JxMcGeary

My company uses ESET Protect on-prem and recently got into a state where we had more machines activated than our license allows. I've deactivated the offending machines and removed them from ESET centrally, and our dashboard shows a total of 60 ESET machines, but when I go to License Management within our central console I still show 63/60 activations on the license and can't get the count to go down or synchronize properly. How do I fix this before we renew our license?

Okay, I was able to pause the protection and zip up the file, but before I submitted it I checked it out. It appears that ESET believes the one URL in the file points to a phishing site. The url in question points to https://www.mizuhoamericas.com , which is an investment banking site. Given that my company does legitimate business with Mizuho Americas, we believe this URL classification is a false positive. I'll submit the zipped file shortly.

I checked. Livegrid feedback's enabled. The instant I try to restore the file so I can upload it anywhere, ESET detects it again and deletes it again. I have had this happen both when restoring it on the machine itself and when restoring it from the security center. 'Upload' is apparently an option if I check the file in the security center rather than on the machine, but that asks for a Windows or SMB share to upload the file to, rather than giving me the option of uploading it to ESET.

Can't. Submit for analysis is grayed out. ESET appears to insist on deleting it even though it says it's in quarantine.

We got a scan result of phishing.a.gen on a PDF on one of our users' hard drives this morning. The file appears to have been legitimate, but I'd like to upload it for analysis since I know that pdf/phishing.a.gen can be triggered as a detection any time a PDF contains links to what ESET considered phishing domains. I can see the file in quarantine in the ESET Security Management Center. How do I upload it for proper analysis, or other examination for possible false positives in the event that a domain in the PDF's links is falsely marked 'phishing'?

Thank you.

Thank you, Marcos. Does that mean the file was adware, or just that the definition was an incorrect marking? I need to pass the information to my boss.

Merganser users this morning (we're on ESET Endpoint Security 7.2.2055.0) got pop-ups from their scanners saying that JS/Kryptik-BPH had been blocked from accessing their machines. I ordered a full scan with cleaning on all user computers and similar scans on our servers. We've had multiple users' scans complete with JS/Kryptik-BPH detections in the caches of Chrome, Edge, and the Bloomberg WebView In-Terminal Browser, but when I check these detections in the ESET Security management Center report, it shows 'scan time of completion' as a date significantly in the past- some users in January, some as far back as October. We had a module update this morning at 8:13; did something change? Here's an example detection detail report: File Hash 32A785BD991C229371E76CFA904A0800FBD32E13 Name JS/Kryptik.BPH Uniform Resource Identifier (URI) file:///C:/Documents and Settings/USER NAME REMOVED/AppData/Local/Google/Chrome/User Data/Default/Cache/f_0024a8 Process name C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe Scan Scanner On-demand scanner Detection engine version 21132 (20200408) Current engine version 21132 (20200408) Scan targets Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;C:\;D:\ Number of scanned items 1273902 Infected 0 Cleaned 0 Time of completion 2019 Oct 13 04:23:16 Action cleaned by deleting Action error