notimportant

I dont think this is the right place to ask about "cracked" apk files 😬

I should add that anything that is cracked that appears safe, could be dangerous, even if not detected.
The problem is that as these are from unoriginal sources, you never know what they have done to it e.g. included hidden extras. Cracks are often used for malware distribution 

I dont think this is the right place to ask about "cracked" apk files 😬

Yes, that was a false positive. Updates were already stopped a while ago and a fix is being prepared. It should be available within a few minutes.
We apologize for the inconvenience.

They did NOT accuse you. They commented on the license.
"Looks like a pirated key" - because it was, although not by you.
"That's not your license" - although you paid for it, you paid to a pirate (unknowingly), not to ESET, so you were not the person who originally bought it from ESET, thus based on information in ESET's licensing database, you are not the owner of the license, you are not the one who legally purchased it from ESET - that's what "that's not your license" means. Nothing less, nothing more.
Although it may seem to you that way, in the end, they provided you with all the options available.
They did answer this too, see:
6:03:15 PM‎ Consultant: eset is sold according to regions
6:03:36 PM‎ Consultant: and we can't renew foreign license, unfortunately
Nobody said that using a key purchased in another country is piracy. Although most keys used in a different country than they were bought usually are pirated, that's not the definition. A pirated key is one that is obtained with the intention to resell it numerous times to other people, many more than the number of computers the license was originally issued for.
This is what Marcos referred to when he said we enabled antipiracy measures earlier this year - as of now, we restrict the number of activations on a given license, so this would not be possible anymore. I believe earlier you expressed desire for us to restrict the activities of pirate resellers, so you will be glad to know we already do.
I admit, this could have been phrased better, there's no denying that. At the same time, they had already provided you with all the information at that time, so there was nothing they could add. But surely, this could have been put differently.
You can indeed use that key in other countries - in fact, you have been using it in Lithuania for two years, the program worked. However, when it comes to sales, support and renewal, you need to contact the entity that sold it to you.
Let me tell you an example - you buy a microwave oven from Amazon in USA. When it breaks down, or when you need anything related to it, you can't contact Amazon in Germany and ask them to provide warranty, repair, or refund - even though they operate under the same brand, they are different entities and Amazon USA sold it to you, so only Amazon USA can provide warranty, repair or refund. That does not mean you can't use the microwave in other countries, but the seller who sold it to you is the one you need to contact if anything happens.
Similarly as with the example above, support from eset.com is for people who buy the license in the USA. For purchases in other countries, each country has its own support. They are not interchangeable. You can't get support from eset.com other than buying a license in the USA.
You were then probably using a Romanian IP address if that's where you ended up. I believe you can reach out to Romanian support and ask for a refund. If you explain the situation (you can include the link to this thread), there should be no issue - I believe you may contact them in English too.
I will go ahead and reach out to our Lithuanian partner, explain the situation, show them this thread, so they see what you thought, that you believed they accused you - I believe they will be more than happy to settle things once and for all and provide you with good support, at the time of purchase, and in the future as well.
Can you just send me privately your email address on which you can be contacted, please?

From what I can see, they wrote "looks like a pirated key". There is no accusation there, just an assessment of the situation the license is in.
Indeed, individual resellers only see the licenses they sold, so when they saw your license, they could not see it in the system, so they assumed it was bought off an unauthorized resale channel, which in most cases sell pirated licenses - even your license was used on 130 computers, so it indeed is pirated. The license itself. Nowhere it says that you pirated it, just that the license has been sold to many more people. There is no accusation of you as an individual, the comment was made in regards to the license - because it indeed was pirated (again, not by you).
I hope this explanation makes it clearer that nobody tried to accuse you, they just commented a fact on the license's state. A pirated license means it was pirated by the reseller who sold it to you - if somebody though you used cracks to get a license without paying (which, of course, we know you didn't), they wouldn't call it a "pirated license", they would use a different terminology.
We provided you with all the assistance, checked the license, explained how ESET licensing and sales works, explained your options, so I hope you see the situation in this light.

