Marcos

I'd suggest running a disk scan with ESET Online scanner first. If no malware is found, install ESET NOD32 Antivirus or ESET Smart Security from scratch and create install logs as per the instructions here. When done, send me the logs attached to a personal message.

If email protection detects malware in an email message, it's removed automatically by default. You can run a full disk scan (including a memory scan) to make sure that the computer is most likely malware-free.

Try reinstalling Windows Installer please.

If your system is Windows XP or Windows 2000, any application communicating via http will generate a communication via ekrn.exe which works as a local proxy.

Maybe the solution would be to use Eshell to disable protection during a backup or use it to temporarily exclude the target backup folder.

Without knowing the detection name (and ideally getting the file itself along with the ESET Event log), it's impossible to comment on it. Maybe EMSX updated to the signature database containing a signature for the given malware after the email was received by the mail server.

We recommend using default (automatic) mode for users unless they experience issues with certain applications. In automatic mode, all outgoing communication is allowed and all non-initiated incoming communication attempts are denied.

It's blocked because of a Java exploit present on the domain.

Please start Windows in safe mode and rename the drivers C:\Windows\System32\drivers\ehdrv.sys and eamonm.sys, one at a time. Let us know if renaming either driver makes a difference.

Does it happen with Device control integration disabled? Note that after disabling it, it's necessary to restart the computer for the change to take effect.

It happens that such archives are empty or corrupt so their content is benign. Please send some examples of suspicious files get get through your ESET protection as per the instructions here.

No. A password is always required when an operation potentially affecting protection is attempted.

I'd suggest the following: - enable debug logging - reproduce the problem - provide Customer care with the debug log C:\ProgramData\ESET\ESET Remote Administrator\Server\logs\era_debug.log Are you able to connect to ERAS after restarting the ERAS service by running the following commands with elevated admin rights? "net stop era_server" "net start era_server"

Just to make sure, does BSOD occur with the latest version 6.0.316 or you have an older one installed? If possible, try to reproduce it with the latest v6 or v7 beta and let us know about your findings. An issue with symlinks pointing to a different volume was already fixed in an older build of v6.

Regarding upd.ver, reading from or writing to it definitely cannot cause any issues. Please contact Customer care and provide them with the Procmon log for analysis. As for the problems with submitting longer posts, I've notified our forum administrator and we'll look into it.

It was not the icon file but an actual anchor referencing to a site recently hosting a malicious content. HTML/SrcInject is an algorithmic detection that is triggered automatically in case of a reference to a malicious site (ie. it was not made on purpose because somebody had reported it to us).

If you are from Belgium and purchased the license from the Belgian distributor, please fill in the support form in Belgian or French to contact the local Customer care. In the mean time, you can activate a 30-day trial version which will provide full protection until the issue is sorted.

Installation of a newer version over an older one with settings preserved has always been supported.

I'm able to access it without anything being blocked. There was a reason for the block as the domain referenced from the website in question has recently hosted malware endangering users.

It doesn't matter if ekrn is 32 or 64-bit, you wouldn't notice any difference at all if it was 64-bit.

It was a reference to a server known to have recently hosted malware which was blocked. The block has been adjusted slightly so that it's not triggered in this particular case.

Hello, clients in a corporate environment should update from a local mirror without having the username and password entered. Your username and password for update should only be entered in the ERAS update setup provided that clients update from a mirror created by ERA.

When you first connect to a network and choose Home network (ie. a network with sharing and some other services enabled), an authenticated zone will be generated automatically based on certain network parameters (e.g. DHCP or DNS server IP, gateway's IP, SSID,etc). If this parameter changes and the zone cannot be authenticated, you'll be presented the dialog with network type selection.

Since this topic has gone astray, we'll draw it to a close. Everything has been said and explained in this or other related topics.

Does the problem actually go away after temporarily disabling firewall via gui?