Marcos

There's probably a good reason why the notifications cannot stay on the screen forever. Imagine the computer got infected with a virus infecting legit files. In such case, only 101 notifications would be buffered (that's the maximum limit) and the rest wouldn't appear (although all detections would be logged).

Please configure the system to generate kernel or complete memory dumps and then reproduce the crash. Then continue as follows: - generate a SysInspector log - compress the dump along with a SysInspector log - upload the archive to a safe location and pm me the download link.

The compatibility issue with Outpost firewall Pro was solved in Ant-Stealth module 1055. Please post the information about installed modules from the About window to make sure you're using the latest. Also I'd like to note that Outpost firewall Pro is not only a firewall but also includes protection modules (system guard, application guard, etc.) that might theoretically clash with ESET as well as with other security solutions. However, in our testing environment we didn't experience any issues after upgrading the Anti-Stealth module to the latest version.

Please send me the file in question attached to a personal message.

It would be treated like any other threat found on a disk, ie. a bubble with an alert would pop up, informing you that the malicious file has been cleaned.

Regarding the scenario with HIPS in interactive mode, are you able to reproduce it immediately after restarting the computer?

Is a threat detected when you run a full disk scan with the most current signature database installed? If you have a problem installing ESET NOD32 Antivirus or ESET Smart Security, you can try running a disk scan with ESET Online Scanner.

Yeah, web pages complying with rfc standards should be rendered correctly with ESET's web protection enabled. Anyways, as Arakasi mentioned, we are trying to get logs from affected clients to determine what exactly is causing the issue. The issue can be worked around by adding the router's IP address to the list of addresses excluded from protocol filtering.

No, this is not possible. Pop-up notifications can be set to disappear in 30 seconds at maximum. If user's intervention is required (e.g when cleaning is disabled, ie. set to No cleaning), the window with action selection shouldn't close automatically.

Please check your pm. I've sent you instructions for generating logs that will help us pinpoint the issue.

That should work provided that the correct IP address was added correctly to the list of addresses excluded from protocol filtering and disabling web protection or protocol filtering solved the issue. Perhaps you could post a screen shot of your list of addresses excluded from protocol filtering as well as a screen shot of the router's setup page with the address bar included.

The scanner will attempt to neutralize and remove the threat automatically without user's interaction.

Sometimes people report a blocked website but in fact it's a trojan which was detected on it and the website as such was not actually blacklisted.

I'd say that most of zero-day threats are detected and blocked by the web scanner utilizing advanced heuristics as well as by Advanced memory scanner. We regularly see almost all zero-day threats detected by ESET's detection mechanisms undetected by most of other famous security software. In case of ESET, recognition of zero-day threats is added swiftly which means such threats would be detected by all products regardless of whether they are run or just go through a server (e.g. mail server, file server, proxy server, gateway, etc.).

Quarantined files are stored in a safe, encrypted form on a disk and thus not pose any risk whatsoever. It's not necessary to flush the content of quarantine. Administrator privileges are required to permanently delete quarantined files.

It seems to be the same issues as discussed here. Please continue in that thread so that the discussion is kept at one place. I assume that the problem is with Asus routers not adhering to rfc standards for http communication which may cause issues in conjunction with ESET's http scanner. Providing us with special logs for troubleshooting should help us pinpoint the issue, As a workaround, you may want to exclude the IP address of your router from content filtering.

Unfortunately, this option was first removed in v6 if I remember correctly, however, I've already asked the product manager to bring it back in future versions as it was very useful for me, too.

No, it's a potentially unwanted application, not malware or another kind of threat. You can exclude it from scanning directly from within the yellow notification window.

It could be that you're using Deep Freeze which will not save the status of protected folders in thawed state.

It's related to antispam.

I'd suggest enabling logging of blocked operations in the advanced HIPS setup, reproducing the problem and then checking the HIPS log for detailed information about the rules that caused some blocking. This should show which rules need to be adjusted to allow the blocked operations. We'd appreciate if you could tell us what rule is causing the issue.

The number you're referring to probably means the number of files that have gotten through real-time protection but it doesn't necessarily mean they were scanned.

Without knowing what is detected and under what name, it's impossible to tell whether the detection is ok or not. Maybe it's a PUA which is detected and in such case it shouldn't be considered FP.

Currently it's not possible to delete / quarantine only archives with at least one executable file inside. However, this is a feature that we'd like to have added as soon as possible.

Try pressing Ctrl+G to switch to non-graphical mode.