This was not accusation. I too told users here in the forum that their license was misused or leaked if they complained the license didn't work and nobody perceived it as a personal attack or accusation of piracy. There were cases when they bought the license on ebay and they simply fell a victim to fraud.

Since SHA-1 code signing support was discontinued throughout the IT industry due to security weakness, all vendors are moving to SHA-2. That said, SHA-2 support will become mandatory soon and there won't be any current version of antivirus that will work on non-SHA2 compliant operating systems. It was not the choice of ESET.

The detection is technically correct. It's an obfuscated redirector to a kind of pharmacy search which is detected. This is how it looks like after deobfuscation:

Yes but it's as complex product as ESMC or even more and it's intended for Enterprise users which is also reflected in the price. Perhaps  you'd better find another solution, e.g. to log access to all visited websites to find out which sites were accessed before the blocked ones.

In fact, I provided a proof that on Windows 10 ESET detected and blocked execution of the ransomware and protected the user where the other "free" AV failed. If you have a proof that ESET doesn't protect users well, please provide a proof and support it with logs and other necessary stuff.

The fact that a particular AV detects more than ESET doesn't make it better. Rogue applications also find a lot of issues even on clean operating system and it doesn't make them better, quite the contrary.
If you think that ESET has missed a threat, feel free to submit MBAM's quarantine to samples[at]eset.com and we'll most likely confirm that the object is not subject to detection.

I respectfully disagree. MBAM typically ranks lower than ESET in tests and from my personal experience if it detects something that ESET doesn't it's something that is not subject to detection, e.g. benign registry values, folders left after malware infection or PUA, etc.

Still infected:

As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected.
This is how the detection would have looked like at that time:
Log
Scanned disks, folders and files: C:\test2\documento.exe
C:\test2\documento.exe - Suspicious Object
Number of scanned objects: 1
Number of detections: 1
And here is how ESET reacted with 2-month old modules:

The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script...
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550;

And the malicious process was terminated:

AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.

The file is an activator. Should not be detected as malware but as a hacktool application at most. Those who detect it as malware are wrong. We're not going to detect it for now since we are antimalware and not anti-cracking sw.

 

We do not provide data recovery services.
We would have protected the user provided that they had the system secured, preventing attackers from exploiting RDP. Our protection were not most likely password protected so the attacker could easily pause protection. Again, not ESET's fault.
I don't know what solution you were trying to find if the user had no backup created. The only solution is to pay the ransom and get a decoder with no warranty which we do not recommend.

Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
- the detection for the ransomware was added at least 2 months before the incident
- password protection of ESET's settings was not enabled
- detection of potentially unsafe applications was disabled

We also found out that:
1, A brute-force RDP attack was performed:
- Administrator had 22 377 failed login attempts
- ADMINISTRATOR had 5 438 failed login attempts
- ADMINISTRADOR had 1 102 failed login attempts
- ADMIN had 710 failed login attempts
2, There was a suspicious RDP connection from a foreign country
3, A local user GhostUser has been created recently
4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
5, Event logs have been recently cleared.

This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.

This is not an excuse. I see this all the time in the customers logs when brute force attacks are performed against RDP.

As far as the first three reasons given, it's a fair assumption.
In prior endpoint attacks where logs or specific details were provided, RDP was always the attackers entry point into the network. Once in the network, he could easily access any device where Eset was installed. Even if password protected, it could be bypassed via keystroke capture using a keylogger or other credential capture means.
Further, there has been at least one forum poster who was been repeatedly attacked via RDP despite being initially warned and advised on how to properly secure it.
To set the record straight, the vast majority of ransomware incidents posted in the forum involved business networks. The individual user postings I have seen are from those seeking help or a decrypter and don't even have Eset installed. Or, they naively installed Eset after the ransomware incident in belief it could both remove the ransomware and decrypt their files.

First of all, please stop using a cracked version of ESET. It could be that you used a crack that had malware enclosed as well. After you purchase a license, remove EEA v6 from the server, install EFSW v7, provide me with fresh ELC logs and then we will continue with investigation.