Marcos

Try temporarily uninstalling ESET to confirm or rule out ESET being the culprit.

Since this is not a common issue and will require further investigation, I would recommend raising a support ticket with ESET LLC so that the case is properly tracked.

Unfortunately your screen shot does not show if you actually have advanced diagnostic logging disabled. Most likely not because changes in default settings are indicated according to your screen shot.

First of all, you are using a very old ESET Endpoint security product. We recommend uninstalling it and installing the latest version 7.2 from scratch to ensure that default settings are used. If you are still using Windows XP, use the latest version 6.5. As for cleaning in archives, I will need to find out which archives are fully supported. Normally it's up to the user to remove infected files from archives after being detected.

You can see in the test that ESET detected 100% of the samples in that SYNTHETIC (ie. not a real-world) "test" so no better result could be achieved. We have already commented on it as follows: This test is completely wrong. First of all, you skip the very first layer of defense - Web access protection which is very strong in ESET and blocks download from malicious urls which could save users in many cases from new malware even entering the system. Secondly, by disabling real-time protection you prevent HIPS from receiving events on the file system level and thus make HIPS and all HIPS dependent components ineffective, such as: Ransomware shield, Exploit Blocker, Advanced Memory Scanner, Deep Behavior Inspection, Advanced Machine Learning, etc. Disabling real-time protection is not just disabling the use of signatures which are, by the way, typically smart DNA signatures in case of ESET, ie. they only describe the malicious behavior to be detected. Disabling RTP prevents other modules from working effectively since they won't receive information about file system events which have nothing to do with signature detection whatsoever. In real world users must not and do not disable particular protection modules. If they do, they must understand they do it at their own risk and expose the machine to malware attacks and infection.

You can drop me a private message with the license key enclosed.

What is the default system browser? Do you have the latest Edge based on Chromium installed?

This forum is not a channel for disputing detections or url blocks. Please read How do I report a false positive or whitelist my software with ESET? Having said that, we'll draw this topic to a close.

This forum is not a channel for disputing detections or url blocks. Please read How do I report a false positive or whitelist my software with ESET? Having said that, we'll draw this topic to a close.

Why do you not want to use the Uninstall tool in safe mode?

I forgot, this was moved to diagnostic logging in the past:

Kindle Fire is supported by ESET products for mobile devices.

This forum is not a channel for disputing detections or url blocked. Please carry on according to the instruction at How do I report a false positive or whitelist my software with ESET? Having said that, we'll draw this topic to a close.

You can enable logging of blocked communications, however, this is not recommended as the firewall log may grow quickly.

ESET NOD32 Antivirus does not contain a firewall, therefore it cannot affect network communication except http(s). Does the issue go away after temporarily uninstalling ESET?

I'd recommend backing up settings and temporarily uninstalling ESET to find out if it's ESET-related or not.

During uninstallation we don't check for a license key. If necessary, use the uninstall tool in safe mode as advised above.

Try uninstalling ESET and installing the latest version 13.1.21 from scratch with default settings. Should the problem persist, enable advanced device control logging under tools -> diagnostics, reproduce the issue, disable logging, collect logs with ESET Log Collector and raise a support ticket with your local ESET customer care.

You have another similar topic here: https://forum.eset.com/topic/23131-topic-for-detender-of-drivesecurity-infected-memu-on-two-computers/ Since we're not moving any further, we'll draw this topic to a close. Please contact your local ESET customer care.

Especially on Windows 10 you should always use the latest version which is currently 13.1.24. Do not attempt to install v9 or anything older than v13.1.

ESET Online Scanner performs just an on-demand scan of your system. It doesn't install any driver that would be loaded at system start so there is no way it could affect the performance of your system. I assume that you are using another AV solution (Defender?) which is most likely causing it, or the culprit is another 3rd party application or the OS itself.

Files encrypted by Filecoder.Crysis cannot be decrypted. The decryptor you are referring to can be used for very old first variants of Crysis. Please collect logs with ESET Log Collector and supply the generated archive to samples[at]eset.com along with a couple of encrypted files (ideally Office documents) and the ransomware note with payment instructions.

The previous version was 13.1.16. Do you happen to know how you got 13.1.20 installed? Or you've made a typo? What OS do you use? Please provide logs collected with ESET Log Collector as well as export of HKLM\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Packages.

Unfortunately this is not a boot log but a standard Procmon log. Please create a boot log as per the KB article.

In safe mode you can uninstall it using the Uninstall tool: https://support.eset.com/en/kb5547-uninstall-your-eset-home-product-in-windows-10