Marcos

Could you please clarify what is the issue? You have firewall set to interactive mode and you were correctly asked about communication for which you granted one-time permission.

@NGR The issue concerns only gui. According to the logs and dump, "no update needed" was returned. At the time the dump of ekrn was generated, the system had been running for ~50 seconds and no update was attempted yet. A fix for the gui issue will be included in future v10.1+ builds.

Did you really run the command-line scanner ecls.exe as I asked and not a scan from gui?

How long does it take to scan with ecls.exe (the command-line scanner) which is part of EFSW? Does the scan complete?

That is not correct. Cloud blacklists are downloaded every few minutes. The problem with frequent updates is that you can't test them against clean files. Also in case of a false positive, they can affect many more users within a short period of time. But yes, we are working on significant improvements to make delivering updates even faster.

Please elaborate more on what you dislike about ERA v6. We've made many improvements based on users' feedback. Our goal is to tailor ERA to your needs and therefore we seriously consider suggestions and ideas that you provide us with and which are valuable source of inspirations for future versions.

Here it is: http://support.eset.com/kb380/

The sample is already detected: 0ad6607cd53b7326acd8440a514e15d9976c238e - Win32/Filecoder.FV trojan https://www.virustotal.com/en/file/7dcb5a3b0928bc8308e3a1203f5c2e656dfd46630fb356bd4684924565bd4e7f/analysis/1501601793/ The detection was added in 15842, we're already at 15843.

I'm not aware of any case with v10 when ESET was the culprit of BSOD. Crashes that we've been reported were caused by 3rd party drivers. Unfortunately, without a memory dump we can't tell what caused the crash.

Are you able to reproduce the crash? I've added a link to a KB with instructions how to configure Windows to generate complete memory dumps.

In order for me to review your Endpoint configuration, drop me a pm with ELC logs attached. For instructions how to use ELC, see the appropriate link in my signature.

If you can reproduce the crash, please configure Windows to generate complete memory dumps as per the instructions at http://support.eset.com/kb380 and then reproduce it. Afterwards upload the generated dump in a compressed form to a safe location and pm me the download link. It's usually a 3rd party driver or unpatched system which causes BSOD in conjunction with ESET.

Please try now, I've adjusted permissions. Also I've amended the instructions since a complete application dump of ekrn will suffice and we won't need a complete memory dump for analysis.

In order to find out what exactly has allocated that much RAM, we'll need you to enable ekrn heap tracing by importing the attached reg file in safe mode. After starting Windows in normal mode, reproduce the issue with high ekrn memory usage and manually generate a dump of ekrn via the advanced setup -> tools -> diagnostics - create (dump.) Finally collect logs with ELC as per the instructions linked in my signature, upload the generated zip file to a safe location and pm me the download link. ekrn_heap_tracing.rar

Please also post a screen shot of the Protection status window in Endpoint on such client. Is only anti-phishing malfunctioning or web access protection too?

If anti-phishing (AP) is actually enabled on clients, Endpoint doesn't report any issues and agent connects to ERAS, there should be no reason why you would get reports that AP is disabled. Could you post a screen shot of the ERA console where you see this being reported as well as a screen shot of the appropriate Protection status window in Endpoint on that machine? Do you use the latest version of ERA and Endpoint?

The problem with missing file was fixed yesterday.

Please carry on as follows: - in the advanced setup -> tools -> diagnostics, enable advanced update engine logging - reboot the computer to reproduce the issue - when the issue occurs and update appears to be stuck, create a dump of ekrn via the advanced setup -> tools -> diagnostics -> create (dump) - disable logging - collect logs with ELC as per the instructions linked in my signature, upload the zip archive to a safe location and pm me a download link.

I was not referring to BPP but to http scanning and url blocking which are fundamental features in terms of antivirus protection. These work independently of the browser.

It appears that a file needed for upgrade to 10.1.219 is not available on update servers but otherwise modules update fine: 31. 7. 2017 5:21:44 ESET Kernel The virus signature database was successfully updated to version 15834 (20170731). We will do our best to fix the issue with the missing file as soon as possible.

The font used in earlier v10.1 versions was tiny and almost unreadable which was fixed in v10.1.210. What is the problem with the current size of the font? Even if it's slightly smaller than in v10.0, it's still big enough I'd say and it was approved by the Russian partner too.

Please enable advanced update engine logging in the advanced setup -> tools -> diagnostics and run manual update. Then disable logging, collect logs with ELC as per the instructions linked in my signature and provide me with the generated zip file. If too big to attach, upload it to a safe location and pm me a download link.

If you mean Edge browser, then yes. It's the default browser in Windows 10 so there shouldn't be any compatibility issues. ESET works more-less independently from the browser used.

What memory usage do you see in the task manager for ekrn.exe and egui.exe?

You can also try temporarily uninstalling ESS to see if the issue recurs or not. In order to stay protected, you can install ESET NOD32 Antivirus which you are eligible to use with an ESS license. EAV does not intervene in network communication whatsoever, the only exception are application protocols HTTP(S), POP3(S) and IMAP(S) provided that protocol filtering is enabled.