Marcos

Is the number of scanned files growing in the statistics? I'd recommend uninstalling v9 and installing the latest v10 with default settings to see if it makes a difference. Also I'd like to mention that v11 is going to be released in English and other remaining languages soon so you will be able to upgrade to it once available.

How did you determine this?

When you download a file bigger than 1 MB or so via http, it's first saved to a temporary folder and scanned. After being scanned, it should be deleted automatically. If you don't want to scan files downloaded from a particular url, add the url to the list of addresses excluded from filtering.

This detection was removed about 2 weeks ago since after years of existence it has recently started to trigger detection on the said script due to certain changes having been made to it. The user should run update in order to receive current modules.

That's because egui is now loaded by the operating system at the time when the utilization of system resources is lower.

V11 was released only in few languages so far with English and other languages to follow soon.

There's nothing to fix if the PUA is continually downloaded due to sync being turned on. All what ESET can do is detect and block it every time it's downloaded during syncing. If Chrome was able to detect that a particular extension has been deleted and would sync this change with other Chrome instances, the problem of perpetual detection would be gone.

Please continue in English in the existing discussion at https://forum.eset.com/topic/13073-jsmindsparke/.

Perhaps a Wireshark log from installation could shed more light into the communication issue.

You can download and install ESET Internet Security v10 if you don't need Anti-Theft. As of v11, Anti-Theft will be included in EIS as well.

This forum does not serve as a channel for reporting possible false positives. Please refer to the appropriate KB with instructions for reporting files or url blocks to ESET at the right-hand side of this forum.

"Contained infected files" is reported when an action was taken on a child object. I reckon that double-clicking such record would display more detailed information.

Please clarify what you mean. If you have outdated modules for some reason, clicking Check for updates will connect to an ESET update server and download newer updates, if exist.

I have no clue why you did it so difficult and limited to explorer.exe. I use a simple HIPS rule to ask me about an action before launching an application for which no rule exists yet. I don't limit it to explorer.exe as only a small portion of files are executed via Explorer.

Please try downloading and installing v10.1.231 from https://www.dropbox.com/sh/4tsiifvxzviym8z/AAB4VjY71XE9pzq6woz7Ch1ua?dl=0.

You didn't mention what browser and version you use. If you use Chrome v61, it will be supported as of the upcoming version 10.1.231 which should be released soon.

Please try disabling the following setting in the advanced setup: Tools -> Gamer mode -> Enable gamer mode when running applications in full-screen mode automatically.

Unfortunately, the forum system doesn't offer such an option. In order to be able to mark a best answer, the type of the forum would need to be changed to the "question" type forum where replies would not appear in chronological order but would be ordered by the number of likes which is not suitable for our forum.

Please compress the content of the above mentioned folder and submit it to samples[at]eset.com. Then try to uninstall the adware via Control panel. If that's not possible, collect logs with ELC and provide me with the generated zip file.

Logs collected by ELC shouldn't be that large so it will be definitely worth checking them. You can upload the archive to Dropbox, Onedrive, Wetransfer, etc. and provide me with a download link.

Please post a complete record / line from the Detected threats logs so that we have all information about the detection. What browser do you use? Is the adware detected even if you use a different one?

This sounds like a bug. I'll consult it with developers but in my opinion the search function should work for any of the rule parameters.

If the suspicious files in the startup folder are still there and are not detected, submit them to samples[at]eset.com in an archive encrypted with the password "infected". However, it could be just simple vbs/lnk files that run/open a specific file or website so they themselves may not pose a risk if the target doesn't exist any more.

Please provide more information about what files your clients want to exclude and for what reason. Using exclusions is not recommended since every exclusion creates a security hole. Regarding ports, I don't understand the request since you've posted in the ESET NOD32 Antivirus forum which doesn't contain a firewall. As for importing configuration from the command line, see http://help.eset.com/ees/6.6/en-US/index.html?idh_config_ecmd.htm. This is only supported in Endpoint 6.6 and we strongly recommend signing xml files that you import for security reasons.

Couldn't it be that you have activated ESET via a wired connection the first time and then via a wifi connection? As for managing home license activations, this will be possible via my.eset.com as of v11 which should be released soon.