Marcos

This is probably not possible, wildcards in this form are not supported. I was unable to accomplish it either. It works fine for me. Please post the warning you're getting and let us know what browser and its version you use. Try the following: - with web browsers and email clients closed, disable SSL scanning - enable SSL scanning - launch the browser

Probably the original installer from removed from the c:\windows\installer folder in the meantime. Please follow these instructions to remove EAV completely in safe mode and then download and install the latest version from scratch.

What do you mean by "computer freezes during scan"? Does the system become completely unresponsive for a very long time?

If certain communication is blocked, carry on as follows: - enable logging of blocked communications in the IDS setup - reproduce the issue - check the firewall log for more details about the blocked communication (copy the recent records and paste them here). - disable logging.

It seems you enabled SSL scanning but import of the root certificate into your browsers or email clients failed. Feel free to disable SSL scanning.

We kindly ask you to post in English or contact your local distributor who will assist you.

Ransoware encrypting files on a disk is not something new. The recent variant you've mentioned is currently being analyzed so at the moment we're not able to tell if it'd be technically feasible to decrypt them.

When tackling an issue, it's necessary to narrow it down to a particular protection module or setting that affects the issue. Disabling the modules was in no way meant as a permanent solution.

In a nutshell = to make a long story short.

Please submit prefs-1.js to ESET as per the instruction here and with a link to this topic enclosed. Although it's unlikely to be false positive, we'd like to check it out to make sure.

If egui.exe is running, couldn't it be that you've recently connected remotely via Remote Desktop or there are more users logged on at a time?

You can check the signature database version number in the Update section of the main gui. You can also try running an online scan.

How? Malware running in memory may not exist on the disk.

It sounds like the java script is located on a url that you previously blocked access to it and thus the script cannot be loaded. Carry on as follows: - untick the "Allow access only to URL addresses in the list of allowed addresses" box - add * to the list of blocked addresses and tick the "Notify when applying address from the list" box Now if you open the website with the java script blocked, you should get a notification with the url containing the script that was blocked.

Did you run a full scan with the most current signature database 8631?

Please provide step-by-step instructions how to reproduce the problem. Also provide more information about your oper. system, browser and ESET's modules that are installed.

I don't think there's anything secret in that message, this information is also available on ESET's website.

Please create 2 Wireshark logs, one with http filtering enabled when the issue occurs and the other one with http filtering disabled when your router's admin pages open fine. When done, upload them to a safe location (e.g. Dropbox, Skydrive,...) and PM me the download link.

Information from LiveGrid might be misleading in case of malware as they would show for the process malware is injected in, ie. not for the malware itself. That said, a user would see ESET recommending them to allow the action based on the data from LiveGrid but in fact they'd allow malware to perform its action.

There's no evidence that ESET is causing the freeze. Even if renaming the drivers (ehdrv.sys, eamonm.sys) in safe mode made a difference, it wouldn't necessarily mean ESET is the culprit. If the system freezes, please generate a complete memory dump and convey it to ESET for perusal. Based on the dump, we'll be able to tell if there's a problem with ESET's driver or if it's another driver / sw that you have installed which causes the issue.

This shouldn't normally happen. Make sure you don't have logging of all blocked communications enabled which should only be used with care when troubleshooting connectivity issues. The filter enables you to filter records according to certain text they contain in specified columns plus you can specify the severity of the records to filter as well as the time period. If you need more advanced filtering, you can export the log to a text file and use other tools to filter the desired records.

We would also be interested in knowing more details about the issues you encountered. It may not necessarily be ESET's fault that issues occur in conjunction with 3rd party software installed.

ESET uses startup scans to scan objects and files run when a computer starts. This also increases the chance of catching new born malware not detected by signatures yet.

Please refer to this KB article. When submitting samples from an infected computer, it's also good to enclose a SysInspector log as well as the threat log from the computer.

If importing the root certificate doesn't resolve the issue, we'd need to get further logs for investigation. Let us know about your findings so that I can provide you with further instructions if the advice given doesn't help.