Marcos

You can find this information in the header of file em002_32.dat.

Please compress the memory dump, upload it to a safe location and PM me the download link. No BSOD issues have been reported so far so it's likely it's caused by another driver.

The expiration date is synchronized with servers once or twice a day as far as I remember which could explain why a correct expiration date was shown on other laptops with a delay.

It has not been confirmed as a bug by engineers yet. If it's confirmed to be a bug, it won't be fixed before a service release of v7.

Of course these marketing statements must be taken with a grain of salt. Isn't it suspicious that popular rootkits / bootkits that died out a few years ago would be undetected by popular vendor after so long time? ESET basically protects against all of them but unfortunately it's not possible to verify them as the tester does not provide any useful information to other av vendors.

ESET stores temporary files in the system and user temporary folders pointed to by TEMP and TMP variables. Changing the variable values should do the trick.

I was able to reproduce it only once in the past. Since then the website opens fine with both older and latest Internet protection modules so I assume something has changed on the server or the occurrence of the issue depends on timing somehow.

This is probably not possible, wildcards in this form are not supported. I was unable to accomplish it either. It works fine for me. Please post the warning you're getting and let us know what browser and its version you use. Try the following: - with web browsers and email clients closed, disable SSL scanning - enable SSL scanning - launch the browser

Probably the original installer from removed from the c:\windows\installer folder in the meantime. Please follow these instructions to remove EAV completely in safe mode and then download and install the latest version from scratch.

What do you mean by "computer freezes during scan"? Does the system become completely unresponsive for a very long time?

If certain communication is blocked, carry on as follows: - enable logging of blocked communications in the IDS setup - reproduce the issue - check the firewall log for more details about the blocked communication (copy the recent records and paste them here). - disable logging.

It seems you enabled SSL scanning but import of the root certificate into your browsers or email clients failed. Feel free to disable SSL scanning.

We kindly ask you to post in English or contact your local distributor who will assist you.

Ransoware encrypting files on a disk is not something new. The recent variant you've mentioned is currently being analyzed so at the moment we're not able to tell if it'd be technically feasible to decrypt them.

When tackling an issue, it's necessary to narrow it down to a particular protection module or setting that affects the issue. Disabling the modules was in no way meant as a permanent solution.

In a nutshell = to make a long story short.

Please submit prefs-1.js to ESET as per the instruction here and with a link to this topic enclosed. Although it's unlikely to be false positive, we'd like to check it out to make sure.

If egui.exe is running, couldn't it be that you've recently connected remotely via Remote Desktop or there are more users logged on at a time?

You can check the signature database version number in the Update section of the main gui. You can also try running an online scan.

How? Malware running in memory may not exist on the disk.

It sounds like the java script is located on a url that you previously blocked access to it and thus the script cannot be loaded. Carry on as follows: - untick the "Allow access only to URL addresses in the list of allowed addresses" box - add * to the list of blocked addresses and tick the "Notify when applying address from the list" box Now if you open the website with the java script blocked, you should get a notification with the url containing the script that was blocked.

Did you run a full scan with the most current signature database 8631?

Please provide step-by-step instructions how to reproduce the problem. Also provide more information about your oper. system, browser and ESET's modules that are installed.

I don't think there's anything secret in that message, this information is also available on ESET's website.

Please create 2 Wireshark logs, one with http filtering enabled when the issue occurs and the other one with http filtering disabled when your router's admin pages open fine. When done, upload them to a safe location (e.g. Dropbox, Skydrive,...) and PM me the download link.