Marcos

It's been explained that this forum is in no way a means to dispute PUA detection. Having said that, we'll draw this topic to a close.

The detection is correct. JS/Agent.NKW is a malicious obfuscated java script injected into web pages by certain Joomla plug-ins. For more information about the injection, please refer to Joomla's forum: hxxp://forum.joomla.org/viewtopic.php?t=795946

Given that it's possible to exclude actual threats, why wouldn't it be possible to exclude PUAs? Any file that is detected can be excluded from scanning. In case of PUAs, they can be excluded from detection as well which means actual threats would still be detected on such files.

1, A bubble should pop up, informing you about the detection and the action taken. Also the detection should be logged in the Detected threats log. I wouldn't recommend using strict cleaning or deleting critical system files automatically (infected or patched) might render the OS unusable. 2, That's by design. This may change in future versions.

Probably you mean the installer for MS Windows which is detected as a potentially unwanted application. This kind of detection is ok (ie. the application is not detected as malware). If you think that benefits of using software classified as PUA outweigh potential risks, you can exclude such application from detection.

This happens if an update file gets modified by a proxy server and thus the digital signature is no longer valid. Does it happen every time you attempt to update? A Wireshark log from an update should shed more light. Please create one and convey it to Customer care.

The dump must be from the time of a freeze, otherwise it wouldn't contain any useful data.

There has been an issue with ekrn spiking cpu recently which was caused by specially crafted (corrupt) xml files but this was already fixed earlier this week. Please drop me a download link to the ekrn dump so that I can check it out.

Well, the hosts entry detected by ESET was added by Virut so the detection was ok. It was not a false positive but a clash of 2 security applications installed at a time which is not recommended. When both applications trigger a detection, it can have unpredictable consequences.

We'll need to get a complete memory dump from a freeze generated manually as per the instructions here. The dump should reveal the cause of the freeze. Also checking a SysInspector log might reveal suspicious software or drivers that might potentially cause the issue.

If malware was seen to use the same hosts entries, no wonder that a detection was added. Please supply me with a download link to your hosts file so that I can check it out.

You can try uninstalling ESS and installing ESET NOD32 Antivirus to see if it makes a difference.

That's not the case of Windows XP. Mbam.sys used to freeze the system after connecting an external USB drive.

If there's a problem uninstalling ESET by standard means for whatever reason (except file or registry permission issues), using the Uninstall tool in safe mode should do the trick.

At the moment this is by design. Anti-Phishing protection doesn't protect against malware but rather from fraud and not everyone wants to have it enabled. In such case, changing the protection status wouldn't be desired. You could say the same about the notifications about missing OS updates which are vital for protection. However, these notifications nag many users and they rather prefer keeping this feature disabled. You would be surprised that some corporate users even want to keep the protection status green even when real-time protection is temporarily disabled.

We strongly recommend restarting the computer after an upgrade as soon as possible. Without a restart, old drivers will be loaded in memory which might theoretically cause certain problems with newer program binaries.

Not sure what you mean by overwriting configuration with a GP config; the only way how to adjust the configuration of ESET clients is by means of Remote Administrator policies. Also it's most likely policies that rewrite the configuration of the update server on clients.

You will have to download it and install manually.

The latest version of ESS is 7.0.317.4. Please download and install the latest version to see if it solves your issue.

Fixed in 7.0.317 released yesterday.

Security programs are integrated tightly with the operating system. As a result, the likelihood of an issue occuring during upgrade in certain system configurations is higher than with other software. At the moment, we were able to test only the program itself but not the PCU as the testing department is now focusing chiefly on brand new product versions that should be introduced later this year.

The problem is that some routers do not handle TXT DNS queries / responses properly, however, in such case using Google's DNS servers should solve the issue. I'd suggest contacting Customer care and providing them with a Wireshark pcap log from the moment when Web control doesn't work.

It seems that the original installer located in c:\Windows\Installer\ess_nt32deu.msi was removed unwittingly. Please follow these instructions to remove ESET and then install v. 7.0.317 from scratch.

Please use the Uninstall tool in safe mode as per the instructions here. Then run Live Installer which will download and install the latest version of ESET NOD32 Antivirus 7.0.317.

We're not planning to release this update as a PCU (program component update). Manual download and installation is required.