved characters as are @,{,},... as it might require special escaping to work properly.
Also be aware that changes in this file might break upgrade of ESMC in the future, and even if upgrade is successful, it might replace this file with new one, without custom changes you made.

Unfortunately remote deployment task has a glitch that it shows successful installation even in case installation actually failed. This is issue of last phase of installation, so it means ESMC is able to connect to this device, but either download of AGENT installer or installation itself fails. Most probable cause is download, especially in case device has limited access to internet or ESMC is configured to use HTTP proxy.
I would recommend to create Windows live installer in console (it is bat script) and try to execute it manually on device. It will behave exactly as it executed remotely, but local execution might help diagnose the issue.

That is correct column for this scenario. Remote host shows IP address as seen by ESMC, which is suitable for remote clients, until they are not hidden behind NAT router or load balancer which would result in multiple devices with the same IP address.
IP addresses shown in other column are based on local state on AGENT, where IP address of interface with highest priority should be shown - but it might have no relation to interface that was actually used to connect to ESMC.

There are multiple methods: 
You can click on the "red" part, and drill down to see the list of machines with outdated agent You can navigate to the dashboard "ESET Applications" check table "outdated applications", locate agent, and drill down to get the list of all machines You can alternatively create a DG for not having a specific version of Agent installed (all others will be outdated). I would recommend to use the first / second option. 

You can accomplish this by enabling advanced security in the ESMC server setup and re-regenerating CA and peer certificates.

Thanks
I just needed to change
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to
sslEnabledProtocols="TLSv1.1,TLSv1.2" within C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.92\conf\server.conf