Marcos

The reason why you weren't prompted for an action is mentioned in your post. If the connection is terminated, you'll see the following record in the Detected threats log: 19. 6. 2013 7:16:21 HTTP filter file hxxp://www.eicar.org/download/eicar.com Eicar test file connection terminated - quarantined %USER% Threat was detected upon access to web by the application: I'd like to emphasize that changing the default cleaning mode is not recommended. Switching it to manual cleaning may render your computer unusable if infected with ransomware for instance and you'll need to resort to using rescue cd to clean it out.

Does disabling real-time protection (just for a test) make a difference?

Please carry on as follows: - download Procdump - when you notice that ekrn consumes a lot of RAM (e.g. > 150 kB), create a complete application memory dump by running "procdump -ma ekrn" - compress the dump, upload it to a safe location (we can provide you with access to ESET's ftp server) and pm me the download link

This is ok and according to MS specification / requirements. Only very specific communications should be handled by Windows Firewall in this configuration.

Windows Firewall is not supposed to be disabled during installation of ESET Smart Security. However, if you open "Windows Firewall with advanced settings", you should see the message "These settings are being managed by vendor application ESET Smart Security". In order to determine whether prompting for an action by Windows Firewall is a bug or not, please provide step-by-step instructions how to reproduce it on our end. If you change the ESS firewall integration to "Personal firewall is completely inactive", it will have no effect on the system at all. Also try to change the integration type to "Only scan application protocols" which should disable only the firewall part.

The OpenCandy detection is not FP. This application is often bundled with free software and the detection is fully optional.

Please submit suspicious undetected files to ESET as per the instructions here instead of posting download links in this forum. ESET's users are basically protected against this quickly changing ransomware even if not detected by the on-demand scanner on VirusTotal.

Please submit suspicious undetected files to ESET as per the instructions here instead of posting download links in this forum. ESET's users are basically protected against this quickly changing ransomware even if not detected by the on-demand scanner on VirusTotal.

This is pretty expected. You removed Firefox from content filtering, ie. files downloaded via Firefox will not be scanned by Web access protection. As you wrote, malware was detected in either case; it doesn't matter whether a warning is displayed in a bubble or as a web page as long as malware is detected and blocked / removed.

Yes, AMS detections are currently logged with "unknown" in the Scanner column.

AMS does not scan files on a disk so clearly exceptions for files cannot be applied. Please provide me with more information about the file that you think is detected incorrectly in memory.

Please PM me more details as the DisallowRun policy is configured per user and affects only applications started via Explorer.exe which is not the case of ESET (unless you start egui manually).

Nobody has ever ignored this wish. It takes more than a year to prepare a version suitable for this purpose. The iso should fit cd so it will be a bit smaller than WAIK/WADK.

I use v7 for testing unrecognized malware from live malicious urls and AMS catches it in most cases. I look forward to seeing results of malware tests with v7

Perhaps the following warning applies to WIndows 8 under certain circumstances, too: Warning: If you are using the ESET Uninstaller tool to remove ESET Mail Security for Microsoft Exchange Server from Server 2008, you will be required to reinstall your network card drivers. Personally I haven't had a chance to try it on Windows 8 so if somebody has some experience with this, feel free to share. In the mean time, try reinstalling your network card drivers.

If ESET cannot be uninstalled from the former computer due to a problem starting and running Windows, you can simply use your U/P to download and install ESET on the new computer.

We'd need to get a complete application memory dump of egui.exe from the point it spikes up the cpu. On Windows XP, you can use Procdump (run procdump -ma egui.exe), on newer OS a dump can be created via the Task manager by right-clicking a process and selecting "Create dump file". You can also try installing the latest v6 from scratch by running this Uninstall tool in safe mode or try v7 beta.

If you enabled Parental control, there could be an issue receiving DNS reponses from ESET's servers. Could that be the case?

Please continue as follows: - compress the memory dump created during BSOD in c:\windows\memory.dmp by default - upload the package to a safe location (if possible, include a SysInspector log as well) - PM me the download link

Search for *.ndf files under c:\users or c:\documents and settings. Maybe you didn't look into the NetworkService or LocalService folders. This forum is not meant to be a replacement for Customer Care. It's meant for sharing knowledge among ESET users and to provide assistance with issues that can be solved reasonably quickly. For issues where further logs are required and that may require numerous iterations with a support personnel, we strongly recommend contacting Customer Care.

V6 is a product for home users, ie. it doesn't contain features used in corporate environment, such as reporting to ERA Server or updating from a local mirror.

ESET will only uses protection systems that do not trigger false positives. ESET LiveGrid coupled with Advanced heuristics and HIPS (advanced memory scanner) bring superior protection against zero-day malware.

As of v7, active mode is used automatically as needed.

Please compress the dump, upload it to a safe location and PM me the download link so that we can analyze the dump.

Which exact McAfee product do you have installed on your pc? In order to prevent issues and clashes, AV programs usually detect an existing security solution and don't allow to continue with installation until the current AV program is uninstalled completely. This check is also performed by ESET products, including v7.