Marcos

Yes, replied in another thread that it was reported to engineers as a bug. Thank you for reporting it.

According to the KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2138, Windows Live Mail 2012 is not supported yet. I assume that it's impossible to integrate into it for technical reasons as Microsoft doesn't provide API nor documentation for developers that would help them integrate into Microsoft's email clients.

The difference between the number of scanned and cleaned objects is most likely that your Autoit malware also contains some clean files inside. Try enabling logging of all scanned files so that you also see clean files in the scan log. The fact that the results are displayed doubled or tripled in the case of archives has been noted as a bug.

First of all, make sure that Web control integration is enabled (it's disabled by default). Then try to access website from a particular category that is blocked by a Web control rule and check if it's logged in the Web control log on the client.

Since only POP3/IMAP communication is scanned in this case, the answer is no.

I'm unable to reproduce it. Please upload your archive to a safe location and pm me the download link so that I can test it with the very same file.

It looks like the malware is injected in that process. Does running a full disk scan using the signature db 9007 find the malware on the disk?

So, the LiveGrid option in ThreatSense engine parameters is some type of background file-queue for building file reputation across all users? Reputation blocking should be enabled for Web-Mail protection even if data recopilation for LiveGrid is off. Partially. In order to use file reputation for blocking malicious files, you'd need to have "Participate in ESET LiveGrid" option enabled under Tools -> ESET LiveGrid. Probably the separate LiveGrid setting in the ThreatSense setup will be removed in future versions.

ESET Remote Administrator uses a pre-defined xml to configure program component updates while the list shown in the client is generated based on the information from update.ver on update servers. Since program component updates are very sensitive, they are not pushed to business users. However, administrators can either upgrade clients via the right-click menu in ERAC or via mirror as per the instructions in this KB article. Selecting program component updates for EEA/EES in the ERA Configuration Editor will not download them to the mirror because they are not present on update servers but are provided separately as mentioned above.

I, for one, don't remember any complaints about ESET preventing system restore to complete. You can check if turning off HIPS and real-time protection makes a difference. According to some users, performing system restore in safe mode always resolved the mentioned error.

Does it happen with Ad Muncher not installed?

This is your first post in our forum so I don't understand what lack of responses you're talking about. We indeed reply to posts and assist users if they run into an issue. To start off, try disabling Advanced memory scanner to see if it makes a difference. Some games or applications might perform certain operations invoking memory scans intensively to such an extent that it results in lags. When we know that certain application behaves likes this we can do some optimizations to prevent lags from occurring.

Please download Procdump from here and extract it to your disk. When you observe egui.exe spiking cpu, run "procdump -ma ekrn" to generate an application memory dump. Then compress the dump, upload it to a safe location and PM me the download link.

It's better to email the sample to ESET as per the instructions in the above mentioned KB article. Anyways, what version of ESS and operating system do you have installed? What's the size of the file you attempted to submit? Is it an exe or dll file or another type?

Please send me the minidump attached to a personal message.

One of the recent Filecoder variants I came across and for which ESET added detection (the variant was proactively blocked by web protection at user's computer) was not detected by any of the AV vendors on VirusTotal.com. I'm saying this because the statement "not impressed with ESET anymore" might cause somebody to think that another AV would protect him or her better which is apparently not the case. Of course, there's a chance that some AVs might have detected it by behavior blocker upon execution, etc. Speaking about servers, we observed targeted attacks via RDP when the attacker first disabled antivirus protection, then ran ransomware to encrypt the data on disks. For more information, read this article: hxxp://www.welivesecurity.com/2013/09/16/remote-desktop-rdp-hacking-101-i-can-see-your-desktop-from-here/

The server will appear in the list as soon as a first client connects to ERAS.

No problems here. Maybe you already have a rule created for this communication which would be the reason why you're not asked any more:

Only old versions of Thunderbird are supported due to a rapid development cycle as explained in older threads in the former forum at Wilders'. ESET will scan all email you download via POP3/POP3S or IMAP/IMAPS regardless of the email client used.

Thank you, noted and reported to engineers.

Do you use a user name and password of a user that has at least read permissions for the mirror folder on the Windows 2012 Server?

The assumption of my colleague was not correct, there won't be any logs from startup scans in the future as they would be useless and would waste disk space for no reason. If a threat is found during a startup scan, it will be logged in the Threat log. which is what admins or technicians need to be aware of.

Ok, what matters is that you have v7.0.302.x installed. Please reproduce the issue while creating a Process monitor log. Then create another Procmon log, now with real-time protection disabled when the issue doesn't manifest. When done, compress the logs, upload them to a safe location and pm me the download link.

I've tested LiveGrid blocking and it works fine. Should you come across a similar problem again, let me know and send me the malware attached to a personal message so that I can investigate when we started to block it.

Hello, update on computer startup is run with a slight delay which should be enough for Internet connection to get established. How long does it take your system until Internet connection is established?