Marcos

Does renaming C:\Windows\System32\drivers\ehdrv.sys in safe mode make a difference?

We recommend that clients in a network update from a local mirror to avoid licensing issues and to reduce the amount of data downloaded from ESET's servers.

Does disabling any of the protection modules make a difference? Did the support tell you if the error is related to network communication or something else?

The detection is correct. The only communication channel for disputing detections is email; for more information how to report a file to ESET, see this KB article.

Don't know what P4m1936duw1983 is as it's definitely not the password belonging to the username you've mentioned. Software is activated automatically after entering the username and password in the product. I've checked your license and there doesn't seem to be anything wrong with it; it's valid until June 2014. Are you having problems receiving updates?

It was confirmed that is an Android system flaw which affects all software vendors and only Google can fix it.

Please post the information about installed modules.

PCU method described here should work for clients running any older version of ESET's products. As for the Upgrade feature available in ERA, it was first supported in one of the last v4.2 installers so it won't work for older versions.

Could you install ESET NOD32 Antivirus 7.0.104 beta just to see if it makes any difference? Athough it's intended for home users and is still in the beta phase, it contains the latest fixes for MS Outlook client so it'd be good to know if the issue goes away then or not. After you test v7 in the aforementioned scenario, you'll revert back to EEA 5.0.2214.

If the computers are in a domain, is ERA Service running in a domain administrator account or a local admin. account?

I've tested the password recovery feature by entering my nick in the form and subsequently received an email from the system. The website in question is not blocked; it's a malicious external script that is detected. In the future, feel free to report potential false positives to ESET as per the instructions here.

Are you having some issues with MS Outlook 2013 and v7.0.104 beta installed ?

Unfortunately, in the video you didn't click on the rule so we don't know if you actually had logging enabled or not. If logging when the rule is applied is disabled, HIPS behaves as expected and it won't log a thing unless you enable it for the particular rule.

The rules are sorted by action (Allow / Deny / Ask) and then alphabetically by the source application. I think this ordering makes it easier to look up a desired rule rather than if rules were sorted just by the time of creation.

As of v7, removable media control was replaced with Device control known from Endpoint which provides protection against many more devices than the previously used feature.

Please carry on as follows: - download Process Monitor and run it (it will start logging system operations) - run a scan with cleaning against a file infected with Win64/Expiro.A where the cleaning previously failed - stop logging Export your Threat log to a file and add it along with the Process monitor log to an archive. When done, upload the archive to a safe location (e.g. Dropbox) and pm me the download link.

Basically websites are blacklisted when they are found to host malware. Please report the url to ESET as per the instructions here.

HKCU actually points to HKEY_USERS\S-1-5-21-* (followed by group of numbers) where S-1-5-21-* is the current user's SID you'll find in the registry.

I actually provided you with a testing module on June 3 but you refused to install it. Anyways, today I've been trying to reproduce the issue with different ESET's products to no avail, I was always able to access the login page. The link to the video doesn't work, I'm getting "404 - File or directory not found".

It'd be dangerous to create general rules for any source application, hence it's not supported. You could try exporting your configuration, duplicating the HIPS rules and changing the application names to cover all the tools you use to accomplish this quicker.

I've run into the same adware today when visiting a site allegedly offering videos (blocked by ESET for quite a long time already) but the adware was downloaded instead. It should be enough to clean it by ESET.

This is due to an issue with the webhosting company, our IT guys have been working on it with them. The original and updated content should be back soon.

Does the problem persist after removing v6 as per the instructions here and installing it from scratch?

Check if the ERA Server service running in an administrator account.

Do you have the latest version of the ERA Server 5.0.511 installed? A quote from changelog: Fix: When updating the virus signature database, the process will hang at about 40% and possibly freeze ERAS