Marcos

Do you mean that ekrn consumes more than 200-250 MB of RAM? I assume that especially ransomware protection may need more memory to store data about monitored processes so it's normal that memory consumption may rise over time a bit. Also information about scanned files is stored in RAM and the amount of the data grows a bit as files as scanned. How much memory ekrn consumes, let's say, after an hour since the system started with and without ransomware protection enabled?

It's not a false positive but WebBar potentially unwanted application. This forum is not meant for disputing PUA detections. We can only recommend to contact ESET as per the instructions at http://support.eset.com/kb141. Having said that, we'll draw this topic to a close.

Feel free to post screen shots of other firewalls. As I have mentioned, as of v9 rules are evaluated in the order they appear in the list and it's not possible for user to choose between the rule evaluation logic used until v8 and in newer versions.

With default cleaning mode, threats are cleaned automatically. However, in case of archives that contain also clean files besides malicious ones or if a potentially unwanted or unsafe application is detected, a user intervention is required. To avoid this, set the cleaning mode for the desired scan profile to "Strict cleaning" and then run an on-demand scan task using that profile settings.

Please gather logs with ESET Log Collector and drop me a pm with the output archive. For instructions, see the link to the appropriate KB in my signature. You can also post a screen shot of your ESET gui where the installed version of the signature database is displayed.

Please contact your local Customer care as this will need deeper troubleshooting. Still, my opinion on this is that a daily scan is redundant and you have deteriorated protection capabilities provided by ESET by disabling the default regular update task as well as default startup scan tasks.

I'd suggest switching the firewall to learning mode for a while so that the necessary rule is created automatically.

To start off, post a screen shot of the detected threats log from such client and a screen shot of what you see in the ERA console.

No exact release date has been set yet. I assume it will be the second half of March if everything goes well.

If you have upgraded to v10 from an older version, could you try uninstalling v10 and installing it from scratch?

Let's drop me a pm with the download link so that I can download the pdf file myself.

It is very dangerous from security point of view to run update only once a day. Keep the default regular update task which runs every 60 minutes. If you want to run a full disk scan, schedule the task at the time when the computer is idle; scanning all disks every day is overkill, once a week or 2 weeks should be enough. Real-time protection keeps your computer protected and there are also many other protection layers / features. Unfortunately, you've also disabled startup scan tasks which are one of the important protection layers. Apparently your Endpoint is configured improperly from security POV and running full disk scans on a daily basis will not make up for that.

Updates should be run in regular intervals which is 60 minutes by default and we do not recommend changing it. Running update only at 12 o'clock does not make much sense. After an update the scan cache is flushed so it's pretty normal that many more files will be scanned compared to the scenario where a scan is re-run with the same signature database.

If those exe and dlls are not popular (e.g. system files), then it's normal if they are re-scanned after every update.

What type of files is in that folder? If they are popular PE files (exe,dll,sys,ocx), they should be whitelisted and omitted from scanning as long as LiveGrid is enabled and working. Otherwise files will be rescanned after each update. The fact that files have not changed and were not detected does not make them 100% innocuous.

If you want to block a specific application so that it cannot be run, it must be added as a target application. In your case you've created a rule that will prevent "Hola" from running other applications.

It is important to say that only v9 was affected by the broken validation issue and a fix addressing it was released as a module update a while ago.

Why? Whether ekrn is 32 or 64-bit, it doesn't make any difference for users. Vendors have been successfully using 32-bit kernels on x64 systems for years without issues.

A 64-bit ekrn.exe will be introduced in Endpoint v7. The latest version 6 still has a 32-bit version of ekrn.exe but that virtually does not have any drawbacks.

Do you have the latest version 10.0.390 installed?

In home version it is not possible to change the update server whatsoever. We do not guarantee the availability of particular update servers,hence the autoselect option is best and the only available for home users who don't update from a mirror.

As long as clients have access to ESET's servers through an http proxy, you don't have to use an offline license file for activation. They are intended to activate Endpoint running on computers with no Internet connection whatsoever, ie. when ESET's servers can't be reached via a proxy either. Otherwise you will get reports about license violation. In such case, send a product activation task from ERA instead.

V10.0.390 was released on Feb 7, 2017. The notification means that you have created a firewall rule for a communication where the communicating application has been modified. These notifications are enabled by default for unsigned applications but can be disabled in the advanced firewall setup (not recommended). If you are positive that the application has been modified in a legit way (ie. updated to a newer version), select Keep rules.

Try repeating the procedure. It is important that no browser processes are running when re-enabling SSL/TLS filtering, hence I suggested to restart the computer and do it immediately without launching any applications prior to that.

It will be more than that For instance, you will be able to choose from dozens of behavioral rules pre-generated by ESET malware researchers and get alerted if any of the rules are hit on clients. This will also be reported to ERA.