Marcos

This will be fixed in the firewall module 1350 which we are going to start releasing tomorrow. If you want to receive it among the first, switch to pre-release updates in the advanced update setup.

Try filling in this form: http://support.eset.com/kb2942/?locale=en_US

Please drop me a pm with step-by-step instructions how to reproduce the issue.

I'd suggest compressing and submitting the MBAM's quarantine folder to samples[at]eset.com along with a link to this topic.

Did you install also HTTP Proxy and was ERA Agent configured to connect through it so that installers are downloaded only once and subsequent installations are performed using cached files? If no proxy is used, maybe a Wireshark log could shed more details about possible network issues.

It's highly unlikely this would be caused by ESET. Moreover, I have never seen such behavior that right-clicking a link would automatically start downloading a file without selecting "Save as".

1, If you want to use a different language version, you'll need to uninstall the current one and install ESS from scratch. ESS Live Installer will offer you a list of languages from which you can choose the desired one. 2, By default, Firefox asks you where you want to save downloaded files. This can be changed in the advanced setup.

Instructions how to proceed are listed in the error message, ie. read the KB http://support.eset.com/kb406/ and generate install logs accordingly.

ERA v6.5 as well as Endpoint v6.5 will be released on March 14.

Since the discussion on the topic has gone astray, we'll draw it to a close.

Did removing the shortcut from the Start menu resolve the issue? I saw in your log that it started egui.exe without the /hide switch: 22:29:28,1030875 00:02:26.0186259 0.0000000 Explorer.EXE 1888 Process Create C:\Program Files\ESET\ESET Smart Security\egui.exe SUCCESS PID: 7308, Command line: "C:\Program Files\ESET\ESET Smart Security\egui.exe" 22:29:28,1030875 As of v10, egui.exe is started by ekrn.exe so it should no longer be started from the registry.

I see, it's not very straightforward. When creating a new scan task with the In-depth scan profile you have no way to adjust settings for this scan. The solution will be to apply a policy that will change the cleaning level for the In-depth scan profile to Strict cleaning. Once applied, selecting Scan -> Scan with cleaning for a desired computer or a group of selected computers will run a scan using the new In-depth scan settings, ie. even PUAs will be cleaned automatically.

In order to remove active threats, you'll need to run a custom scan from ERA using the In-depth scan profile and with cleaning mode set to strict cleaning so that the scanner doesn't wait for user's intervention when a potentially unsafe or unwanted application is detected but cleanes/deletes it automatically. If all threats have been cleaned, they will no longer appear as active threats in the ERA Console. Eventually manually resolve threats if you are sure that everything is ok and the threats have been cleaned properly.

That means you have custom firewall rules for the application created and the application has been recently modified. Do you use policy-based firewall mode? Otherwise I don't see any reason for having a firewall rule specifically for wmiprvse.exe. You can solve this easily by excluding that executable from being checked for modifications.

There are several reasons why a website can be blacklisted. The most common reason is that malware was detected on a particular website.

Unfortunately I don't understand what you mean by this. ESET does not modify files except cleaning viruses or documents with malicious macros.

The logs that you have provided me with yesterday show that you had v10.0.386 installed, not 10.0.390. According to the logs, you have EMET, Sophos Removal Tool and WinAntiRansom installed. Try uninstalling them and see if the issue goes away. Otherwise we'll need a Process Monitor boot log for further analysis.

It's not clear whether Outlook literally crashes and you have to restart it or only the message "Cannot move the items. the operation cannot be performed because the message has been changed" is displayed. If emails are concurrently modified on 2 or more devices, synchronization issues will occur. This can happen if more scanners, add-ons or whatever attempt to write to a message on more devices at the same time. In such case, we recommend disabling email protection on clients and leaving it enabled only on the email server. In order to find out what the issue is, I'd recommend contacting Customer care that will provide you with a logging version of the Outlook plug-in and troubleshoot the issue further with developers.

The role of antivirus is to protect your system from malware and possibly other unwanted applications as well as to clean malware if your computer gets infected (which is quite unlikely to happen with ESET installed and all protection features active). To accomplish this, ESET leverages handful of protection modules, such as HIPS, Advanced memory scanner, Exploit Blocker, Botnet protection, Ransomware protection, etc. For more information about ESET's technology, see https://www.eset.com/int/about/technology/. The role of antivirus is not definitely to block ads, "shred" files, repair network, registry, etc.

It's sounds to be a known problem of some USB devices that do not like getting more requests after being plugged in. Disabling automatic device scan or removable media is the only known and recommended workaround.

If you think that a website is mistakenly blocked by ESET, please report it as per the instructions at http://support.eset.com/kb141.

The owner of the website must replace the certificate with a valid one as the current one expired on Feb 22:

It was a phishing false positive and was fixed about 2 hours ago.

Perhaps you forgot to attach a screen shot?

ESET was installed just yesterday, ie. after the encryption occurred. The detection for Filecoder.Hydracrypt that encrypted the files was added on Feb 2.