Marcos

Check out this demonstration video. Radmin_mem_detection.mp4

Make sure the application is properly excluded from scanning.

If you get a warning that a particular website is on the list of websites blocked by user, it cannot be on the "allowed" list. When troubleshooting issues with url management, it'd be a good idea to enable "Notify when applying address from the list". In this case, enable it for the "allowed" list only. When opening https:// wupos.westernunion.com, you should either get a red alert that access to the website was blocked or you'll receive a notification that access was allowed. You shouldn't get the alert and notification at the same time. I'm available for a remote session between 10:00 - 15:00 GMT, just drop me a pm when ready.

A 32-bit installer is needed because Windows PE is 32-bit.

Couldn't it be that you pushed a new install package with no ERA server configured? If you check the ERA server settings on a server client, is the server configured properly or it's not set at all?

Does disabling real-time protection or Device Control integration (followed by a computer restart) make a difference?

Just to make sure, do you have the firewall set to "Automatic mode with exceptions (user-defined rules)" ? In Automatic mode, your rules would be ignored.

With regular updates selected, an old Internet protection module is provided. It's not clear what the problem is because you say that https websites are not blocked but your first screen shot shows that it was blocked which is contradictory. I could connect to the computer remotely and check it out myself if you wish.

No, definitely they aren't related to ESET.

Exactly, exclusions from detection can be set for PUA files on a disk, not for websites.

According to the output you've mentioned, edevmon.sys was not loaded. BSOD would occur if the Device Control driver edevmon.sys was removed from the Windows\system32\drivers folder but wasn't unregistered properly from the filter chain in the registry. Were these computers restarted or shut down properly or the users made a hard reset / shutdown using the reset / power button?

Try the following: 1, Change the setting, click OK and immediately open the setup and check if the setting is preserved. According to the Procmon log supplied, the setting was actually saved to the registry and wasn't overwritten, reset or removed while Process monitor was capturing operations. 2, If the setting was preserved in the previous step, check it out before a computer restart and immediately after the computer starts. If necessary, I could connect to the computer remotely and check it out myself.

We've made a comprehensive test of copying large avi files to an external USB 3.0 HDD on Windows 8.1 x64 but didn't find any difference in speed which was always about 111 MB/s regardless of whether v7 (with default settings) was installed or not. Did you have the hard disk connected to the computer during a boot or you connected it when Windows was already started?

It's necessary to narrow it down to a particular folder. Let's start with excluding /var/lib/postgresql /home/gjenkins/.m2/repository and see if it makes a difference. If it doesn't help, try excluding each of the main folders in the root folder, one at a time, followed by excluding subfolders until you find the one that, when excluded, the issue doesn't occur.

Endpoint should download v1096 provided that regular updates are selected. Try switching to pre-release updates, run update (you can terminate it after it's started) and then switch back to regular updates and run update.

Please compress the memory dump, put your nick at the beginning of the archive's name and upload it to a safe location. If needed, I can provide you with access to our ftp server.

The Process monitor log showed that the ERA setting was saved properly on the client. A reason why a setting would be reset after a computer restart could be installation of a program like Deep Freeze or Steady State whose aim is to revert the system to a previously stored state upon a restart.

Ok, so the first screen shot showing wupos.westernunion.com as blocked is misleading then and the problem is that you cannot access the website with Internet protection module 1097. In that case, I'd suggest using regular updates until a newer version of the Internet protection module is available on pre-release servers for testing.

The version of Internet protection module available on Endpoint release update servers is 1096 which shouldn't be affected by IMAP issues whatsoever (at least we haven't received any reports or complaints since the module release in July 2013. Make sure that pre-release updates are disabled or v1097 of the module would be downloaded. I'll pm you with instructions how to activate logging that might help us figure out what's wrong.

I'd suggest contacting Customer care on this matter. We'll need you to do the following: - edit esets.cfg and add syslog_class = "error:warning:summ:summall:part:partall:info:debug" to the General section - restart esets_daemon - reproduce the problem - edit esets.cfg and disable logging to syslog - restart esets_daemon - supply us with syslog (lines with avstatus would be enough) and esets.cfg

Make sure no IP address from the TZ is listed in the temporary IP address blacklist (Setup -> Network -> View temporary IP address blacklist). If that's not the case, continue as follows: - enable logging of blocked connections in the IDS setup - clear the firewall log - reproduce the problem - disable logging - post your firewall log records here.

I'd suggest checking the hash of the msi file in case of this error to rule out the possibility that the installation file is corrupt.

Protocol filtering is accomplished differently on Windows XP and Windows Vista+. The latter introduced WIndows Filtering Platform and WFP filter is used instead of a TDI driver. The mentioned settings wouldn't make sense with WFP. As for importing the root certificate into Firefox 10.0.12 ESR, I didn't encounter any problem with this. The root certificate was imported automatically into the last version 17.0.11 as well.

Does clearing update cache help?

I'm sorry, but probably no one will understand if you don't write in English. Should this be a problem for you, please contact your local customer care. According to the screen shot, updates are being downloaded.