Marcos

Hello, 1, make sure that you have logging of blocked operations disabled in the advanced HIPS setup. This kind of logging serves only for troubleshooting purposes when tackling an issue related to HIPS. 2, make sure that you have logging of blocked communications disabled in the IDS setup. This kind of logging serves only for troubleshooting purposes when tackling an issue with firewall blocking a communication. 3, it's all by design. Maybe the width of columns will be remembered in future version; on the other hand this will require creation of many new registry values.

You should get a reply from ESET, LLC soon. We expect the application to be in harmony with best practices defined by Antispyware coalition (hxxp://www.antispywarecoalition.org/documents/BestPracticesFinal.htm)

3-4 seconds aren't much. Maybe ekrn is waiting for Windows to load other drivers.

The application is detected as a potentially unwanted application (PUA). This detection is optional and it's at users' discretion if they want to have this kind of applications detected or not. Even with PUA detection enabled, it's possible to exclude particular files from detection. The only communication channel for disputing detections is samples[at]eset.com. Having said that, we'll draw this thread to a close.

Basically those files shouldn't be scanned by ESET. Try excluding the appropriate folders to see if the errors go away. Excluding any object poses a risk as malware can copy to a folder or infect a file that would otherwise be recognized and blocked.

It's a sort of adware, not an actual piece of malware that could do damage to users in terms of stealing sensitive data, encrypting files, etc. The detection will be added in the next update.

Please generate a dump of ekrn.exe when spiking the cpu, compress it, upload it to a safe location and pm me the download link.

It already is.

The text in the user guide is evidently outdated. I'll check it out with the documentation team to make sure it's accurate and up to date. Advanced heuristics should be left enabled on file execution.

Not sure if I understand it correctly but perhaps downloading the configuration from a client which has some custom firewall rules already created and pushing it to other clients would do the trick.

Does temporarily disabling protocol filtering help? Does the problem occur with any browser?

The best would be if you contact the distributor from whom you purchased your license. Basically having an ESET Smart Security license doesn't entitle you to download ESET Mobile Security for mobile devices but distributors offer various product packages for discounted price than if you were to purchase the products separately.

We're still waiting for a proof that ESET is involved in this issue. Does disabling any of the protection modules or renaming the aforementioned drivers make a difference?

If no dumps are created in the Diagnostics folder then ekrn is not crashing any more. Does the problem go away after renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys, one at a time, in safe mode? If not, does uninstalling ESS make a difference?

Does disabling SSL scanning or protocol filtering in the advanced setup make a difference?

Does running "net start ekrn" actually start ekrn service?

I'd sugggest running a full disk scan with the NOD32 scanner. If no malware is found, you can contact Customer care and supply them with a SysInspector log for analysis.

It's known that the latest version of Chrome doesn't work with SSL scanning enabled. The problem is being investigated. My personal assumption is that they started using an SSL extension which is not supported by ESET at the moment.

Basically enabling potentially unwanted applications should suffice as keyloggers fall into this category.

Do you mean you're no longer having the issue and ekrn is not crashing? Otherwise a dump would be created in the above mentioned folder.

What's the output of running "sc query ekrn" as an administrator?

Please make sure that your ESS is configured to generate complete application dump (Tools -> Diagnostics). After a dump has been generated (by default in C:\ProgramData\ESET\ESET Smart Security\Diagnostics folder), compress it, upload it to a safe location and pm me the download link. Also post information about installed modules from the About window.

It is pretty normal and expected that you'll get this error after an upgrade, before restarting the computer. A computer restart is required for the HIPS driver to get loaded so that ekrn can communicate with it.

ESET Endpoint Antivirus (v5) is the successor of ESET NOD32 Antivirus Business Edition (v4) while ESET Endpoint Security is the successor of ESET Smart Security Business Edition.

Next week we'll be releasing a newer version of the Internet protection module 1105 on pre-release servers. When available, let us know if it solves your problems with scanning IMAP.