Marcos

If those files didn't appear in logs before, it could be that they didn't exist before or unpacking of SmartAssembly stuff has been added or adjusted recently. What does the error say in English?

Please provide us with a complete memory dump from the point when having too many firewall rules causes all network connections to be blocked. For instructions how to configure Windows to generate memory dumps manually, read http://support.eset.com/kb380/. Once a complete memory dump has been generated, compress it, upload it to a safe location and pm me a download link. Just our of curiosity, approximately how many rules have been created in learning mode automatically?

Please make sure that you have Antivirus and antispyware module 1514 installed (see the About window). As a temporary solution, in the advanced setup -> Antivirus -> HIPS, disable Protected service. Make sure to enable it once you have updated modules to the latest version.

No, it's not possible to resize the main window as long as it contains the image of the android; it wouldn't be easy to make it look good after resizing. Logs and many of the tools can be opened in a new resizable window, however.

Most likely a blacklisted VMProtect license was used to pack the file. Are you positive it's the original file created by the vendor and not a file installed by a crack for instance?

Since it's an mbr virus, you'll need to restore mbr from the Windows recovery console. For instructions, see https://neosmart.net/wiki/fix-mbr/ for instance.

Currently exporting and importing configuration using ecmd in a secure way is available only to a limited number of corporate users as it requires an xml file to be signed with an ESET tool for security reasons. It's possible to select "None" as authorization method, but this is insecure and not recommended. As for disabling / enabling protection features, from ERAS you can run the following "Run command" tasks:

If you come across a suspicious or harmfull website that is not blocked by ESET, please report it as per the instructions at http://support.eset.com/kb141.

Also include the yellow ESET notification windows. Where did you click on http://news.nationalpost.com/ to get to an https link?

Although ESET may work well or at least with limited support by HIPS on not yet released Windows 10 builds, we guarantee full support only for already released builds.

ESET notifies you about untrusted certificates, there's absolutely nothing wrong with this. A certificate is considered untrusted if it's validity is not within your system date. Since you said that you're getting notifications on many reputable website, I'd recommend checking your system date and making sure it's correct. You can also verity a website's certificate at https://www.ssllabs.com/ssltest/. If your system date is correct, please provide a screen shot of such notification as well as a screen shot of the certificate details.

Do you really mean Redstone which was released in 2016 or Creators Update which is due to release in April? If the former, then all recent ESET's products are fully compatible with it.

Not sure what you mean as there's only a "Pause" button (or "||") which enables you to pause a scan until you resume it manually. I don't have any "Stop scheduled Scans" in v10. If possible, provide a screen shot to clarify what you mean.

Only HIPS can prevent clean applications from starting. With no custom rules defined, no clean applications should be blocked. Could you confirm or deny that disabling HIPS and restarting the computer makes a difference? Also please gather logs with ESET Log Collector and drop me a pm with the output archive. If too large to attach, upload it to a safe location and pm me a download link. For instructions how to use ESET Log Collector, see the appropriate link in my signature.

In your case the computer receives a correct DNS response from 192.168.100.1 but then there's no further HTTP communication and an ICMP packet with Destination unreachable (port unreachable) is sent: 20:26:23.071975 192.168.100.9 192.168.100.1 ICMP 101 Destination unreachable (Port unreachable) ALLOW 0 ICMP errors What connection do you use? Isn't it 3G given that the router seems to be Huawei? Would it be possible to try a different router or connect through a different ISP? Ethernet II, Src: Azurewav_25:81:49 (74:c6:3b:25:81:49), Dst: HuaweiTe_de:19:15 (04:bd:70:de:19:15) Destination: HuaweiTe_de:19:15 (04:bd:70:de:19:15) Source: Azurewav_25:81:49 (74:c6:3b:25:81:49)

Do not import v9 registry values, otherwise update will definitely not work. Uninstall ESET, make sure there's no ESET key under HKLM/Software and then install v10 from scratch.

It's enough to run the batch file just once. When I said to run it twice, I meant the msi installer - first time it would upgrade to the latest version and the second time you would be able to run a repair and configure connection parameters and certificates. This is not needed with the batch file - connection parameters as well as certificates are set by the batch file. You can view the batch file (Agent Live installer) and make sure that the connection parameters are correct.

Yes, that's correct. Sorry for the confusion, by "manually" I meant running an agent msi installer. When running a Live agent installer (batch file), it will download the msi from the repository and use embedded ERA settings and certificates during installation.

In order to point ERA Agent to another ERA Server on more computers, generate a new Live Agent installer to ensure that correct ERAS settings are used and current certificates are included and re-deploy it on the machines. You can do it also manually but you'll need to install agent twice. First time to upgrade it to the latest version and second time to do a repair which will enable you to set up connection parameters and certificates.

This is planned to be supported by ERA v7.

Unfortunately, WSL applications are not currently supported by ESET firewall. Users can set rules only by IP addresses and ports.

No, it's not. ESET has been even among the first to bring support for protected services which was already implemented in some v9 versions. V10 fully supports protected services on Windows 8.1+ which means that it's not vulnerable. What's more, protection for the core process ekrn.exe (and egui.exe too) was added already in v4.2 quite a long time ago. Currently most of less important ESET's processes are already protected by self-defense. Since there's an ongoing topic on this subject (https://forum.eset.com/topic/11394-zero-day-exploit/), we'll draw this one to a close.

I'd recommend removing the video as others will see your license key. Please continue as follows: - In the advanced setup -> Tools -> Diagnostics, enable both advanced updater engine and firewall logging - Run manual update - Stop logging - Collect logs with ESET Log Collector (see my signature for a link to instructions) - Drop me a pm with the output archive attached. If too big, upload it to a safe location and pm me a download link.

We'll update this topic as soon as we have more information from developers (probably next week).

This is already being discussed at https://forum.eset.com/topic/11394-zero-day-exploit/. Having said that, we'll draw this topic to a close.