Marcos

I was talking about the last malware we received with "HMRC" in the subject so we'd need to compare the hash of our and your file to find out if they are same or different. Regardless of this, it's important to keep in mind that no antivirus protection provides 100% protection and opening unknown files is not safe and may lead to infection.

All prefs*.js files that we've received and analyzed had Firefox security features disabled. Please submit your files to ESET as per the instructions here if you think that your files are safe and are detected erroneously. Note that these files are not detected as malware but as PUA (potentially unwanted applications) which is an optional detection.

Has ESET ever detected malware in incoming email? What email client do you use? Since you receive email via IMAPS, a plugin for your email client is required to scan email as long as SSL scanning is disabled (which is by default).

I was looking at LiveGrid data and searched for IP addresses starting with the octets / numbers shown in the screen shot

Yes, the file was undetected when you scanned it, that's ok. LiveGrid file reputation is not applied on files scanned by the on-demand or on-access scanner. However, it should have been detected and blocked upon receipt provided that you had LiveGrid enabled. The detection would have looked like as follows; __________ ESET NOD32 Antivirus warning, version of virus signature database 8953 (20131023) __________ Warning, ESET NOD32 Antivirus found the following threats in the message: Government Gateway Reg Form.zip - Suspicious Object - deleted Government Gateway Reg Form.zip > ZIP > Government Gateway Reg Form.exe - Suspicious Object - was a part of the deleted object

At what time did you receive the threat by email? It was blacklisted today at about 9 AM CET.

Are you still experiencing the issue with inability to resize the log columns ?

When Outpost firewall is installed on a computer running ESET NOD32 Antivirus, it displays a message asking you to run OF in a compatibility mode. Despite the option selected, we didn't encounter any issues. Did you select to run OF in compatibility mode and experienced the issues though?

Please pm me your username so that I can test your license myself.

It's probably Win32/TrojanDownloader.Small.AAB, the file was blacklisted about an hour ago. What ESET product and version do you use?

The only change in 7.0.302.26 compared to 7.0.302.0 is an updated EULA. The fact that the msi installer is larger can be caused by current modules and engine that are always embedded when a newer installer is built.

ESET's installers are digitally signed. You can check the signature to make sure they haven't been tampered with.

I was referring to the latest variant spammed under the name voice*.exe. It was blocked within a few minutes after it was first reported via LiveGrid, long before other AVs did. A detection for another Voice_Mail_Message.exe variant was added in update 8935 (20131018), released on Friday, 12:35 CET. The best would be if we could get the file from your quarantine to find out when the detection was exactly added and when ESET's products started blocking it.

Update tasks can be disabled, edited or added under Tools -> Scheduler.

That's not a good idea, doing so would most likely cause modules not to load. Do you get the error if you attempt to open ESET's gui after installation or only after a restart? What operating system do you use?

Please try to create a demonstration video to illustrate the issues. Alternatively we could connect to your computer remotely and you would show us how the issues manifest. As for the problem with mouse, couldn't it be related to Windows 8.1 upgrade as mentioned on the following websites? hxxp://answers.microsoft.com/en-us/windows/forum/windows8_1_pr-gaming/stalker-cop-mouse-problem/931e4dd5-bb8e-4740-9024-ae7a6861bbb1 hxxp://blog.gsmarena.com/windows-8-1-may-render-games-unplayable-because-of-mouse-lag/

Since your clients use a different username and password, leave only the settings you want to apply in the xml and remove the rest while preserving the xml structure.

As for the SSL issue, couldn't it be that you also have another browser or email client installed besides Firefox? For instance, the error message you mentioned occurs if the latest version of Thundebird is installed. If possible, please provide us with step-by-step instructions how to reproduce the issue with certain https sites. Providing us with a demonstration video would be great.

You can exclude a particular address from content filtering in the URL address management setup if you trust it.

Disregard the message, there's a problem importing the root certificate to the latest version of Thunderbird at the moment. First, you must add the ESET root certificate to the list of Certificate authorities.

If disabling protection modules, protocol filtering and HIPS / self-defense (followed by a computer restart) doesn't make any difference, try renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode, one at a time, and then try to reproduce the issue. Let us know about your findings.

I'd add that Endpoint should have blocked this downloader since yesterday, 15:30 GMT.

It appears there are many LockScreen files with double extensions hosted on the url in question. Perhaps you have visited a compromised website with drive-by malware which attempted to download LockScreen from the mentioned urls.

I've used Thunderbird 24.0. After enabling SSL, I exported the root certificate and imported it into Thunderbird manually. Edited trust for the certificate and selected the option "This certificate can identify websites". Scanning emails received via IMAPS worked fine as you can see below:

It works for me fine. Did you add "https://*" and not "https*" as I mistakenly advised before?