Marcos

This is a known issue present in v11.1.42 and will be fixed in the next service release.

Please check https://support.eset.com/kb6662/#mac. Did you try the following? Start macOS in Safe Boot Mode (hold Shift during startup). Open Terminal. Execute the following command in Terminal: sudo rm -rf "/Library/Application Support/ESET/esets/modules/em040_32.dat" Reboot your computer.

But please keep in mind that the less users use pre-release updates, the higher chance that modules from pre-release servers will get to regular update servers without possible bugs being not addressed first. Despite extensive internal QA tests that each module has to pass before it's put on pre-release servers, we cannot simulate and test modules with all possible system configurations that exist.

I confirm that ESET Firewall Helper is a legitimate service added in v11.1.42.

Do we advertise 3rd party products in our installer ? If so, please post a screen shot. The one posted above only shows ESET's products.

Please refer to http://www.serverframework.com/asynchronousevents/2011/01/time-wait-and-its-design-implications-for-protocols-and-scalable-servers.html. TIME_WAIT is a normal state after finishing a TCP connection and in this state the system monitors already closed connections for possible further packets. This time is controlled by the value TcpTimedWaitDelay which is set to 4 minutes by default. It is also not true that you would run out of free local ports because Windows takes into account the source and destination IP address and port, not only the port itself when establishing new connections. As for RpcSS, it's unrelated to the ekrn communication. It's just listed below ESET's connections and that's it, there's no correlation to ESET.

Honestly, I don't remember if we ever had bad modules on pre-release servers that could cause serious issues. We recommend using pre-release updates on non-production systems since they give you a possibility to test new modules that have passed QA tests and be among the first to receive them (similar to Insider preview builds of Windows 10; they are not of a poor quality and are released only an intensive QA testing). Even in the event of issues with pre-release updates, one can always switch back to regular updates, report the issue to ESET and wait until it's fixed. If there are not many users who use pre-release updates, new modules will not be installed on a variety of systems and possible issues cannot be discovered and fixed before modules get to regular update servers. Once a module is put on regular update servers, switching to pre-release updates won't help since they contain the same module. Then the only possible workaround is to restore a previous update snapshot which will also pause updates until the issue is addressed. 1, We are not aware of any issues with other settings. Splash screen settings are not critical and do not affect protection in any way. 2, What QA issues do you mean?

Not sure what you mean by " the number of hosts updated simultaneously at each remote site" since ERA Proxy is not used to update clients. ERA Agent installed on endpoints reports to ERA Proxy instead of ERA Server and then ERA Proxy relays all collected data to the ERA Server. Since the amount of data varies and depends on many variables, such as the number of alerts that have occurred, the number of agents, the interval in which agents connect to ERAS/ERA Proxy, etc. it's impossible to tell whether the bandwidth is sufficient. In case of issues, you can increase the connection interval and especially resolve alerts on endpoints and thus prevent the ERA Proxy from sending too much data to the ERA Server.

The issue will be address in Internet protection module 1331 which will be put on pre-release update servers soon, with regular update server to follow later.

Try updating from pre-release update servers. The issue should be addressed by the latest version of the Configuration Engine module 1659.3 which will be put on regular update servers probably next week.

Please find an answer at VT: https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy Information we share When you submit content to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive content that their engines do not detect as potentially harmful and are catalogued as harmful by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines. Our service terms require participating anti-malware and security companies to adhere to VirusTotal's Best Practices when using the samples. Files, URLs, comments and any other content submitted to or shared within VirusTotal may also be included in premium services offered by VirusTotal to the anti-malware and ICT security industry, with the sole aim of improving research and development activities, expecting it to lead to an overall safer internet and greater end-user protection. Participants include a broad range of cybersecurity professionals focused on product, service, and system security and security products and services.

I'm sorry, I confused it with epfwwfp.sys. Ekrnepfw.dll is just a dll that is loaded by ekrn.exe and is located in the ESET install folder.

Ekrnepfw is not a service but a driver. Does temporarily disabling Self-defense and rebooting the machine makes a difference? If not, what about disabling HIPS completely followed by a reboot?

Please check if HKEY_CURRENT_USER\Software\ESET\ESET Security\CurrentVersion\gui\UI_CONFIG\ShowSplash is set to 0 or 1.

Then that means the issue is not caused by ESET. If you have another computer in the network and install the Steam client on it, does the issue manifest as well?

Did you try another browser? With Firefox I'm not having any issues saving modified time budget.

What type of Samsung phone do you use? We have tested it and the phishing test page was blocked by EMS.

There were 4 files scanned some of which were probably archives, ie. 63 files/objects were scanned in total. If the scan time was less than 0.5 s, the total scan time will be shown as 0s.

I'm not getting those records in the system event log after upgrade to v11.1.42.1. If you clear the ESET event log, are those errors logged again after a computer restart?

This forum is not a channel for disputing blocks or detections. Please follow the instructions at https://support.eset.com/kb141/ to report it to ESET. The website has been compromised recently and appears to have been cleaned.

What version did you have previously installed? Did you upgrade to the latest version manually using a Live Installer or an offline installer, or through the built-in product update feature? I've upgraded from v11.1.40.0 to v11.1.40.1 via the in-product update feature and the names of devices that I previously edited were preserved.

Please clarify what you mean by S/N. Looking at report data, and adding "S/N" doesn't yield any results. Entering "serial" yields only the following ones:

It'd be good to know the result of scanning with the command line scanner ecls.exe which doesn't leverage cache and other smart optimization mechanism to skip trusted files.

We are working on a fully 64-bit version of ECS/ECSP.

The maker of the Password Manager is currently working on it with priority so we expect them to deliver newer binaries soon. At this point I can't promise any exact date.