Marcos

Does it work in automatic mode to rule out that the possibility that the communication was blocked by a rule you've created? Please carry on as follows: - clear the firewall log - with firewall in automatic mode, enable logging of blocked connections in the IDS setup - reproduce the problem - post the firewall log records here

Do you have HIPS module 1119 from pre-release update servers installed? It contains a workaround to the iTunes bug and the length of the mentioned variable was shortened considerably as well.

Perhaps you could run ecls.exe (command-line scanner) as an external application directly or in a script / batch file. In that case, it'd be also possible to test exit codes based on the scan result.

Does renaming C:\Windows\System32\drivers\eamonm.sys or ehdrv.sys in safe mode make a difference?

Does temporarily disabling the firewall make a difference? If so, what mode is the firewall running in?

We'd need to get a Process monitor log from the moment when you attempt to delete quarantined files to get more information about what's going on. Maybe the actual files have already been removed from the disk and only information about the files was preserved. Have you tried contacting Customer care?

Probably you enabled "Notify when changes occur in Startup applications" option in the advanced HIPS setup which causes the excessive logging.

There will be a newer version of ESET Mail Security available soon that will add support for MS Exchange Server 2013 SP1.

I'd strongly suggest contacting Customer care as this seems to be a tough issue to be troubleshooted in the forum. Debug logs and maybe even a remote session will be needed.

The option to shut down the computer after scan completion was first added in EAV/ESS v7 for home users. The current version of Endpoint (v5) doesn't have this feature yet.

It'd be good to post a couple of records that are being logged on your computer. I've tried running Process Explorer and HIPS was logging only the following as long as logging of blocked operations was enabled:

If you leave the computer running for more than 60 minutes, does the error occur even after the second attempt to update automatically? If it occurs only when Windows is starting, it could be that no Internet connection is established at the moment ESS attempts to update.

There are many possible reasons for this error. Have you been able to update properly until today?

Please try removing ESET using the Uninstall tool in safe mode.

We have already replied that the application is correctly classified as a potentially unwanted application (PUA). PUA detection is fully optional and it's at users' discretion whether they want to have them detected or not. Every user can form their own opinion on this software by searching for posts where users expressed their experience with iLivid.

Hello, 1, make sure that you have logging of blocked operations disabled in the advanced HIPS setup. This kind of logging serves only for troubleshooting purposes when tackling an issue related to HIPS. 2, make sure that you have logging of blocked communications disabled in the IDS setup. This kind of logging serves only for troubleshooting purposes when tackling an issue with firewall blocking a communication. 3, it's all by design. Maybe the width of columns will be remembered in future version; on the other hand this will require creation of many new registry values.

You should get a reply from ESET, LLC soon. We expect the application to be in harmony with best practices defined by Antispyware coalition (hxxp://www.antispywarecoalition.org/documents/BestPracticesFinal.htm)

3-4 seconds aren't much. Maybe ekrn is waiting for Windows to load other drivers.

The application is detected as a potentially unwanted application (PUA). This detection is optional and it's at users' discretion if they want to have this kind of applications detected or not. Even with PUA detection enabled, it's possible to exclude particular files from detection. The only communication channel for disputing detections is samples[at]eset.com. Having said that, we'll draw this thread to a close.

Basically those files shouldn't be scanned by ESET. Try excluding the appropriate folders to see if the errors go away. Excluding any object poses a risk as malware can copy to a folder or infect a file that would otherwise be recognized and blocked.

It's a sort of adware, not an actual piece of malware that could do damage to users in terms of stealing sensitive data, encrypting files, etc. The detection will be added in the next update.

Please generate a dump of ekrn.exe when spiking the cpu, compress it, upload it to a safe location and pm me the download link.

It already is.

The text in the user guide is evidently outdated. I'll check it out with the documentation team to make sure it's accurate and up to date. Advanced heuristics should be left enabled on file execution.

Not sure if I understand it correctly but perhaps downloading the configuration from a client which has some custom firewall rules already created and pushing it to other clients would do the trick.