Marcos

Hello, we assume that some of these issues are likely a result of cleaning OSX/Adware.Genieo.C. The problem is that the adware created the file /private/etc/launchd.conf. As a result, if OSX doesn't find a file referenced in launchd.conf on a disk, it will crash. Other antivirus programs have recently suffered from the same problem as discussed on their forums. To fix the issue, please continue as follows: boot OSX from a bootable medium (installation DVD or USB stick) remove the file /private/etc/launchd.conf restart OSX We apologize for the inconvenience. As for the crashes in esets_proxy, could you confirm or deny that you have a network monitor Private Eye (hxxp://radiosilenceapp.com/private-eye) installed?

Please contact Customer care who should request you to run a special script to collect all necessary information that will be subsequently passed to engineers for analysis.

Do you mean that you filled in the above mentioned form but didn't get any response from the distributor? Please provide me with your username and contact information so that I can relay them to the appropriate distributor to check if they received your query and a ticket was created for the case.

PML so that I can open the log in Process Monitor.

All processes.

Right. It may reveal more details about the delay you experience.

Tampering with DNS settings on hacked routers has been quite common recently. We observe about 40-50k blocks per day due to hacked routers.

A delay while opening the on-demand scanner window has been observed with certain removable devices. Please create a Process monitor log from the moment you attempt to open the scanner window. When done, compress it, upload it to a safe location and pm me the download link. I'll have a quick look at it to find out if there's an obvious problem with the card reader. You could also try inserting a memory card to the reader and see if the scanner window opens quickly then.

Anti-Theft serves for locating the computer in the case of a theft or loss; it doesn't serve for monitoring activities of users. You'll need to use another 3rd party application. It may be necessary to exclude it in ESET as monitoring tools are detected either as malware or potentially unwanted / unsafe applications.

Please elaborate more on what you'd like to achieve. Where would you like to import policies from?

Is it only https sites that don't get blocked?

If you are not sure if the issue is caused by ESET, you can try disabling each of the protection modules, one at a time, to narrow it down or simply uninstall ESET for a while and see if the issue still persists or not.

I see that all actual malware is (was) already detected and the undetected files are low quality samples, containing clean, corrupted files, PUAs, grayware, etc. Samples should not be submitted in large packages but relevant files (e.g. from the same infected machine) should be grouped and sent in separate emails. Needless to say that low quality samples receive least attention.

I'd recommend submitting the files to the vendor that flagged them as malicious for a review. The mentioned detection name sounds to be too generic so it could likely be a false positive.

Have you tried resetting your router or modem to factory settings and protecting it with a stronger password? The IP address 37.59.45.163 doesn't seem to belong to Google so it could be that your router got hacked. What's more, there's been malware on that IP address. It'd be interesting to know the brand and type of your router as well as whether you use the default administrator password, if remote administration is enabled on the router and if you have a public IP address.

Try to do the following: - disable "Allow access only to URL addresses in the list of allowed addresses" - add an asterisk (*) to the list of blocked addresses while enabling "Notify when applying address from the list" Then try to reproduce the problem. Maybe it's that access to another address was blocked when opening the allowed urls. In such case, you should now be notified about such blocked url.

This won't help if the Waski trojan was removed before being received by the email client and thus there was no chance to run it at all. At least this seems to be the case according to what the OP wrote.

The detection is correct. It is corrupted malformed PE files that are flagged by the mentioned detection name.

clear your firewall log in the IDS setup, enable logging of blocked connections reproduce the problem post your firewall log records here

If you often restart your computer, it could be relatively ok. However, if you want ESET to scan memory for malware that has just been added in the last update, I'd strongly recommend leaving the startup scan after update enabled. Otherwise potential malware could remain silently running until you restart your computer.

Smart optimization is a mechanism to prevent files from being scanned repeatedly. It's enabled by default but can be disabled for particular protection modules. Honestly, I wouldn't recommend disabling it as it's perfectly safe and it's made not to skip malicious files. For the startup scanner, you can find this setting in the advanced setup under Computer -> Antivirus and antispyware -> Startup scan -> ThreatSense setup -> Other.

It's not useless, believe me. It's there on purpose; it was me who suggested this feature. For instance, if you infected with a new LockScreen trojan detected only in memory during a memory scan, without this initial startup scan you might need to wait several hours for an update to take place which would trigger a startup scan after update and clean the malware. Startup scans should take only a few seconds and should have unnoticeable impact on performance. Are you saying that you see a difference in performance with the startup scan task enabled and disabled? Do you have LiveGrid and Smart optimization enabled?

It's probably a sort of a backup scan which is always run at computer startup. Without this scan, you might have to wait several hours for the next update to take place in order to clean ransomware or other similar malware. I'll discuss with engineers if it would be possible to disable this scan if a user wants to take the risk.

hxxp://translate.google.com/translate?sl=sk&tl=en&u=http%3A%2F%2Fwww.eset.com%2Fsk%2Fo-nas%2Fpress-centrum%2Ftlacove-spravy%2Farticle%2Fheartbleed-zranitelnost-chyba-ktora-ohrozuje-miliony-internetovych-pouzivatelov To make the long story short: ESET Web services do not employ vulnerable versions of OpenSSL.

Nothing has changed in terms of functionality of the SMTP notification feature. If it worked in the past, it must work now, too. However, notifications over SMTPS have never been supported in any of ESET's products and versions. Of course, this may be subject to change in future versions.