All Activity

I just realize that I can reply to the previous PM without exceeding the PM quota. Sorry!

You can upload the file to a safe location, such as Google Drive, OneDrive, Dropbox, etc. and drop me a private message with a download link.

Please sign up for this forum, re-post in the Malware finding and cleaning in English and enclose logs collected with ESET Log Collector. Also provide a screenshot for clarification of what threats you mean.

Could you provide a work email? I'm allowed 1 PM each day...

You could simply put a DKMS config file in the right place, so it is picked up automatically in case DKMS is installed. This does not hurt and does not add dependencies.

We should run powershell only when the computer starts. Please provide a WPR recording for perusal.

Hi, I have to say that I don't expect the boot log to contain high CPU info. It only occurs after the screen is locked. Would you accept a WPR recording? I can generate one quickly. That reflects my lock-screen use case, not manually executing the powershell command. I believe the key is why and under what condition the powershell process is launched. Why does it insist on 10.43.27.0, instead of the obviously correct 17.1.11.0? And if this behavior can be disabled, everything will be fine.

Please raise a support ticket, we'll need to check pcap logs with the network communication captured.

I've checked the logs but didn't find any signs of high CPU utilization. However, it took quite long to run powershell although all particular operations were finished quickly. The speed may be affected by Microsoft Store since a check of the installation status of the UWP application EsetContextMenu.msix is queued, however, that wasn't probably the case according to the Procmon log. If you can reproduce high CPU utilization by running the above Powershell command, please carry on as follows: Enable advanced operating system logging under Tools -> Diagnostics -> Advanced logging in the advanced setup Stop logging after 30--60s Collect logs with ESET Log Collector and upload the generated archive to a safe location (e.g. OneDrive, Dropbox,...) and drop me a personal message with a download link.

Hi, yes machines outside the network have access, but only on port 3128, ICMP, etc. are disabled. At the moment, we have ESET Protect and ESET Bridge on a separate server in the same subnet. In ESET Protect, I see the ESET Bridge server, and there is communication between them on port 2222. However, there is still an issue with communication from computers outside the network

The installation directory is my long-time preference for a reasonably short and no-space-in-between path. Almost all my non-"green" programs are installed under C:\Tools if there is a choice. It works fine for decades. As far as I can tell, this issue only appears about 30s after the screen is locked (when the fan starts to spin, as also confirmed by a couple of WPR recordings). The boot log can help to investigate the context menu issue, I suppose. As reported above, (Get-AppxPackage -Name 'EsetContextMenu').version equals 17.1.11.0 on my machine. So we can be certain that the package will be removed and installed in vain, right? I can provide a WPR recording for my lock-screen use case, if that's helpful. You can clearly see the CPU spikes caused by powershell.exe and the package management service.

ESET HOME Security Premium subscription entitles you to install the following ESET security products: ESET Home Security Premium Products and features you can activate are displayed in the table below: Products Windows macOS Android iOS ESET Smart Security Premium ✔ ESET Internet Security ✔ ESET NOD32 Antivirus ✔ ESET Cyber Security ✔ ESET Mobile Security ✔ ESET Parental Control ✔ ESET Smart TV Security ✔ Features ESET Password Manager ✔ ✔ ✔ ✔

Hi all, If I buy ESET Smart Security Premium license (there are e-stores that still have this item) can I install and activate the license on ESET HOME Security Premium (new software portofolio) ?? Thanks.

The Procmon log didn't show high CPU utilization. Are you able to reproduce it when running the following command as an administrator? "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.43.27.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Tools\ESET\EsetContextMenu.msix' -ExternalLocation 'C:\Tools\ESET\' } Is there any reason why ESET is installed in C:\tools instead of C:\Program Files?

The boot log file is PMed to you. Thanks!

Thanks again! The package info: RunspaceId : af3c5853-c924-4d3e-8b89-fbe60713791c Name : EsetContextMenu Publisher : CN="ESET, spol. s r.o.", O="ESET, spol. s r.o.", L=Brati slava, C=SK, SERIALNUMBER=31333532, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SK PublisherId : f55j32bkf4yvt Architecture : Neutral ResourceId : Version : 17.1.11.0 PackageFamilyName : EsetContextMenu_f55j32bkf4yvt PackageFullName : EsetContextMenu_17.1.11.0_neutral__f55j32bkf4yvt InstallLocation : C:\Program Files\WindowsApps\EsetContextMenu_17.1.11.0_n eutral__f55j32bkf4yvt IsFramework : False PackageUserInformation : {} IsResourcePackage : False IsBundle : False IsDevelopmentMode : False NonRemovable : False Dependencies : {} IsPartiallyStaged : False SignatureKind : Developer Status : Ok I can reboot my machine and add the boot log in about an hour.

I'd like to have a look into it so please provide: 1, The output of running the command: Get-AppxPackage -Name "Eset*" 2, A Procmon boot log.

Thanks! Ticket submitted. I'll leave this open for the time being, and post the solution for other users to see. By the way, on my laptop with a brand new installation of Windows 11 Simplified Chinese Edition, the context menu is still broken, in the same manner as shown by @TOM111 here.

Please raise a support ticket. Integration in the context menu should be performed only once during installation.

With ESET Internet Security 17.1.11.0 on my Windows 11 laptop, powershell.exe is almost always automatically launched in the background during screen lock. This is similar to what's reported here and here. WPR shows the command line: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.43.27.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Tools\ESET\EsetContextMenu.msix' -ExternalLocation 'C:\Tools\ESET\' } It seems that the culprit is Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.43.27.0'. If I execute this line manually, the reported package version is 17.1.11.0, as expected. So this command checks the wrong version number and performs package removal and installation again and again. By the way, a raw string search shows that quite a few .exe and .dll files in the ESET installation directory happen to contain 10.43.27.0, including ekrn.exe, egui.exe, shellExt.dll, etc. A workaround would be highly appreciated.

This could be a solution. However, since the same computers are already exist in other groups, when deleted from the newly created static group , will the old data can be deleted together or still exist separately ?

Thanks for info, I got little messy feedback from customers about problematic versions. But if I understand, fix simply reverts NODEJS to exclusion of TLS check? So state will be not optimal for javascript security, So some help for manual config accommodation will help I hope. I recommended switching on explicit check of node.exe, but we not yet tested slowdown penalty for data heavy applications...

Please uninstall ESET Mail Security, reboot the server and install ESET Server Security.

Internet protection 1475.1 fixes the issue with NodeJS. It's currently available on the pre-release update channel and for consumer products, with Endpoint to follow soon.

You can create a detection exclusion if you don't want the pdf files used for security awareness phishing tests to be detected.