Marcos

It happens that legit applications scan computers for open ports. Also because of this, there's an option to define exceptions for particular IDS detections.

To be honest, I'm not aware of any recent crashes caused by ESET. The fact that eamonm.sys was listed as the culprit does not necessarily mean that it really was. Please get a kernel or better complete memory dump from a crash, compress it, upload it to a safe location and pm me a download link. We'll check the dump and let you know the cause.

By "crashed system" do you mean BSOD? If so, we'd need to get a kernel or better complete memory dump from the crash to determine the cause and to confirm or deny that it was caused by ESET. At the moment I'm not aware of any recent crashes caused by ESET.

Many threats don't require an update of the detection engine in order to be detected. With a new type of updates that should be introduced within the next few weeks, the version of the detection engine will become even less important than it's ever been.

We will consider adding information about the last successful update to the tooltip.

The version of the detection engine is still logged in the event log. If it's easily reproducible, it's a bug in German and possibly some other language versions. Never saw this issue in English version.

Please report any FPs (be it Generik or something else) to samples [at].eset.sk. As for the differences between DNA and XDNA detections,both are based on the results of emulation by advanced heuristics. While DNA detections are based on so-called DNAs of function calls, XDNA detections use various metadata gathered during emulation.

Please post a screen shot of the pop-up window for clarification.

Kryptik is a generic detection of the envelope or obfuscation method. Its name doesn't tell anything about the malware beneath the envelope. The detection is based on emulation by advanced heuristics. GenKryptik is same but it's generated by automatized systems. Generik detections are generated by automatized systems. They are less smart that (Gen)Kryptik or other DNA/XDNA detections created by humans and are usually only temporary until they are replaced with a smarter detection.

It could be that more threats were found in an archive so the number of threats was higher that the number of objects (files).

Ekrn is started as soon as possible, among the first services. It's the crucial process responsible for protecting your system. As of v11, egui is loaded by the operating system when the resource load is lower. This change was needed in order to comply with Microsoft's conditions in terms of performance on startup and in order to receive certification. Instead of the flashing command line window, we could simply display the splash-screen after a fixed period of 30 seconds which was less acceptable than the current solution when the operating system decides when is the right time to run egui.

As of v11, egui is loaded by the operating system when the resource load is lower. We had to change the behavior in order to acquire Microsoft certification. It's just the gui that loads with a small delay, not the kernel which is the component responsible for protecting the system.

The files were encrypted by Filecoder.Crysis. Decryption is not possible. Modus operandi is that an attacker runs a bruteforce attack on RDP, disables or uninstalls AV and then runs ransomware to encrypt files. It could also be that files were encrypted from a remote computer in shares for which the remote user has write permissions. Make sure that you have the latest version of the ESET product installed and all protection features are enabled. We recommend protecting the settings with a password and also enabling detection of potentially unsafe applications.

That's possible because starting with v11 it's the operating system that decides when is the right time to start egui to avoid any performance impact during system startup.

On my computer it took 13 minutes to scan ~850,000 files. In your log, I see that ~1,553,000 files were scanned in ~5 hours. I'd start of by running a full disk scan locally and providing me with ELC logs from that machine, including on-demand scan details selected to be collected.

Try the following: - Temporarily uninstall ESET. - Check for the presence of the above mentioned registry key. It should not exist. - Install v11. - Check for the presence of the registry key. Let us know about your findings. Did you previously upgrade to v11 from an older version? If so, was it v10 or an older one?

As of v10 this should not be present in the run registry key at all as egui is started by ekrn.

ESET's gui is not transparent at all and the transparency cannot be configured either. I assume that you have some 3rd party application installed that can change transparency for application windows.

Pokial sa jedna o predinstalovane aplikacie, jedinou moznostou je ich vypnut v nastaveniach systemu, kedze sa nachadzaju v pamati ROM, do ktorej sa neda zapisovat.

Do you mean update of the modules or the whole program? Theoretically it could be Webcam protection causing this albeit I've never heard about such issue. Does the issue actually go away after disabling Webcam protection or temporarily uninstalling ESET?

You didn't mention what browser / version you use but generally browsers have an option to control if history should be remembered or not.

Shortcuts are scanned like any other files, ie. when accessed by the operating system or other applications. You could try temporarily disabling automatic start of real-time protection and rebooting the system to see if it makes a difference.

If you don't use ESET's BPP for online banking, you can use an alternative solution. What you should avoid is using multiple real-time or HIPS protections at a time.

The correct way of submitting samples is by following instructions in the above mentioned KB. We don't recommend using the built-in form, especially if you expect a reply.

ESET does not detect nor delete cookies. Does temporarily disabling real-time protection make a difference? If not, what about completely uninstalling ESET for a test?