Marcos

If a 3rd party application uses the Trusted Root Certification Authorities certificate store, then it will work. Otherwise import of the root certificate must be supported specifically for the application. Firefox and Thunderbid use their own TRCA certificate store but are supported, hence SSL scanning works.

Please open the main setup (F5), navigate to Tools -> Diagnostics and enable creation of complete application memory dump (note the path where it will be created). When ekrn crashes, compress the dump, upload it to a safe location and PM me the download link.

If you open the Task manager, do you see egui.exe running? Isn't it that just the tray icon is not showing?

Although not a nice solution, you can work around it by setting the time interval 44640 minutes (60x24x31) between task execution.

Samples[at]eset.com is the only communication channel for disputing detections. According to the information from the virus lab, they responded and the receipt of the reply was confirmed on Whitesmoke's end. Any attempt to dispute detections regardless of the vendor will be closed here and the user will be advised to email samples[at]eset.com as explained above.

The reason why you weren't prompted for an action is mentioned in your post. If the connection is terminated, you'll see the following record in the Detected threats log: 19. 6. 2013 7:16:21 HTTP filter file hxxp://www.eicar.org/download/eicar.com Eicar test file connection terminated - quarantined %USER% Threat was detected upon access to web by the application: I'd like to emphasize that changing the default cleaning mode is not recommended. Switching it to manual cleaning may render your computer unusable if infected with ransomware for instance and you'll need to resort to using rescue cd to clean it out.

Does disabling real-time protection (just for a test) make a difference?

Please carry on as follows: - download Procdump - when you notice that ekrn consumes a lot of RAM (e.g. > 150 kB), create a complete application memory dump by running "procdump -ma ekrn" - compress the dump, upload it to a safe location (we can provide you with access to ESET's ftp server) and pm me the download link

This is ok and according to MS specification / requirements. Only very specific communications should be handled by Windows Firewall in this configuration.

Windows Firewall is not supposed to be disabled during installation of ESET Smart Security. However, if you open "Windows Firewall with advanced settings", you should see the message "These settings are being managed by vendor application ESET Smart Security". In order to determine whether prompting for an action by Windows Firewall is a bug or not, please provide step-by-step instructions how to reproduce it on our end. If you change the ESS firewall integration to "Personal firewall is completely inactive", it will have no effect on the system at all. Also try to change the integration type to "Only scan application protocols" which should disable only the firewall part.

The OpenCandy detection is not FP. This application is often bundled with free software and the detection is fully optional.

Please submit suspicious undetected files to ESET as per the instructions here instead of posting download links in this forum. ESET's users are basically protected against this quickly changing ransomware even if not detected by the on-demand scanner on VirusTotal.

Please submit suspicious undetected files to ESET as per the instructions here instead of posting download links in this forum. ESET's users are basically protected against this quickly changing ransomware even if not detected by the on-demand scanner on VirusTotal.

This is pretty expected. You removed Firefox from content filtering, ie. files downloaded via Firefox will not be scanned by Web access protection. As you wrote, malware was detected in either case; it doesn't matter whether a warning is displayed in a bubble or as a web page as long as malware is detected and blocked / removed.

Yes, AMS detections are currently logged with "unknown" in the Scanner column.

AMS does not scan files on a disk so clearly exceptions for files cannot be applied. Please provide me with more information about the file that you think is detected incorrectly in memory.

Please PM me more details as the DisallowRun policy is configured per user and affects only applications started via Explorer.exe which is not the case of ESET (unless you start egui manually).

Nobody has ever ignored this wish. It takes more than a year to prepare a version suitable for this purpose. The iso should fit cd so it will be a bit smaller than WAIK/WADK.

I use v7 for testing unrecognized malware from live malicious urls and AMS catches it in most cases. I look forward to seeing results of malware tests with v7

Perhaps the following warning applies to WIndows 8 under certain circumstances, too: Warning: If you are using the ESET Uninstaller tool to remove ESET Mail Security for Microsoft Exchange Server from Server 2008, you will be required to reinstall your network card drivers. Personally I haven't had a chance to try it on Windows 8 so if somebody has some experience with this, feel free to share. In the mean time, try reinstalling your network card drivers.

If ESET cannot be uninstalled from the former computer due to a problem starting and running Windows, you can simply use your U/P to download and install ESET on the new computer.

We'd need to get a complete application memory dump of egui.exe from the point it spikes up the cpu. On Windows XP, you can use Procdump (run procdump -ma egui.exe), on newer OS a dump can be created via the Task manager by right-clicking a process and selecting "Create dump file". You can also try installing the latest v6 from scratch by running this Uninstall tool in safe mode or try v7 beta.

If you enabled Parental control, there could be an issue receiving DNS reponses from ESET's servers. Could that be the case?

Please continue as follows: - compress the memory dump created during BSOD in c:\windows\memory.dmp by default - upload the package to a safe location (if possible, include a SysInspector log as well) - PM me the download link

Search for *.ndf files under c:\users or c:\documents and settings. Maybe you didn't look into the NetworkService or LocalService folders. This forum is not meant to be a replacement for Customer Care. It's meant for sharing knowledge among ESET users and to provide assistance with issues that can be solved reasonably quickly. For issues where further logs are required and that may require numerous iterations with a support personnel, we strongly recommend contacting Customer Care.