Marcos

You can ignore this message, it's merely a notification that an application is transmitting non-standard data via the ICMP protocol. This kind of detection has recently been disabled by default.

No release date has been set yet. The current v7 beta has turned out to be perfectly stable and I'm not aware of any severe issues with it.

Could you please check if Web control is actually enabled on the client and that the policy was applied properly?

No wonder that Windows 8.1 RTM is not yet supported as it leaked and is not officially available to the public yet. The appropriate modules will be updated shortly to support it provided that you have v7 and pre-release updates enabled.

With personal firewall completely disabled, ESET cannot affect network communication in any way as it's not integrated in the system at all. You can also try installing the latest stable beta v7 downloadable from hxxp://www.eset.com/int/beta/v7.

I'd suggest installing the latest version of ESET Endpoint Security 5.0.2214 instead of an old version ESS BE 4.2 which also contains bugs fixed later in Endpoint v5. If installing the latest version of EES doesn't help, try excluding the file c:\Database\tempres.bin or the whole folder c:\Database\*.* from scanning and let us know about the result. If the clients you've mentioned don't have a business / Endpoint license purchased (typically for 5 and less computers), they could try installing the latest stable beta v7 downloadable from hxxp://www.eset.com/int/beta/v7 (at least just for a test) and see if it resolves the issue.

Does disabling firewall via gui or changing integration to "Personal firewall is completely disabled" in the advanced setup make a difference?

Does the problem persist after a computer restart?

It's weird that disabling real-time protection and HIPS didn't help. If possible, try installing the latest beta 7 (use default settings) and let us know if the bluray software stops crashing or not. If the problem persists, start Windows in safe mode and rename the files eamonm.sys and edevmon.sys in the C:\Windows\System32\drivers folder and see if that makes a difference.

Does disabling HIPS and Self-defense followed by a computer restart make a difference?

Please submit the file tutle.exe to ESET as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141.

The website is not blocked. Probably it was a malicious java script that was detected as JS/Kryptik. SCUMWARE.org URL description This URL is or was distributing a malware variant of JS/Kryptik.ALB trojan

I'd suggest creating a complete application memory dump of egui.exe when you observe the issue. You can achieve this by downloading Procdump and running "procdump -ma egui" which will create a dump. Then supply it to customer care for further analysis.

I'd emphasize that this doesn't mean there might be malicious files which would be skipped and left undetected due to smart optimization.

This has nothing to do with Windows updates. Perhaps you opened the setup immediately after installing the beta without updating it first.

You must be using outdated modules. Please post information about installed modules here.

Do you mean that after disabling ESET firewall emails are received instantly?

The issue is already closed, it's not FP. Having said that, we'll draw this topic to a close.

Please try to install ESET again. After installation, update it and write down the version of the installed modules (available in the About window). If the problem recurs after a restart, we'll need to get the list of installed modules as well as what OS and platform do you use.

A Process Monitor log from the moment you attempt to update ESET might shed more light. If you manage to create one, compress it, upload it to a safe location and pm me the download link. I'll check it out then.

I can tell that at least one of the vendors who block the malicious website at VirusTotal does not detect the malicious script and does not block other websites that serve the script to users. Just two examples: Normalized URL: hxxp://gxxxxx.com Detection ratio: 1 / 38 ESET Malware site Normalized URL: hxxp://wxxxxx.com/ Detection ratio: 1 / 38 ESET Malware site I'd also add that it's been detected and blocked by ESET about 20,000 times so far so it seems to be a quite prevalent web threat not yet recognized or blocked by other vendors.

It seems to be a recently added malware that is probably downloaded from legitimate compromised websites. I assume the alert started popping up only after you visited certain website, not immediately after reinstalling Windows. This is also a good example of that ESET excels in detection of web-borne threats Is the threat detected even if you don't open any website in a browser? Couldn't it be that you were attempting to look up something on the "www.re.....ce.com" domain? (some letters were intentionally replaced by periods). Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread by following the instructions in this KB article.

What do you dislike about the firewall? In my opinion, the interface is very clear and straightforward, much easier to control compared to some other firewalls. Of course, there's still room for improvement like in any software product but personally I don't miss a thing when it comes to features.

Does the problem persist even after a computer restart? I'd suggest installing ESS v6 or v7 beta just in case the issue was caused by a bug in old v4 versions.

Whenever a certain network communication is blocked, enable logging of all blocked communications in the IDS setup, reproduce the issue and then check the firewall log for details about the communication that was blocked. This should help you create the appropriate rule.