Marcos

Please create a SysInspector log and send it to me attached to a personal message. I'll check if you have all dependent services running.

Are you getting an error when attempting to run update on such workstation manually? If so, what error is returned? Does clearing update cache help?

HIPS is in this case meant as a set of protection features that analyze the behavior of scanned files (advanced heuristics) and prevent malicious files from making unwanted changes to crucial system processes (Self-defense). A true HIPS module configurable from one place (part of ESET's home products since v5) will be included in the next generation of ESET's products for Windows server systems.

I'd suggest contacting Customer care who will instruct you how to create the necessary logs and will pass them to engineers for analysis.

Hello, I'm sorry to hear that. Unfortunately, without knowing further information how to identify the case I can only ask you to provide me with the download link to an egui.exe dump that was generated at the time egui was spiking the cpu so that we can check it out. regards, Marcos

Try temporarily disabling Advanced memory scanner in the HIPS setup. If it doesn't make any difference, try disabling real-time protection for a test and let us know about your findings. At times, ekrn may extensively scan certain files by advanced heuristics which migh spike the cpu for a moment and thus increase the fan speed.

This shouldn't be an issue if you have LiveGrid and Smart optimization enabled. Once a file has been scanned, it should be omitted from scanning the next time you run it so you shouldn't basically notice any difference. If advanced heuristics is used on file access, you must have enabled it manually in the ThreatSense setup (the Advanced heuristics/DNA/Smart signatures option).

Remove the exclusion and exclude the path to the file manually.

No service build of v7 has been released since then yet.

Please provide us with step-by-step instructions how to reproduce the issue.

Please post a screen shot of this message as I don't recall seeing anything like that so far.

It was already explained - create rules for specific firewall profiles. As soon as the profile changes (e.g. another zone is authenticated), the appropriate rules for the given zone will be applied immediately.

Only files on a disk can be excluded. In your first screen shot, the application was detected on a url upon an attempt to download it from the web. Selecting "No action" should allow the download. The exclusion in your post #6 seems to be ok and the application shouldn't be detected in that folder. As for the detection upon execution, please post the appropriate record from the Detected threats log to get more information about the detection (you can remove a folder name if you deem it sensitive information).

There are 4 links to external scripts which redirect to spillemesteren.iXXXXXry.com (intentionally obfuscated). The url doesn't serve any content at the moment. Although the links are suspicious, they don't pose any risk to users.

Changing networks should affect firewall rules immediately. Let's say you were downloading a file via http while being connected to the "personal" network. If you created a blocking rule for http communication, existing connections wouldn't be terminated but any further http communication would be blocked. My understanding is that when changing networks, existing connections are dropped and for new connections rules for the given zone are applied immediately.

Zones can be identified by network properties as shown below, not sure what you mean by "changing zone with a firewall rule":

Perhaps a problem with your ISP or somewhere else on the way. I've just downloaded an ESET installer at speed ~1500 kB/s in about one minute.

You could also try uninstalling ESS and installing the latest version from scratch while using default settings.

Does adding these applications to the exclusion list under Network -> Personal firewall -> Application modification detection help? Alternatively you can try disabling this feature.

Please let us know what ESET product you use so that we can move the thread to the appropriate forum.

No, there isn't a dedicated The Bat! plug-in: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2138 However, email received via POP3(S) / IMAP(S) is checked for malware regardless of what email client is used.

Do you mean you're still getting this error after the computer was restarted? The protection status seems to be green so HIPS must be protecting your computer.

Remember that real life and tests are quite different things. Although some tests may give an impression that ESET is falling behind in detection, real users' experience is quite different. I, too, can confirm that ESET is excellent at detecting malware, especially zero-day malware, which is often missed by all or most competitive av vendors.

Please report issues in the appropriate product forum so that your reports get better attention. What ESET product do you use? In order to tell the cause of BSOD, please compress the memory dump created, upload it to a safe location and pm me the download link. As for the problem with update, try clearing update cache via advanced update setup and clicking the appropriate button.

Potentially unwanted applications don't perform modifications of mbr, such software would be classified as malware. I'd suggest submitting it to ESET's Malware research lab for analysis and possible reclassification if it's confirmed that it modifies mbr.