tmuster2k

what version of the agent are they on? Have you tried GPO uninstall?

what happens when you run the agent live installer batch file?

that was likely just the computer names that were generated for each instance of Anti-theft only.

Please provide details on verbiage of install failure or any error codes. Did the installation rollback? Have you tried the offline installer as opposed to live installer? Was Eset already installed on this machine or fresh install?

was not able to get dump as tech was ok with re-image of machine. Have not had anymore come in so hope it was a 1 off.

Marcos. Do you have any specifics on the detection >> "Contained Infected Files" . I looked on the online support guide and could not find. thank you.

Just tried to help customer recover system because new build of 6.6.2052 crashed system. Tech was testing this build on his laptop which had 6.5 previous. He is on the Windows 10 Spring Creators update of 1703. The install failed with 1603 Error code. After reboot it now is in startup repair loop.Used a WINPE disk to manually remove ESET drivers from windows/system32/drivers and confirmed ESET Security is not present in program files. Also used WINPE to remove ESET registry items. Rebooted system and same. No safemode options are working either. I even had him run through process of going into recovery console command prompt to move REGBACKUP to config but same.

I have noticed with the newer versions of ESET that the threats found during Smart or in-Depth on demand scan do not show threats in RED. I just ran a scan which found 2 PUA's and said found 2 and cleaned 2 but there is not details in the log as to what these are. The log only shows items in aqua with items that cannot be scanned because they are locked which is fine. on older ESET products if I did the filter for only "ERROR" and "CRITICAL" it would always show only the threats. With the newer versions when I do this same filter nothing is displayed and when I have all the filtering options on and go through the log I still cannot locate the PUA's that were cleaned during the on demand computer scan. I have this issue on ESSP latest and EES latest.

Thanks Marcos.

I have noticed a bug with the "Automatically Reboot When Needed" option. I was under assumption if this was checked then after the uninstall of ESET SECURITY product it would essentially do a >> shutdown /r -t 0. Most of my findings show that out of 5 push uninstalls they all failed to do reboot after uninstall of EES 6.5 and EES 6.6. If I add >> REBOOT="force" to the Uninstallation Parameters section then the reboot worked 5 of 5 times on those same machines where >> Automatically reboot when needed failed.

It's going to be pulling updates from the apache caching proxy or if this was opted out it will be getting updates from our global update server. You can check your config by going to Advanced Setup on the endpoint and then >> Tools >> proxy server. If the item is checked with your ip or hostname then you are getting cached updates. This also caches MSI's for push installs. Not needed though if you are at about 500 nodes or less.

Also virus definitions are more of a thing of the past. Module updates are much more critical and also Live Grid Updates/Heuristic updates.

Uninstall the eset program via programs and features. After reboot go to registry editor and navigate to >> Hkey_Current_user>>Software >> ESET and Hkey_Local_machine_>>Software and delete any entries for ESET. Also confirm ESET folder does not exist in C:\program files\eset - if so then del. Clear your windows temp files. Install ESS again via >> https://download.eset.com/com/eset/tools/installers/live_ess/latest/eset_smart_security_live_installer_us.exe and install > activate and see if you get same error.

Uninstall and re-install the program. After uninstall go into c:\windows\system32\drivers and confirm there is no drivers starting with epfw. if so then delete. Also delete if you see ehdrv, edevmon or eelam.sys. Before install of ESET go ahead and flush the dns. command prompt >> ipconfig /flushdns and the install ESET again.

i was also puzzled that I could not remove this driver in regular safemode. I cannot get logs now as system restore was performed and everything is normal.

I also have a customer using ESET Smart Security Windows 10 and getting same BSOD. blue screen/driver irql_not_less_or_equal not less or equal windows 10 failed-epfwwfp.sys = ESET Personal Firewall Driver I would not let me rename or delete the epfw.sys driver because it said it was in use. I was in regular safemode. This is a Lenovo desktop.

I have usually seen this happen when you have a another program that is encrypting keystrokes alongside ESET. Check browsers for add-ons. One of the popular installed programs is Trusteer Rapport. if still having same issue I would recommend uninstall and removal of all remnants in registry before another install.

was able to add 2 ip addresses from ESET alerts and that allowed it through.

Customer has recently used KnowBe4 to send out fake phishing links to end users. This is to help with awareness and train end users as far as phishing goes. The link provided >> https://knowbe4.zendesk.com/hc/en-us/articles/203645138-Whitelist-data-and-anti-spam-filtering-information recommends whitelisting the ip addresses >> 23.21.109.197, 23.21.109.212 and 192.254.121.248. These have already been added into their mail security program. (not using EMSX). We already excluded the before mentioned ip's in Protocol FIltering in policy. Customer using ERA 5.x and latest version of EEA 5.x but still getting detected. Detection does not show in any logs but I see the real time window come up after link is clicked on. Wondering if there is something being missed as far as exclusions?

Have you tried booting the phone into Safemode? Getting into this mode may bypass the lockscreen and enable you to go in and uninstall for now. After reboot to normal mode then you can re-install EMS. I have a samsung . These steps should be the same through for most Android devices. https://support.t-mobile.com/docs/DOC-28008

NOD32 Version 10. latest. Setup rules in URL address management. List of blocked addresses = * List of allowed addresses = youtube.com msn.com and https://msn.com and https://youtube.com The bock is working but when end users try and access youtube.com via CHROME i see "Secure Connection failed" but most of the site is view-able as this message is only at top middle. If you try and play a video it just tries to load but nothing. If I take block off then works. When trying to go to MSN i just get "This page is not available right now". I was able to test this in my own VM environment as well and does the same.

The hips module appears to be corrupt. Follow hxxp://support.eset.com/kb2289/?locale=en_US to fully remove Eset. Confirm that ehdrv.sys does not exist after running tool. It resides in c:windows:system32:drivers. Also confirm no drivers starting with epfw. Delete these drivers if they exist. Confirm eset is gone from c:program files. Install eset again.

ENDPOINT V6 client cannot connect to ERA 5. I would recommend reverting back to your snapshot before the 6.5 Component Upgrade. Before doing upgrade after reverting to snapshot then create a new native admin account with no special characters in password. Log into with this temp account and run components upgrade. Make sure you set TARGET to ALL and let it run overnight.

you are most welcome.

I would run ESET uninstaller tool. hxxp://support.eset.com/kb2289/?locale=en_US. after reboot from safemode confirm there is no ESET in registry. hkey_current_user>>software and hkey_local_machine>>software. IF so then delete. also confirm no epfw drivers in windows\system32\drivers. then re-install ESET.