Marcos

I assume you prepared the files yesterday when you were able to reproduce the FP, right? Then you can upload the package to our ftp server as per the instructions I sent you yesterday (check your private messages by clicking the envelope in the right-hand upper corner of the forum). Anyways, I assumed the detection can be reproduced at any time when a scheduled disk scan with operating memory selected among targets is run which doesn't seem to be the case (as you couldn't reproduce it today any more). Please try to find out the common pattern when the FP is detected as this is very important information for us.

First of all, we'd need you to reliably reproduce the detection. Do you know if something has changed between when the FP was detected during a scheduled scan and the last scan when nothing was detected? (e.g. the computer was restarted in the mean time, a specific application was running when the FP was detected, etc.). Try to run scheduled scans from time to time and try to find a common pattern when the detection is triggered.

Discussion on this topic was moved here.

Only a quick scan is run when the operating system starts and it's the only scan that is run by default. Normally it shouldn't take more than a few seconds for the scan to finish. You've mentioned that you didn't let the scan complete. However, startup scans are run silently in the background and there's no way to stop them. That said, I assume you stopped a scheduled disk scan instead of a startup scans.

A correct system date must be set in order for the program to report out-of-date status correctly. Try restarting the computer after setting the system date.

Does this error occur when you attempt to connect to an ESET Remote Administrator server from the console? Are you able to ping the IP address of the ERA server?

Do you use ESET Mail Security for Microsoft Exchange server or another ESET's product?

Couldn't it be that the files in question were on a mapped network drive?

Please create a package (rar/zip) containing the following stuff: - all *.dat files in the ESET install folder - dump of ekrn.exe (right-click ekrn.exe and select Create dump file) - SysInspector log Also I'll drop you a pm with further instructions where to upload the package. Could you confirm or deny that these detections occur only if you run a scheduled scan and not when you run a smart scan or on-demand scan of the whole disk via gui?

Since real-time protection is the most crucial protection module that should never be disabled, there's no way to turn off the warning.

The issue has been reported to engineers as a bug. V4 didn't pop up a notification when a scheduled scan was started.

By "disable Eset protection temporarily", you meant disabling personal firewall via gui? If so, try the following: - clear the firewall log - enable logging of blocked connections in the IDS setup - reproduce the problem - post the firewall log here

What's the difference between the scans with ~681,000 files scanned and ~396,000 files scanned? If the latter was a scheduled scan, too, why is the number of scanned files so much smaller? As for the last scheduled scan (681,442 files) when no threat was detected, I see that memory was not scanned this time. Did you disable memory scanning intentionally? If so, does re-enabling memory scan trigger detection again? Please also post information about installed modules from the About window as well as information about the oper. system and platform (x86/x64).

Disabling the Social media scanner is not a solution that would help the user stay protected on Facebook. We'll see what he'll reply to my question.

If you receive the error mentioned in the initial post, try disabling self-defense and restarting the computer prior to uninstalling ESET and see if it makes a difference.

Doesn't the bubble pop up only when a scheduled scan starts? In such case, it's important to notify the user,otherwise it might be difficult for the user to realize that it's the scan that consumes cpu.

Are you able to reproduce it at any time and with any malicious link? I'm also interested to know more about your statement "Most of threat can be detected by ESS." Does that mean there are also some undetected threats that one could download and run?

How many friends do you have on FB? With about 1000 and more, it may take hours to finish the scan and the scanner may time out.

There's no public list of PUA/PUPs. If you think that using a particular PUA/PUP outweighs the risk and don't want to turn off the detection completely, you can exclude such an application from scanning.

The application will be analyzed and the detection adjusted accordingly to our findings. Having said that, we'll draw this thread to a close.

Why? What advantage would you expect from a native 64-bit kernel as opposed to the current 32-bit version?

Version 6.0.316 is intended for home users, it doesn't support ERA and some other features mainly used in a corporate environment.

What operating system do you use?

That's because the files got into cache yesterday. The users can choose whether to submit them or not, afterwards they won't be prompted again. Alternatively they can flush ThreatSense.Net cache, set TS.Net not to ask before submitting files or disable file submission completely.

I'm getting "403 - Not Found" error. Please submit any suspicious samples as per the instructions here.