Marcos

If you rename C:\ProgramData\ESET\ESET Smart Security\epfwdata.bin and C:\ProgramData\ESET\ESET Smart Security\EpfwUser.dat in safe mode, does it fix the issue ?

Please post more information from the on-demand scanner log with the full path to the files as well as the detection names.

Hello, make sure that you have SSL scanning enabled.

I'd suggest leaving HIPS mode in automatic mode. If you are computer savvy, you can define your own rules, e.g. make HIPS prompt you for an action when an application attempts to write to a run key. For instance, I use a rule to ask me before running an application for which no rule has been created yet.

I assume you have ESET NOD32 Antivirus Business Edition for Linux Desktop 4.0.79 installed on clients, do you? What Linux distribution do you use? Also post the output of running "uname -a".

Protocol filtering works at the application layer so it doesn't inspect packets. Did disabling protocol filtering actually make the issue go away?

Win32/Protector.A virus is a detection from 2009 and ESET's products should be able to clean it. Please submit a couple of uncleanable files to ESET's malware research lab as per the instructions here.

Script malware is often injected only if certain conditions are met, e.g. if a specific browser is used.

Look at the first line of the html code, it most likely contains a malicious script with an iframe.

If you encounter an issue with the system locking up with ESET installed, please create a complete memory dump as per the instructions here which should help the engineers find out the cause. When you have a dump from the point of a system lockup ready, contact Customer care (or me or another ESET moderator) who will provide you with further instructions how to convey it to ESET. It's often 3rd party drivers or applications that clash with ESET's products. I, for one, am not aware of any stability issues that the latest public builds of ESET's products would suffer from.

Basically it should be enough to restart / turn on the computer, wait approximately 5-10 minutes until EAV/ESS updates and a startup scan is run in the background. Then restart or turn off/on the computer and the malware should be gone. Sometimes it may be necessary to wait until the next update with a detection for the malware is issued. In such case, contact Customer care who will assist you without the need to wait for the update.

If you run an on-demand scan, the results will be stored in on-demand scanner logs. If a threat is detected by other modules, it will be logged in the Detected threats log.

We are aware of the issue and investigating it. As soon as we have some news, we'll let you know.

This kind of error normally occurs if the backup msi file is deleted from the \Windows\Installer folder. I'd suggest removing ESET completely using the Uninstall tool as per the instructions here and installing EAV v6 from scratch.

We weren't able to reproduce the issue on Windows 7. Please provide more information about the cdr/dvd recorder you use (brand, model), whether it's external or internal and whether connected via (e)SATA/PATA/USB(1,2,3), firewire,etc.

First of all, nothing has changed in recent Endpoint builds that would make the mentioned issues manifest. This issue should be fixed in the latest build 5.0.2214. This is nothing new and the issue with pop-up notifications has been there for ages. V6 had the notification feature completely revamped to rule out the possibility of a bug. This didn't stop the notifications from appearing, however. Recently we've found out that the issue is most likely caused by the fact that Windows returns an undocumented error number. A workaround for this will be incorporated in one of the future builds.

Unfortunately, it's not clear what issues you've been facing while using ESET's products. Could you elaborate more on that? ESET has been continually improving the functionality, stability and overall usability of the products. Regarding malware detection, this has been tremendously improved since v2 and ESET is now able to protect against most of newly emerging threats proactively while detection for not yet recognized threats is added almost immediately.

It looks like a setup file so it may not be scanned internally. Please PM me the download link to the file as I was unable to find it according to the hash. Alternatively you can email it to ESET as per the instructions here.

You can see a list of online users at the very bottom on the main forum page:

It's malware written in Autoit. It registers in the HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/Windows Service Manager key and HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/Windows Service Manager with the path C:\ProgramData\Windows Service Manager0\xsytzecrn.exe. (The file name seems to be random.) According to the alert, there was no error while cleaning. Try restarting the computer to make sure the malware does not load. The malware will be renamed to Win32/Neurevt.A as of the next update.

The test was scheduled for next week so we've got no results yet.

SysRescue is not currently available as a stand-alone tool. It's part of ESET's desktop and server products.

ESET products work best with default settings and there's no need to tweak them. Only advanced users should do that providing they fully understand the impact on protection and system performance.

Please submit the file to ESET as per the instructions here.