Marcos

Thank you for the heads-up. We have reproduced the delay and our engineers will look into it shortly. UPDATE: We've made a fix to HIPS which will be included in the HIPS module 1284. If you want to receive it among the first, switch to pre-release updates.

After an update all but whitelisted files will be re-scanned. If you compare the number of scanned files, it could be at least slightly lower after an update and running another scan. If you run a second scan before the next update, fewer files should be scanned.

I'd suggest configuring Windows to generate complete memory dumps. If you reproduce the crash, compress the memory dump, upload it to a safe location and pm me a download link along with logs in a zip file generated by ESET Log Collector.

Detection engine updates should be run after the system starts and then in a 60-minute interval, not at specific scheduled time. Do you have v10.1 installed? Do you also see in the Update pane a dot jumping up and down, indicating some activity of the module but without any update progress indicator?

Please configure Windows to generate complete memory dumps, then restart the system and reproduce the crash. When done, compress the memory dump, upload it to a safe location and pm me a download link. Also enclose logs collected by ESET Log Collector (it generates a zip archive). Before generating a memory dump, I'd recommend replacing RAM modules with the former 2x4 GB ones in order to get a smaller dump.

Detected as Win32/Filecoder.NLN Trojan since 2017-05-18 (detection engine update version 15437 released at ~16:30 CEST) Blocked in LiveGrid approx. 2 hours before the above mentioned update.

Does temporarily disabling real-time protection or HIPS (requires a computer restart) make a difference?

Please report it again as per the instructions at http://support.eset.com/kb141. Please report it again per the instructions at http://support.eset.com/kb141.

How did you submit the file to ESET? I was unable to find any pdf that has been submitted recently.

You can exclude your router's IP address from IDS detection of that particular attack.

The new build addresses several crashes and fixes small fonts in the Russian version. The new build will be available also for download from the download page next week.

In the Web and email setup, you can exclude specific applications from protocol filtering. Does adding the Skype executable resolve the problem? Alternatively you can temporarily switch the SSL/TLS scanner to interactive mode and exclude the certificate from scanning.

If you can't find it in the advanced setup, please post a screen shot of what you see in the User interface setup section.

Try uninstalling ESET and installing the latest version 10.1 from scratch. Then you should get the above screen with an option to disable change of protection status when Gamer mode is activated.

Couldn't it be that you attempt to update ESET from a network share and not from ESET's servers or via http?

ESET has released a command line tool for checking if a computer is vulnerable to the so-called EternalBlue exploit massively exploited by WannaCryptor recently. It's downloadable from https://help.eset.com/eset_tools/ESETEternalBlueChecker.exe

More on it here: https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d The point is: DO NOT REBOOT your infected machines and TRY wanakiwi ASAP*

Normally users should not change any of the default settings. They were chosen by ESET experts for best balance between protection and performance. Settings related to scanning, such as runtime packers or adv. heur. on access may have adverse effect on performance. However, nobody on Earth can tell you how much enabling them will affect performance as the impact may vary across environments and depends on files that are present on systems and operations that are frequently performed with files in particular environments. As for the policy editor, it is basically a copy of what the advanced setup in Endpoint looks like; the settings have the same label (a big improvement compared to ERAv5) and are virtually self-explanatory. The functionality of particular settings (such as Removable media access) may vary between old and newer versions and some settings may be even hidden or removed in newer versions to prevent users from accidentally disabling them. A good example is "Scan on" events; I've seen cases when users disabled scanning of local disks or scanning on file open/create/execute and then complained that they got infected. It is possible that we will hide them (at least in home products) as they should be used only for troubleshooting purposes. To sum it up, the basic rule is - keep default settings and configure only what you really need (e.g. trusted zone in firewall, rules, detection of potentially unsafe or unwanted applications, etc.). If you want to play with settings, enable a particular option (such as advanced heuristics or runtime packers on file access) and, if you notice impact on performance, disable them.

EFSW doesn't contain firewall which means it can't protect you against exploits at the network level. However, as long as you keep the system up to date and have all security updates installed, all known vulnerabilities should be already patched.

It's already fixed. The detection was from 2011. As per the announcement above, an updated version of the Crysis decoder is downloadable from https://download.eset.com/com/eset/tools/decryptors/crysis/latest/esetcrysisdecryptor.exe .

If you run the following command as an administrator, does it say that the service is running? sc query mpssvc If not, refer to the following web page for instructions how to get it up and running: http://www.wintips.org/windows-firewall-service-missing-in-windows-7-solved/

As for problems with red protection status caused by non-functional firewall on Windows 10, we have discovered that some users had Windows firewall disabled completely and the mpssvc service was not running nor was registered. For instructions how to fix it, refer to http://www.wintips.org/windows-firewall-service-missing-in-windows-7-solved/. To check if you have MpsSvc service running, run the following command as an administrator: sc query mpssvc @SlashRose There's no news on releasing the new fw module to regular update servers yet but we expect it to be released soon.

I've reported it to the provider of the website categorization database. Update: it's now categorized as Windows & File Repositories.

Check the web control log for a list of addresses blocked by category on the client. If certain url is categorized incorrectly, report miscategorization to the provider of the website categorization database, e.g. via https://www.eset.com/tools/miscat/.

On terminal servers the number of seats represents the number of clients connecting to it. It's similar to licensing products for mail servers - it depends on the number of protected mailboxes and it's not a license for 1 seat just because it's one server.