Marcos

If you suspect memory leaks to be caused by ESET, please generate a complete memory dump as per http://support.eset.com/kb380. When done, compress the dump, collect logs with ELC, upload both archives to a safe location and pm me download links.

Oh no, a test performed by scanning files without further checking them with analysts if they are really malicious and if should be detected? I'd bet that checking them would reveal that at least 99% of them are not subject to detection. Feel free to drop me a link to an archive with those files so that I can check them out.

Let us know if uninstalling, removing "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security" and then installing v10.1 from scratch helps.

Version 10.1.219 is home version and is not manageable by ESET Remote Administrator. You should uninstall it and install ESET Endpoint Antivirus v6.5 instead.

Warp.php - detected by ESET as JS/Kryptik.BBC trojan for more than a year.

This forum is not meant to be a means for reporting undetected samples or urls. For instructions how to report them to ESET Research Lab, follow the instructions in the appropriate KB which is also listed in the FAQ section at the right-hand part of this forum. We kindly ask you to stop posting disallowed stuff here as breaking TOS repeatedly may result in account ban. We are not going to block the links just because they offer pharmacy and do not serve any malicious or scam content.

Collect logs with ELC and "Threat detection" selected from the menu, upload the archive to a safe location and pm me a download link. I assume it''s a fileless threat that is present in the registry only.

Internal emails are not scanned by default, however, there's an option to enable it. I'd suggest containing your local customer care to troubleshoot issues with undetected spam or malware on Exchange.

Unfortunately, you didn't mention what product you use. If ESET Endpoint Security or ESET Endpoint Antivirus and it's managed by ESET Remote Administrator, you can create policies via ERA.

ESET Internet Security is actually renamed ESET Smart Security, currently without Anti-Theft.

Try the following: - restart Windows - without launching any application, open the advanced setup, disable SSL/TLS scanning and click OK - re-enable SSL/TLS scanning and click OK - launch Thunderbird Was the problem solved?

The detection is correct. A toolbar is known to be bundled with CCleaer. Not sure if it's still possible to obtain an installer that doesn't contain it from somewhere. Anyways, it's detected as a potentially unsafe application. This detection is disabled by default.

The OP still uses the old ERA v5 and Endpoint v5 that are not managed via ELA and therefore cannot "eat" seats if a computer stops reporting to ERA and is replaced with a new one. In such case, it's enough to delete such computers from ERA as it allows to manages only the number of computers specified in a license file. I'd strongly recommend upgrading to ERA v6 and Endpoint v6 which also provides better protection especially on Windows 10.

The golden rule is that only one real-time protection should be active at a time. If you install ESET or another 3rd party antivirus, Windows will disable Defender. That also happens if an antivirus stops updating due to expired license; it has to deactivate its real-time protection and Defender will activate instead. I'd strongly recommend upgrading ESET to the latest v10 which not only addresses issues from older versions but it also bring improved protection, especially on Windows 10 (in particular, AMSI scanner, advanced script scanner and protected service).

Version 6.5.31 is the version of the whole ERA release. The version of the ERA Server can be found at http://support.eset.com/kb3690/, ie. ERA Server for Windows that belongs to the release is 6.5.522.0.

Allegedly Microsoft hasn't provided a 100% fix yet.

Try removing ESET in safe mode: http://support.eset.com/kb2289

Please see https://forum.eset.com/topic/12721-after-update-i-have-to-restart-again-and-again/ where you'll find instructions for creating 2 logs that we'll need for analysis.

It appears that both logs were created when unregistering callouts from BFE. Ie. I assume you inadvertently ran "EpfwWfpRegV10.1.2.exe /unreg > reg.txt" instead of "EpfwWfpRegV10.1.2.exe /reg > reg.txt".

It's a protected browser intended mainly for banking transactions. At the top you should also see a label "Secured by ESET".

The license was issued by Microbe Pty Ltd (http://www.microbe.com.au/), hence I'd suggest contacting them.

Well, in such case malware could easily add urls to the list of allowed addresses or to the list of addresses excluded from filtering to evade detection or to enable download of malicious content that would be otherwise blocked.

Then please provide me with the two logs as requested above.

Please download and run the attached tool as administrator as follows and provide me with the 2 logs: EpfwWfpRegV10.1.2.exe /unreg > unreg.txt EpfwWfpRegV10.1.2.exe /reg > reg.txt EpfwWfpRegV10.1.2.rar

Although I can't answer this question, I doubt that the list is stored in a plain text form so it doesn't matter if it's saved encrypted in the registry or on a disk in a binary file.