Marcos

Unfortunately you forgot to include the website on which the revoked cert. was reported. Please check the server via https://www.ssllabs.com/ssltest first. If it reports a revoked certificate, then the cert. is really revoked and an owner of the website should replace it with a valid one.

What website was the threat detected on?

The VPN which has been recently added in Ultimate subscription is a 3rd party softare not developed by ESET. If you have purchased the subscription for the purpose of installing VPN on your mobile phone, the refund policy should apply and there should be no problem refunding you the money if you contact the distributor or seller who sold the license and request a refund.

We expect it to be released gradually in the following days.

We were unable to reproduce the crash neither on Windows 10 nor Windows 11. Please run the following command as an administrator: reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ESETOnlineScanner.exe" /f /v DumpType /t REG_DWORD /d 2 Then run ESET Online Scanner and reproduce the crash. WER will show you the path to a generated dump, please supply it for perusal.

The system has not been restarted in the last 7 days. Restarting it should fix the issue.

A developer would like to check a manually generated dump of ekrn.exe when HTTP/3 checking is enabled in gui. Please open the advanced setup, navigate to Tools -> Diagnostics. Make sure that "full dump" is selected in the drop-down menu and click "Create". Then provide the dump created in C:\ProgramData\ESET\ESET Security\Diagnostics zipped in an archive.

The logs were most likely created at the time when the issue could occur so they are not useful at this point. Hence I asked if you had been experiencing the issue recently (ie. in the last 4-5 days). Turning on or off HTTP/3 traffic filtering has no effect on network communication currently.

You can update from the pre-release update channel to get Internet protection module 1475.1 or wait until it's updated automatically from the regular update channel.

When did you test it? It should have no effect on the issue unless you made the test days ago.

In that case I assume that the issue won't go away after turning off HTTP/3 network traffic filtering. Could you confirm? Did it use to work with v17.0.16?

Are you still having issues today? Have you recently rebooted or turned off/on the machine?

Quarantined files are stored in an encrypted form so there is no chance you could run malware by going to a quarantine folder and double-clicking a file.

This Quick questions forum is for guests and does not require registration as it serves only for quick questions. It was not meant for reporting issues according to this forum rules: 4, Ask only simple questions. If you want to report an issue, inquire about your license, etc., create a forum account first. This forum is not intended for lengthy discussions. A correct procedure for reporting issues is by raising a support ticket. Should you want to report an issue in this forum in the future, please sign up first and make a post in the appropriate product forum. As for the issue, the whole problem is that Nodejs does not use the system trusted root CA certificate store while there is a bunch of Nodejs malware that our and other AV users want to be protected against at the network level. We hope that Nodejs will use the system TRCA cert. store in the future to allow that. We have provided possible workarounds in this topic. We have reported the issue to developers on Friday, ie. today is the first work day since the report. We are already testing Internet protection module 1475.1 with a fix which will be available on the pre-release update channel shortly, with release on the regular update channel to follow soon.

Support for blocking USB tethering is already on the improvement list for future versions.

If you use a Device Control policy with blocking rules, you should not use the pre-pend method in regard to local settings, otherwise the policy will always take effect regardless of permissive rules you would create locally:

It confirms my suspicion that something is continually pushing the ESET installer on the clients. Could you check in the ESET PROTECT console if you have a software install task assigned to some of the dynamic groups?

For more information about ESET technology, please read https://www.eset.com/int/about/technology/. ESET's key benefits are small system footprint and very small number of false positives while maintaining high level of protection from threats and potentially unwanted and unsafe applications. We actively listen to our customers and strive for tailoring our products to your needs. ESET also provides a top-notch XDR solution ESET Inspect (both an on-prem and cloud version) as well as ESET Managed Detection & Response services for SMB and Enterprise customers which are 24/7 threat management services, using AI and human expertise to deliver world-class ransomware protection without the need to maintain in-house security specialists (https://www.eset.com/int/business/services/managed-detection-and-response/). I would suggest to contact your local ESET distributor or reseller who can provide you with test results and comparison with competitive security products.

This is caused by a change in the latest kernel. We are working on an update which will take some time. As a workaround, you can rollback to kernel 6.1.0-18-amd64. P_EFSU-4276

If a policy that blocks the USB drive is pre-pended to the local Device control rules, then the only option to allow it in override mode is by disabling Device control.

It is for sure that the files are created by Windows Installer. Maybe ESET installation is being pushed to the machine in certain intervals. Please provide a Procmon boot log. Stop logging after a reboot only after the temp files have been created. Do not keep Procmon logging for a longer time than a few minutes.

Please raise a support ticket to find out if the device has a serial number at all.

The names suggest that the files were created by Windows Installer. Is there any reason why you suspect them to be related to ESET?

From the screenshots it is not clear what are the names of the tmp files so we can't tell if they were generated by ESET or not. Please provide some name of the tmp files. ESET may created temporary files in the user or system temporary folders, not in the Installers folder. There should be just the msi installer that was used for installation of ESET.

Please provide the logs as requested since we had a suspicion that the on-demand scan was not configured properly. 1, The difference is very likely caused by a little number of whitelisted files. Non-whitelisted (untrusted) files are re-scanned after each module update. 2, Files referenced by shortcuts are scanned. However, if they are trusted/whitelisted they should not be scanned each time. I've made a test by creating a shortcut to a 360 MB sfx file. While the first scan took about 7 minutes, after re-scanning the shortcut the scan ended immediately. 3, Perhaps the files inside the folder were hidden. If certain files were scanned, then they must have been there.