Marcos

System variables should work, user variables not as they are not available in the local system account.

I have replied to your pm. As for Procmon logs, you'd see ekrn opening a file for scanning (CreateFile operation) if one is actually scanned. I didn't find any such records about the time the issue manifested.

It's because you run only one file scan at a time. If you ran 2 scans simultaneously, 2 CPU cores should be utilized, one by each scan.

From my personal experience, ESET detects much more PUAs than any other competing products. Even if they start detecting a certain PUA, they remove detection after receiving a complaint from the application's vendor, most likely because further disputes with vendors always require a lot of investigation which is time and resource consuming. Also I'd like to emphasize that unlike some other vendors, ESET only detects files that actually pose a risk, ie. configuration files, images, text files, etc. are not detected and removed. They files are often installed with potentially unwanted applications. Therefore, in order to remove PUAs completely, we always recommend running uninstall via the Control panel -> Add/remove programs rather than deleting exe and dll files only.

You purchase a license for a particular product which will entitle you to download and update any version of the product. With an ESET Smart Security license, you can also download and update ESET NOD32 Antivirus, if needed but not vice-versa.

Please post information about installed modules from the About window.

I just wonder why one would want to downgrade given that newer versions address issues from the previous ones and protection against threats is improved as well.

There are no update servers in Middle East, however, generally users in this region update from the default servers fine.

ESET products protect users against malware regardless of what browser is used.

Why not install v7 now and report potential issues before the final version is released? Although the current beta is as stable as release versions, you might run into an issue after the release when it would be too late and you'd need to wait for the next service release containing a fix.

Unlike sleep mode, screensavers do no affect scheduled scans.

I see. Your issue with egui crashing is resolved in the next beta which should be made available within a few days.

I've tested it and the list of blocked addresses was applied properly on the client. Perhaps you could provide me with the policy you use (xml file) so that I can check if there's something wrong with it.

You can edit this value in safe mode or after disabling self-defense and restarting the computer.

Just to make sure, do you have scanning SSL disabled?

Please provide a memory dump from the crash so that we can determine the cause.

Couldn't it be that SS&D blocks v7 by design?

In the case of CCleaner, disabling AMS would most likely do the trick as it's a tool that checks various sensitive locations and thus triggers AMS scans. We'll look into it, at least it shouldn't cause egui to crash.

Maybe you should remove all custom rules you have created and switch the firewall to learning mode again so that all rules are created from scratch. This way we'll rule out the possibility that a blocking rule was already created when you switched to learning mode for the first time.

1, Yes, only public key can be exported. 2, Most likely you didn't select the "Authorities" tab before you attempted to import the root certificate.

Please create a SysInspector log and send it to me attached to a personal message. Also please confirm or deny that disabling advanced memory scanner helped or not. You wrote you were going to try it but then you wrote you went back to v6 without answering my question which is very important for us to know

Only ESET File / Mail Security can be used to protect servers.

Do you observe the issue when doing something specific or it occurs also when you leave the system in idle state? Does disabling Advanced memory scanner in the HIPS setup make a difference?

You can also switch to learning mode, let the firewall create rules automatically and then just review the rules, adjust them or remove those that you don't want to use.

We can confirm that nothing is detected in the application mentioned.