peteyt

The problem is that a lot of people post about issues but never give enough information. Without more information it's hard to tell what happened to the user. For example are they on the latest version of Eset. Sounds a simple question but I've seen people posting about issues and they are using a version that's from years ago. Do they have Remote access enabled etc.

Also in this post they mentioned upgrading removed the ransomware but never updated the post to say about the files. Kaspersky may have deleted the ransomware but deleting only removes the virus so unsure if they now have encrypted files. I'd like to also add the fact you have been infected twice in the first place is worrying. As I have mentioned on a previous post about something similar, an AV can protect you but can never be 100 percent reliable. For that reason it is always good to have safe practices e.g. avoiding unknown sites, avoiding downloading cracks etc. If you are repeatedly infected, it is a good idea to look at the source and avoid returning

Problem is without any information it is hard to really know the issue. As Marcos has also mentioned, are they up to date with patches etc. Do they have the latest version of eset.

If you have been encrypted 3 times you really should look at how you got infected in the first place. An antivirus can help but you really need to look at your habits and those of your employers if your part of a company, try to educate your staff and put in procedures e.g. backups

If it is a scam should it not outright block it?

Please also tell us the version of nod32 you had. If it was a very old version it may not have had the ransomware protection

I'd like to see some improvements. If liveguard is no good detecting sandbox evasion surely many will just abuse this. @Marcosis there anything eset could implement to detect things like this?

I'd recommend opening eset. If you click the little triangle arrow it should be there. Open up and see if eset is disabled and if so try and enable it. If it doesn't work send us a screenshot of what you see and you may need to generate a log

I think what the person earlier was saying is that live guard is missing features that are available in eset advanced threat defence, now known as ESET LiveGuard Advanced. With ESET LiveGuard Advanced, which is available for business users, you can select the confident level, the idea being you can get alerted for things that appear suspicious but could be false positives. This isn't an option for home users and I belive the business users have other extra options to. It's not an option for home users to avoid false positives as a home user wouldn't be able to tell the difference. That's not to say liveguard can't protect you. I belive any protection is better than none.

I can confirm that clicking the lines brings it up and shows the bell although as far as I can remember the bell was always shown by default. Doesn't bother me just wasn't sure if it was a bug

Please post in English - translation seems to suggest you are saying new versions are missing?

This is exactly my point. If people class these missing features as basic, to me surely that should be the priority. If eset does decide to tweak the UI then great but when the next major version is released I'd be more happy to see newer security features and improved security features over the UI. I use Firewall in automatic mode but used to use it in manual. One of my biggest criticisms UI wise is the Firewall rules editor is not that UI friendly. You can't simply see the names e.g program 1 as it adds text to the start and unlike years ago there's not a logo icon to go with the names. As the Firewall works with an order system I.e higher rules take precedence so you can't actually arrange them by name. As much as I dislike the above method and hope one day to see it changed, I'd rather see improvements on actual security features.

Are you getting the issue with your license or the friend who purchased via amazon. Amazon wise eset aways recommends buying your license directly from eset. Buying from sites like Amazon can be risky as some people resell their licenses on these sites but they will sell a license that is designed for let's say 1 user to multiple people which will then cause the license to get blocked. I'd recommend sharing the public id license which is not the same as your actual license and is Safe to share on here

I've noticed for the last few weeks while I can see notifications when using chrome on my galaxy s20e the actual bell icon seems to have vanished. I'm sure it used to be there. Is this new behaviour or a new. Using chrome's desktop mode I can see the bell

Yeah with a previous AV I used before Eset I noticed each year that things got changed each yeah, and not just with AVs but programs in general. Sometimes one or new extras came but it often seemed the change in the UI was to trick people into thinking there was a lot of changes. As someone who has just moved into a basic IT job that involves basic assistance changes do tend to confuse new users. I'd never say no to changes but I do also appreciate that Esets UI has been pretty consistent for a while. As for the dark mode and general UI changes, if Eset can do changes then great but I'd rather it focused on protection over UI tweaks. There's features such as wildcards for HIPS, ransomware folder and roll back protection etc. That other AVs offer that many would like to see and I'd rather this took preference over design choices

I should also add what an unwanted application is. The link bellow defines it https://help.eset.com/glossary/en-US/unwanted_application.html Basically unwanted programs are programs that aren't technically malware but are greyware. They may try and install extra stuff, change windows settings, have tracking stuff and just general bad business practises. I'm mentioning this as I've seen a few people in the past demand eset should decide what to do with PUA but the whole point of this option is it is down to the user. If a warning comes up with the setting enabled, the user has to decide if the positives outweigh the positives, but usually if it's coming up there's probably a reason. That being said sometimes genuine stuff can be flagged because of what it does e.g. it could be potentially misused

It does appear that the issue is related to eset @Marcos

Problem is the trial will only run for 30 days

Eset doesn't release full betas much. Sometimes there might be benefits but usually the main thing is trying something before it is released, checking for bugs and giving feedback. Anyone can generally join these betas. Another kind of beta also exists for active forum users. These do include things like 15.1 and so on but often these betas will see new features before anyone even knows what they are. This is ran by @Peter Randziak but as mentioned I belive to be considered you need to be a regular active forum user. There are sometimes benefits but I'm reluctant to really give much information as everyone using this beta has to sign an NDA

Yeah sadly support is limited for trial users. It's worth buying a license however and they would definitely have a look at the issue

As marcos suggested above I'd open a support ticket and send some logs

With the main beta not as such. Eset does run another more regular beta for active forum users which does come with some benefits.

Logs will be needed. Often what seems like the same issue for 1 or more users, can actually be something different. Because of multiple different variables e.g. different setups, networks, hardware, software, there can't be a 1 fix solution. I should add that if you add the logs on here via the attachment option only eset staff can access these. When generating logs you can also decide what is shown

I just want to add the fact you've not been infected is irrelevant. If eset is finding a threat it is probably also stopping it from running. Disabling eset or putting an exception for the site would mean you where no longer getting that protection. I'd also add that the age of a site is not relevant. Many popular sites have been hacked in the past, their popularity working as an advantage for the hackers. There was a big outcry a while back as popular sites where using things like coinhive to use visitors browsers to mine for crypto currency without the users being aware. Websites can also be taken over. Often you'll find it may not be the site but content provided via third parties. I think @itman suggestion is the best option if you want to continue to use the website. However if the site is risky it is risky, and whatever method you use there will be a risk. However using something that will stop the script from ever running is safer than putting an exception via eset that would put you at risk for future issues

Did you use the apps buit in form and did you get an automated email with a ticket number? If so share that on here. I did think I saw this once and disabled it myself but can't find it now. My notifications for eset where all on apart from always on but turning that on didn't do anything.