Marcos

What about changing the firewall integration to "Only scan application protocols" or "Personal firewall is completely disabled" in the advanced setup?

The update issue is discussed here and we assume it will be solved shortly by temporarily disabling notifications about newer versions. The issue doesn't affect updating as is more of a visual glitch than a serious issue.

There's another forum dedicated to v7 beta and an ongoing dicussion about this issue. Having said that, we'll draw this topic to a close.

The aforementioned message appears if update files are modified by a proxy server. I'd suggest that you capture the network communication using Wireshark during an update (http should suffice), upload it to a safe location and send me the download link via pm.

Whenever you experience issues with BSOD, please provide the memory dump created during the crash and compressed in an archive to ESET for analysis. Feel free to drop me a personal message with a download link to speed up the analysis.

We've fixed it during a remote session. There was a shortcut in the startup folder attempting to load a non-existing dll.

Unfortunately, this is not possible. Creating general rules for files just by name while ignoring the path would be dangerous as the rules would be easily applied for malware, too, if the same file name was used by malware.

I reckon Leadbolt is detected as a potentially unwanted application (PUA) which is a fully optional detection.

Just to inform other users, the issue was confirmed to be caused by a bug in Windows Filtering Platform and other vendors have reported it to Microsoft as well.

Yeah, sorry, it's was early morning and I misread the post

It seems to be a weird tactics to make own software totally undocumented for 3rd party vendors and then offer own solutions. Note that ESET scans email for malware regardless of the email client use provided that it's received via POP3(S)/IMAP(S) protocols. The only module that won't work without a dedicated email client plug-in is antispam.

I'd suggest enabling logging of all files so that you can see what's actually being scanned.

If you have the full version of Malwarebytes installed, you should disable its real-time protection (especially if you have Windows XP).

Please supply the memory dump created during BSOD to ESET for analysis. It doesn't necessarily mean that ESET is the culprit; the BSOD could be caused by a bug in Windows Filtering Platform and not having the appropriate hotfixes installed. The memory dump should definitely shed more light.

Please confirm or deny my assumption that automatic updates are downloaded fine as long as an automatic update task is scheduled and the only issue is that Application update gets stuck.

The issue is being investigated. I was able to update v7 without an issue on Windows XP so far.

I've tried to reproduce the issue on Windows XP to no avail. After installation and a computer restart, the system started alright. If you can reproduce the issue with black screen, does it go away after renaming C:\Windows\System32\drivers\ehdrv.sys driver in safe mode?

We'd need to get a SysInspector log as well as a boot log created using Process Monitor for analysis. Maybe the fastest way to tackle this issue would be by contacting your local Customer care who would assist you with the issue.

If disabling firewall makes a difference, enable logging of blocked communications in the IDS setup, reproduce the issue and post the recent firewall log records here.

Do you mean that egui.exe is not among running processes in the Task manager after the system starts?

Do you use default antispam settings? Does disabling either "Add text to email subject" or "Move messages to spam folder" make a difference?

When reporting an issue to ESET, an ESET SysInspector log is the most essential thing to get for analysis along with the information which of the protection modules needs to be disabled in order for the issue to stop manifesting. Feel free to send me the log attached to a personal message.

Apparently the file has been detected since update 8624. Almost none of the big AV vendors detect it to date.

It's not wise to restore malware just in order to get rid of this message. Please create a SysInspector log and send it to me attached to a personal message.

Detection was actually added in update 6862 on Feb 2, 2012 and it's been detected since then: c:\test\9c0b098ca31c83cd2baa703ea657ac9a8c852cb8.htm - JS/Kryptik.HK trojan