Marcos

It doesn't matter if you uninstall ESET before formatting your disk. You will be able to activate it on Windows 10 in either case.

Yes, that is a correct behavior.

You can create allowing or blocking Device control rules based on the vendor, model and serial number of a device.

This service is not related to ERA but to the security product that you have installed. Do you have EFSW or Endpoint v6 installed on that machine? Is it configured to create a mirror and provide mirrored update files via http?

If you trust the certificate, you must add it to the Trusted root CA certificate store in order to make it trusted:

Does it work with IE? Does temporarily disabling HIPS and restarting the computer make a difference? We'll need a Process Monitor log as well as logs from ESET Log Collector for analysis. For instructions how to generate them, see the links in my signature. When done, upload the logs to a safe location and pm me a download link.

Does it work with IE? Does temporarily disabling HIPS and restarting the computer make a difference? We'll need a Process Monitor log as well as logs from ESET Log Collector for analysis. For instructions how to generate them, see the links in my signature. When done, upload the logs to a safe location and pm me a download link.

Even if that would be possible, we couldn't afford blocking an address without verification. If you manage to report a phishing url to Google for instance, there's a good chance ESET will block it soon too. For instance PhishTank provides an API but it seems it's only for retrieving data from their servers, e.g. if you want to find out if a particular url is phishing.

Ekrn.exe loads egui.exe.

Please run ESET Log Collector as per the instructions linked in my signature and supply me with the generated zip file via a pm.

I'd also add that HIPS is a fundamental protection feature without which self-defense, Advanced memory scanner, Exploit Blocker and Ransomware protection don't work. I emphasize this as there are some users who like to disable particular features without knowing what other protection modules it affects and how substantially they reduce proactive protection provided by ESET's advanced technology.

Let's start off with providing me with basic logs. In particular: - in the advanced setup, Tools -> Diagnostics, enable advanced update engine logging - run manual update - collect logs using ESET Log Collector as per the instructions linked in my signature If the generated zip file is too large to attach, upload it to a safe location (e.g. wetransfer.com) and pm me a download link.

The files were encrypted by Filecoder.Crysis. Unfortunately, decryption is not possible. Crysis has been seen to be triggered by an attacker after getting to a computer via unsecured RDP: https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/. It's important to back up important data on regular basis, secure RDP (or disable it, if not needed) and practice safe computing. Also we recommend protecting ESET's settings with a password to prevent unauthorized users from disabling or uninstalling AV.

Did you upgrade to v10 from an older version? Does uninstalling ESS and installing it from scratch resolve the issue?

Already there. It's called Smart mode. Files are run in a virtual environment to determine the behavior. Not sure what you mean. Not sure what you mean. By default, detected malware is automatically cleaned without asking the user. It's been there for ages but only for the on-demand scanner. We don't plan to extend it to web/email/real-time protection as the computer could been every while.

As itman wrote, do not install the Epfwlwf driver if you have Windows 10 with v10 installed. I'd start off by uninstalling ESET and running the ESET Uninstall tool to make sure it's removed completely.

We've fixed the international Customer care support contact page. Are you still having the issue? If so, please post a screen shot of the web page with the address bar included.

Restarting your computer should resolve the issue.

Your assumption is wrong. With ESS/EIS v10 installed, no ESET firewall driver is supposed to appear in the ethernet adapter properties. As for the problem with Device control, it could be registry permission issues which causes it not to register in the system. Since further troubleshooting will be needed, including an analysis of a Process Monitor log as well logs collected by ESET Log Collector, I'd suggest contacting your local customer care.

Do you also have http scanning enabled?

Did you somehow format the threat record that each field is on a new line? I'm asking cause Hash and First seen here are shifted one line down. Correctly it should look like: Information: Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe (8288B566340C2BFEC37768F5A029027DDA7C2A5B) Hash: 793568AC8277B3F03FAC123E0898A16AF1E103A5 First seen here:

You have protocol filtering disabled. As a result, the computer is exposed to Internet-borne threats and other protection features that depend on it will not work. Namely HTTP(S)/IMAP(S)/POP3(S) scanning and Web Control.

You can try uninstalling v8 and installing it from scratch. The error used to occur during an upgrade from v3/v4 versions and could be fixed by editing the registry but in this case it's most likely different as you didn't upgrade. We will always recommend using the latest version of the ESET product as it contains a lot of fixes from older versions besides other improvements.

Save it as a file and attach the file then.

It can't be sortable because the order of rules determines the priority and the first matched rule is applied. Sorting rules would completely affect the firewall behavior. However, there's a filter which you can use to show only desired rules, e.g. you can filter them by "Zulassen".