Marcos

Since you are no longer experiencing the crash, we consider the issue resolved.

Does your Surface Pro use a Qualcomm ARM or Intel x86 CPU? If the former, did you download essp_arm64.exe v18.2.14? Since we haven't received such reports, please follow up with a support ticket as a full memory dump from the crash will be needed for analysis.

You can right-click MRT.exe in the Browser protection log and select Add to browser protection allowlist from the menu to allow access to your browsers' user profile folders for the said process.

The detection is most likely correct. What website is the threat detected on?

It did what it was supposed to do, ie. block access to your browsers' user profile folder.

You can upload logs here, they are available only to ESET staff. Besides logs collected with ESET Log Collector, we'll also need a Procmon boot log with logging stopped after svchost.exe has been logged in the Browser protection log.

Please rephrase your question to make it more clear. If it's related to ESET Vulnerability and Patch Management, please follow up with a support ticket.

A Procmon boot log along with ELC logs might shed more light into why svchost.exe is reading your browsers' user profile folders.

It means that svchost.exe was attempting to access your browsers' user profile folders. As to why, we can't tell, but I recall seeing it on my VM once.

Please refer to https://support.eset.com/en/kb8650 for instructions how to proceed. Should the problem persist, please follow up with a support ticket.

In order to keep the discussion in one place, we'll draw this topic to a close. Please continue the discussion in the existing topic https://forum.eset.com/topic/45848-eset-smart-banking-keeps-showing/.

Please provide logs collected with ESET Log Collector. Then try the following: 1, Disable Safe Banking and Browsing. Click OK to save settings and close the setup. 2. Enable Safe Banking and Browsing and click OK. 3, Delete the desktop icon 4, Reboot the machine Let us know if the icon re-appeared or not. How did you upgrade to v18.2.14? Manually by running an installer, clicking Update now, or automatically?

The behavior has not changed since Secure Banking & Browsing was introduced. However, as of v19, the desktop icon opening the isolated browser will not be restored unless specific events occur, such as a product change.

Deleting the content of C:\Windows\System32\drivers\etc\hosts will fix it. The records were most likely added by an activation crack for an Adobe sw.

Interactive mode is not supported on macOS. You can allow the desired blocked communication directly from the Firewall log.