Marcos

If you look at the performance test closer, they state: Use cases: visiting websites, downloading software, installing and running programs and copying data. That said, it all boils down to what files are used. If large archives or heavily packed files are used, it will take longer to scan them. However, without knowing more details about this particular test, it's impossible to comment on it but generally said, in a real-world scenario ESET is one of the lightest AVs in terms of the system footprint. Also we've been continually working on improving performance of code emulation so that files are emulated by advanced heuristics much faster than ever before.

If you have an email address in the exception list, it will always be checked for spam regardless of whether it's in the whitelist or not. If you do not receive spam with your email address listed as the sender, removing it from the exception list should do the trick.

Check this out for a comparison.

50-80 MB is normal nowadays, also given that only the engine with signature database is about 31 MB in size which needs to be loaded in memory. Also memory is used for operations that would otherwise require writing to the disk which speeds us scanning a lot.

Reading several files at once from different physical places on the disk would make hard drive heads move forth and back which would actually slow down the scan speed. You can observe the same when copying files simultaneously within the same disk - it takes longer compared to the scenario when only file is copied at a time.

Your test was not performed with the public beta. Please try to reproduce it with v. 7.0.104 currently available for public testing and regardless of your findings, report the issue to customer care via the built-in form,

This would happen if the ERAS service was not running with efficient permissions. Under what account is your ERAS service running? Since your license was purchased in the USA, to contact the US Customer care, fill in the form hxxp://www.eset.com/int/support/contact.

Just to make sure, do you have the proxy server configured properly in the advanced ERAS setup?

Do you mean firewall on the server or on clients? If you create a mirror on the server using ESET Remote Administrator, is it created alright without an error and the problem is just with updating clients from the mirror?

I've seen variants detected only by ESET so the likelihood that the samples you're referring to are detected is quite high.

Most likely it's detected as Win32/Filecoder.XX. However, without an exact sample it's impossible to tell for sure and my assumption is based only on searching for the name provided.

Please post here a complete record from your ESET Threat log containing the full path to the file, the detection name as well as some other information.

You'd need to disable real-time protection but this would leave your computer unprotected. It's the role of real-time protection to scan all files that are created or accessed by the operating system or 3rd party applications. Are you experiencing any issue with real-time scanning?

Does the slowdown occur at the time the clients receive an update? By default, a startup scan is run after an update to make sure no threat is active in memory. Are they systems with multi-core processors or what's the hw configuration?

In order to troubleshoot the issue, we'd need a Process Monitor log from an issue replication for analysis. When you create one, compress it, upload it to a safe location and pm me the download link.

You can try v7 but since Windows XP uses legacy drivers and does not support minifilters, it won't make any difference and the issue will occur also with v7. There are basically 2 options: 1, upgrade the operating system to a newer one with support for minifilters 2, make the application open files for writing only in one thread. Making a change preventing the issue from occurring on Windows XP would cause the real-time scanner not to detect malicious files.

It's been confirmed by engineers that this issue cannot be fixed in the legacy driver used in Windows XP and older due to technical limitations of the operating system. Issues like this may occur if an application opens files in 2 or more threads for writing and ShareMode read,write. That said, the only solution is to use a newer operating system as keeping real-time protection disabled is not an option. Another solution would be to make the application open files for writing only in one thread in which case the sharing violation wouldn't occur.

Probably it's because I didn't restart after installing v7 beta. Anyway it's not a big deal as long as the Exploit Blocker is functional, which I hope it is, am I right? So this explains the problem. A computer restart is required for the text to be displayed as it was added via a module update so that beta users can test the new feature without making a new beta version.

I've noticed that sharing violations occur on C:\Database\tempres.bin. Was the Procmon log created with v4, v5 or v6 installed? I assume you're using Windows XP, could you confirm? As for the issue with v7, could you try installing it again, now without importing settings from a previous version? If the problem persists, please create one more Procmon log with v7 installed. In that case, it'd be most likely a known issue of legacy drivers that could only be fixed in the minifilter driver used on Windows Vista and newer.

The thing is you're looking at the Web protection settings -> URL address management on the client but in the Configuration editor you have a Web control setup window with rules open. Web access protection and Web control are different features although both allow for blocking URL. While URL address management is a part of Web protection, Web Control is an equivalent to Parental Control in home version.

Code emulation is a kind of a task that can only be performed sequentially. It's not that we now have multi-core processors and every single application will benefit from it when performing its tasks. As I wrote, if several scans are run at once (e.g. on mail servers), scanning threads are run by separate cpu cores simultaneously which increases the overall scan performance.

We've been unable to reproduce it. After updating a fresh v7 beta and restarting Windows, the text "Enable Exploit Blocker" is always displayed.

Please contact the French Customer care via this form. For licenses ordered via the web, you should get an email with your license details within a few minutes after purchase.

Regular automatic updates are attempted on an hourly basis by default as long as the computer is turned on.

If disabling real-time protection actually helps, the only operations performed by real-time protection are those with ekrn.exe process. Other modules do not perform file operations and even network operations are performed by ekrn.exe. I have a long-time experience analyzing Procmon logs and various issues related to ESET products so I'm sure I'm not mistaken