Marcos

Do you mean that Endpoint Security didn't block Conficker with "Protocol RPC" selected in the IDS setup -> Intrusion detection? If you used ESET Endpoint Antivirus, don't wonder that it's not detected at the network level. Unlike Endpoint Antivirus, ESET Endpoint Security contains a firewall with IDS which is the module responsible for inspecting network communication. ESET Endpoint Antivirus is a lighter version that doesn't include the firewall, antispam and Web control. ESET Endpoint Antivirus can detect Conficker at the file system level as it's spreading over network, after it has created its binary files in a remote share. Obviously the malicious file was detected and removed (C:\WINDOWS\System32\vxwmpkj.mu Win32/Conficker.AA) as expected. In order to clean Conficker in LAN, it's necessary to follow the instructions in the KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2209 (install the appropriate hotfixes on all machines, change admin password to non-trivial ones, etc.). To find out infected computers in a large network, an administrator could use a Nmap script as per the instructions here. PS: The topic would have received better attention if it had been posted in other than the General forum.

Please create a Process monitor log from the moment you connect the Ironkey thumb drive to a computer and attempt to access it. When done, compress the log, upload it to a safe location and pm me the download link. Also run ESET Log Collector and send me the archive created, attached to a personal message.

In interactive mode, ESS may block the communication for a network-aware application as no window with action selection pops up due to a bug. In the advanced setup, navigate to Network -> Personal firewall -> Application modification detection, add the application to the list of exceptions until the issue is addressed in the next v7 build.

As for EES being robust, the fact that it includes Web control, Firewall and Antispam doesn't make it heavy on resources. Firewall not only allows for controlling network communications, it is also capable of blocking malicious packets when an attempt to exploit known vulnerabilities is detected. Regarding the issue with accepting your renewal code, please contact the distributor from whom you purchased your license (probably ESET, LLC).

Please export the scan log and Detected threats log to text files and upload them here.

Does it work in automatic mode?

Did you also restart the computer? Device control integration remains active until the next restart / shutdown. As for the issue, it could be a general problem with Ironkey that might not be possible to resolve. We'd need to get a Process monitor log for analysis to see what's going on. Therefore I'd suggest contacting customer care and opening a ticket who will help you create the log and will subsequently pass it to the engineers for analysis.

Perhaps if you choose strict cleaning, you will no longer be asked for an action. However, with strict cleaning any detected files will be removed automatically, be it patched or infected system files or archives containing also clean files besides malware.

Indeed, it's safe to use Smart optimization. Coupled with LiveGrid, it provides effective and safe way how to prevent popular and previously scanned files from being scanned repeatedly, especially if they take longer to emulate by advanced heuristics.

I reckon it was mentioned in another thread that intermittent issues with the interactive dialog window not showing up would be addressed in the next v7 build.

ESET merely uses Windows API functions to determine the temporary folder. That said, you'd need to move the Users / Documents and settings folder elsewhere and adjust the appropriate registry values as well as all users' variables to point to the new location.

Please post the records from your firewall log.

Does switching the firewall to learning mode help?

I'd suggest setting the interval for connecting to ERAS to 0 on the client for troubleshooting purposes. Then check the ERA server log C:\ProgramData\ESET\ESET Remote Administrator\Server\logs\era.log which might include information about a possible issue.

The problem is I don't know which McAfee product and version I should install. Please provide the download link to make sure I test it with the very same installer.

AT will work regardless of your location. By the way, ESET's headquarter is located in Slovakia in central Europe

I'd rather say it's not expected but understandable if one knows how the system works.

Please post a screen shot of the warning message you're getting.

Currently all scanner profiles use the same default settings which is by design and cannot be changed in v7. Maybe in future versions it will be possible to change this behavior. Smart optimization should be kept enabled as it doesn't involve any security risks. It substantially speeds up scanning (especially with LiveGrid enabled) without any adverse effect.

For some unknown reason, Windows API returns this weird and non-existing path to the temp folder. If you run echo %TEMP% in the command-line console, it should return the same path. Unfortunately, I was unable to find more information about the weird path so it will remain a mystery as to why Windows returns it

Please provide as much information about the installed version of McAfee as possible. Since you're able to reproduce it on another Windows 8 machine, please create a SysInspector log and send it to me via a personal message.

Did you also check the c:\windows\temp folder? If emptying it doesn't help, it could be a permission issue. In that case, a Process monitor log will shed more light.

Do you mean that the Sirefef cleaner didn't find any threat even if your ESET product is detecting it? Could you please post a screen shot of the alert you're getting?

What kind of performance impact do you mean? V7 should be the lightest version since v1/v2 thanks to Smart optimization and LiveGrid. If there's a performance issue, we'll be happy to assist you with troubleshooting it. The OP has been probably the only person to have reported a performance issue so far but it couldn't be reproduced and all other users are happy with the performance of v7.