Marcos

ESET NOD32 Antivirus and ESET Smart Security 7.0.104 beta have been released. Changelog: Added Specialized cleaner Added configuration of action to be taken after a removable device is connected Fixed bugs discovered after the June release Existing beta users can upgrade to it using the built-in program version check function or install it from scratch. Download: ESET NOD32 Antivirus 7.0.104 beta ESET Smart Security 7.0.104 beta

Creating a local mirror is a good idea as you won't have to distribute U/P to clients, the amount of data downloaded from ESET's servers will drop down, etc.

Once the ESET plug-in is not registered in extend.dat, the plug-in won't load and thus cannot affect Outlook whatsoever.

There's still a lot of malware on the website, it will remain blocked.

What makes you think it's malware? Have you noticed any suspicious behavior of the application?

You can send me a pm. However, this option is probably available only after registration on this forum.

Should the stand-alone cleaner fail to clean the malware, contact samples[at]eset.com.

Couldn't it be that v7 has updated between the 2 scans or the computer was restarted which are events that clear the cache? We'd need to get more information about your version of Google Chrome, operating system, ESET modules you have installed as well as the websites where the issue manifests. Please create a new thread on this issue where we can tackle it further. If possible, create a dump of egui.exe when the issue occurs (open the Task manager, right-click egui.exe and select "Create Dump File"). When done, pm me for further instructions.

Do the clients update from a local mirror or from ESET's servers? What error are you getting on the clients when attempting to run update manually?

Please continue as follows: - download the latest v7 beta and ESET Uninstall tool - start Windows in safe mode and follow the instructions as per the KB article to uninstall ESET completely - after starting Windows in normal mode, install v7 beta from scratch

Eventually it turned out that Opera has changed the Trusted Root Certification Authorities certificate store and now uses the system TRCA, hence an attempt to add the ESET root certificate is failing. Just ignore the message and https traffic will be scanned in Opera 15, too.

ESET blocks access to bad websites. No advisory system is needed, a website is either good (clean) or bad. Websites are mainly evaluated based on the data from LiveGrid. ~150 MB allocated by ekrn.exe and egui.exe don't seem too much nowadays. For best performance, not only the engine with signatures loads to memory but also shorter files are unpacked in memory without writing to the disk. The detection has been based on heuristics for a long time. As of v5, cloud blocks are supported and utilized as well. V6 and newer can protect against zero-day malware even before the appropriate update with a detection added is released.

We would be glad if you could let us know why you prefer v5 to v6. Your feedback helps us develop the products to your liking.

Hello, does disabling any of the following make a difference? - disabling firewall via gui - switching the firewall integration to "Only scan application protocols" followed by a computer restart - switching the firewall integration to "Personal firewall is completely disabled" followed by a computer restart - disabling HIPS and Self-defense followed by a computer restart - disabling real-time protection via gui

Couldn't it be that somebody logs to this computer remotely via RD and thus HIPS windows are shown in the account of another user?

The rules should work as long as the browsers are not already running. Could you confirm or deny my assumption?

It is important to know whether the files infected with the virus were detected or not, whether cleaning failed or succeeded but files became unusable after the cleaning. A malware infection shouldn't cause the scanner to stop scanning, perhaps it was scanning a large file and after a few minutes it would continue scanning other files.

Do you use the firewall in automatic mode with exceptions? Please enable logging of blocked connections in the IDS setup, reproduce the issue and then copy and paste here the recent ESET firewall log records.

Basically all relevant samples are processed quickly. We're seeing a lot of "rubbish" being sent to the viruslab so without checking your samples it's impossible to tell if that's the reason why your samples haven't been processed yet. Feel free to PM me your email address so that I can check out your samples.

Please create a SysInspector log and submit it to ESET along with a link to this thread as per the instructions here.

If you run an on-demand scan, are you sure there are no logs created if you select "Computer scan" in the Log files section? The best would be if you could save the entire log to a text file and upload it here so that we know what threat was actually detected, the location it was detected in as well as the action that was taken.

Importing the root certificate into Opera 15 is not currently supported as they've made substantial changes to the program. You'd need to export the root certificate from v7 and import it to Opera manually.

Exclusions are applied only to files on a disk. Please post the appropriate threat log record here.

You can only disable particular protection modules or uninstall ESS completely.

If disabling Advanved memory scanner makes a difference, this issue should be fixed in the next v7 beta build.