Marcos
-
Posts
37,941 -
Joined
-
Last visited
-
Days Won
1,504
Posts posted by Marcos
-
-
What do you mean by highest memory usage? Does ekrn.exe use more than 150 MB of memory on your system? Have you tried installing the latest v7 to see if it makes a diiference?
-
If disabling HIPS helps, do the following:
- clear the HIPS log
- enable logging of all blocked operations in the advanced HIPS setup
- reproduce the problem
- disable logging
- post your HIPS log records as well as information about your OS and installed modules here.
-
A Procmon log would show you what application keeps deleting the file.
-
Does switching the firewall to learning mode make a difference?
-
First of all, please narrow it down to a particular protection module by disabling each, one at a time:
- real-time file system protection
- HIPS (a restart will be required)
- Protocol filtering (in advanced setup)
Do you use default settings? When exactly do you observe slowdown? (when playing games, browsing the web, running a specific application, etc.)
-
Version 7 was actually released with least bugs reported compared to older versions. Unfortunately, we still don't know what issue you're having with v7 so we couldn't help you resolve it yet.
As for v3, it provides the lowest protection level so I'd never recommend installing it. V4/v5/v6 contain bugs that were addressed in newer versions, hence we always recommend installing the latest one.
-
If you use a script very similar to what malware uses, it will be obviously detected by generic signatures like in this case.
-
A lot of false detection? Definitely not with ESET which is known for extremely low number of false positives. Of course, hosts file can be detected, too, if it contains redirections known to be added by malware.
I've tried to download the file from the link above but my ESS didn't detect anything.
ESET doesn't remove a file without popping up an alert and logging the detection as well as the action taken on the file. I assume it must have been something else that removed the file.
-
I, for one, don't know what's behind those tests. What matters to me is how users perceive the efficiency and performance of our products in real life
Anyways, I'll try to get more info about the methodology used in the mentioned, however, I cannot promise it will be possible to disclose more details in case the participants were binded by an agreement with the testing organization. -
what should I do or configure to defend my computers from this virus by eset av?
1.Don't disable the AV, 2. Execute the malware, 3. Just to see if you will get infected or not.
I'd add - 2, Don't execute the malware on production systems
If you want to do some tests, do them on isolated computers (physical or virtual) not containing confidential or important files. -
Couldn't it be that you excluded network locations from scanning?
-
If the file is already detected (which probably is as you mentioned the name Win32/Kryptik.BRKV), v6 and v7 must detect it upon execution as they both already had advanced heuristics enabled on file execution. With older versions where this option was disabled by default, it was possible to get infected (e.g. if one disabled protection modules and downloaded malware). I'd suggest sending the file along with your product configuration exported to xml to ESET as per the instructions here.
-
Disabling antvirus protection to run malware intentionally and then complain that the malware has infected the system sounds .... weird to say the least.
-
Perhaps the safest workaround would be to add the url to the list of addresses excluded from protocol filtering.
-
This option is disabled by default so if you enable it, don't wonder that Gamer mode will activate automatically when an application running in full-screen mode is detected
-
We have offered you our help in pinpointing the issue. It could be that HIPS is blocking an application running on your computer is attempting to intervene into crucial system processes or registry keys. Unfortunately, without your assistance and narrowing it down to the particular module this will remain just a speculation and obviously we won't be able to fix it or tell how to circumvent it.
-
This should be fixed in Internet protection module 1097 which should be available on pre-release update servers some time soon. If you want to receive the module among the first, enable pre-release updates in the advanced setup.
-
Hello,
basically ESET Smart Security is ESET NOD32 Antivirus + Antispam and Parental control.
-
Unfortunately, I can't find any personal message from you. Please resend it.
-
eset 7 is heavy... heavier than 6 which was heavier than 5 which was heavier than 4. Man I long for the eset 4 nod32 days. I wonder if eset 4 would run on win8.1
We'd really like to investigate your issue as version 6/7 should be the lightest in terms of footprint thanks to LiveGrid. I assume that you use default settings and have Smart optimization as well as LiveGrid enabled, do you?
Please create a new topic with this issue or send me a pm with information if disabling real-time protection or any of the other protection modules makes the performance issue go away.
-
Does it also happen when you disable the option "Enable Gamer mode automatically when running applications in full-screen mode" ?
-
Do you mean that only Chrome is affected and otherwise you can work with your machine? Does it happen only with the computer connected to the Internet or even when you disconnect it from network?
-
I've heard from some users that Spector is not detected any more when excluded from scanning.
-
Try the usual procedure for re-creating and re-importing the ESET root certificate:
- close all browser and email clients (check the Task manager to make sure they are not running)
- disable SSL scanning and click OK
- enable SSL scanning and click OK
- launch a browser and try to reproduce the problem
Anyways, I'll try to get more info about the methodology used in the mentioned, however, I cannot promise it will be possible to disclose more details in case the participants were binded by an agreement with the testing organization.
False Positive of MVPS hosts file
in ESET NOD32 Antivirus
Posted
1, you used an old virus signature database. This sort of FP was fixed on Oct 28.
2, it was a modified hosts file which was detected at that time. The original hosts file from winhelp2002.mvps.org was not detected.