sdnian

So this is not a problem with ESET? Then I should make this video public, reminding ESET customers to pay attention to this problem.

No. this don't need Admin rights. It just a user account in that video.

I reported to sample@eset.com on January 17th that ESET could not block ransomware, but I have not received any response at the moment. I just tested it again, this ransomware still successfully encrypts the file. Can someone handle it? See the video for details - ESET can't stop the ransomware in this situation

Okay, I see. Thanks for your reply.

Hello, This client has been installed ESET Endpoint Antivirus v7.0.2073.1. But why the version of "LATEST APPLICATION VERSION" is 6.5.2132.1 ? Most of clients are correct, only few clients have this kind of issue. How to fix it?

Is it the same issue with https://forum.eset.com/topic/16536-resource-not-found-after-upgrade-esmc-v7/ ?

I've a Linux Server, OS: SLES 11 SP4 + OES 2005 SP1. I installed ESET File Security for Linux Server 4.5.11 and setting PAC to scan / Everything is okay. I try to download eicar.com from Internet to save any folders. It can be detected and deleted by EFS. But if I copy eicar.com from Windows to this server volume (It's Novell NSS volume). It can't be detected. If I miss something? How to resolve it?

You are right. Thanks!

@Peter Randziak

After upgrade to ESMC 7. There are many items named '<resource-not-found-........>', how to fix it?

Finally, I found where is the problem. It works now. Thank you for your help.

@Pinni3 Thank you for your reply. But at the first post, I used no credentials settings in the Apache HTTP Proxy. Okay, I removed the it, go back to the settings without authentication. But still don't work. Do you have other suggestions?

@MichalJ I've setup username/password for Apache HTTP Proxy, but still don't work. I have confirm the username/password are right. The username is eset, password is 123 curl --proxy hxxp://192.168.1.2:3128/ -U eset:xxx https://edf.eset.com/edf curl: (56) Received HTTP code 407 from proxy after CONNECT The password of this command is wrong. So I get error code 407. curl --proxy hxxp://192.168.1.2:3128/ -U eset:123 https://edf.eset.com/edf <?xml version="1.0" encoding="UTF-8"?><ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp"><ecp:response><code>20101003</code><message>Unsupported Content-type: unknown</message></ecp:response></ecp:message> This command work well. Now, ESMC Agent error message is.. ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.1.1" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.1.1" port: 2222 with proxy set as: Proxy: Connection: 192.168.1.2:3128, Credentials: Name: eset, Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 10.11.3.247:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 5df4b312-4e4b-4aa4-b4ea-be3d56defcf0, Sent logs: 0, Cached static objects: 69, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 215 Could you please tell me more detail information how to fix it? Thank you!

I'd like to settings ESMC agent v7 to connect ESMC Server through Apache HTTP proxy. But it's don't work. For example, I've these three computers. ESMC Server: 192.168.1.1 Apache HTTP Proxy: 192.168.1.2 ESMC Agent: 192.168.1.10 If let ESMC agent connect to EMSC server, port 2222. It works! But I setup to use proxy server, host: 192.168.1.2, port 3128 in ESMC agent. And I block source 192.168.1.10 in ESMC server. But it connect failed. If I change the httpd.conf. Remark the line 'deny from all' between <Proxy *> </Proxy>. It could connect again. Next, I read the document - https://support.eset.com/kb6920/. So I've enable 'deny from all' back, but I add below contents: <ProxyMatch ^192.168.1.1$> Allow from all </ProxyMatch> It can't connect again. (I've restart Apache HTTP Proxy) The error message: ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.1.1" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.1.1" port: 2222 with proxy set as: Proxy: Connection: 192.1.1.2:3128, Credentials: Name: , Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.1.1.1:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 5df4b312-4e4b-4aa4-b4ea-be3d56defcf0, Sent logs: 0, Cached static objects: 69, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 91 What do I wrong?

It works. Thank you!

I use Agent live installer to create ESMCAgentInstaller.bat. Then run it in clients.

Try this settings

ESMC Agent v7 could connect to server through http proxy. It's a good improve. But could I assign proxy settings when install it? (I know how to give setting from policy. I don't ask this. Because sometimes clients can't connect server directly. So it can't get policy settings from ESMC server. That is why it need proxy.)

You can't use "ESMC Component upgrade Task" to upgrade ERA agent 6.x to ESMC agent 7. Read this document, it show how to do it. https://support.eset.com/KB6819/

I found there is a free tool on the internet, it could delete ESET files immediate. Don't need to reboot or do it in safe mode. Please fix it.

@Marcos PM sent, please check it.

I've test the same settings in version 6.6.2072.4. There is no such issue.

Okay.. I try it by your steps. Yes, it really scan by HTTP filter.

For example.. I'd like to exclude IP address 192.168.1.10 by web protection scanning. So I setup '192.168.1.10' in the 'Excluded IP addresses' list. Then I try to download eicar.com from 192.168.1.10. It should be detected by real-time protection. Right? But this file be detected by HTTP scanner in version 6.6.2078.5.

I setup an IP address for excluded web protection scanning, but it doesn't work in the version 6.6.2078.5. Could someone check it? The older version work well with the same settings.