Marcos

Never seen such issue reported by our users. We don't write to the registry a lot; basically it's only information about modules and settings written to the registry, if changed. Are you reproduce it by manually triggering backups several times in a row? If so, then you could try temporarily uninstalling ESET and see if the issue occurs even without ESET.

The dump was passed to developers for further analysis. We'll keep you posted.

It appears that phishing has been removed. The website will be unblocked.

We have pinpointed a memory leak in the memory dumper. A fix is being reviewed and will be released through an automatic module update next week.

I would say one month at maximum until the release.

What website did you want to report?

One more thing, if you want to use a custom message with graphics, you will have to block access via Web Control and not via URL management: In Web Control wildcards are not supported so just create a URL-based blocking rule for facebook.com.

To get rid of this error, you must have SSL filtering enabled. Then you should get the yellow notice that I posted above. The error is displayed by Chrome so we cannot do anything about it until protocol filtering is enabled in Endpoint. Please provide me with logs collected with ELC from the client so that I can check if everything is set up correctly in Endpoint.

Please provide me with logs collected with ESET Log Collector on the troublesome machine.

I'm trying to simulate the error but so far I was only able to get this one with SSL filtering disabled: Normally you should get this notification:

In order to block facebook, do the following: - add *facebook.com* in the list of blocked addresses - make sure that SSL filtering is enabled - make sure that communication with trusted domains is not excluded (by default it is) - in order for filtering to work in Chrome, QUIC protocol needs to be disabled as per https://support.eset.com/kb6757/

As far as I know, it takes some time until the icons will appear in the ESMC console. How long has it been since agent and Endpoint were installed?

For a start please provide logs collected with ESET Log Collector.

What version of Endpoint do you have installed? Do you have SSL filtering enabled? What browser and version do you use? What website did you attempt to block and how did you block it in a policy? Did you block it via Web Control or Web access protection -> URL address management ?

Signtool cannot be used to determine if a dll is properly signed to meet requirements for protection of anti-malware services introduced by Microsoft in Windows 8.1. To our best knowledge, if a dll meets requirements can only be determined via a debugger and there's no command line tool that could be used for that. In a debugger you'd get a message like

I'm not getting any alert and the url is not on the blacklist either. Please provide logs collected with ESET Log Collector.

Unfortunately there are no news from Microsoft yet.

You must have an older v6.6 installed (6.6.0.0 – 6.6.2063 are affected) so upgrade to v7 will surely fix it and the notice will go away then.

If restoring ehdrv.sys in C:\Windows\System32\drivers after booting from another medium doesn't make any difference, then the cause of BSOD must be different. If you a memory dump was created during a crash (typically in c:\windows\memory.dmp), copy it, upload it to a safe location and drop me a message with a download link.

Please make sure that you have Translation support module v1746 installed and used by ESMC. It was released 2 days ago.

Check the reason why the emails are evaluated as spam. If it's because of an IP address or host being on a cloud blacklist, you can report it to ESET as a possible FP. Before releasing such email from quarantine, you'll need to add the address to the appropriate allowed address list.

Please provide a Procmon log from a failed update attempt as per https://support.eset.com/kb6308. In particular, start logging with Procmon, run update and after it has failed, stop logging. Then save the log, compress it and provide it to me for perusal.

It sounds like a scam website that opened. If it opens when you enter www.google.com in the address bar, then your computer is either infected (e.g. hosts file was modified) or your router was hacked. There's also a chance that your ISP became a victim of a DNS spoofing attack but that's rather unlikely. You can try using a different browser, setting Google DNS servers 8.8.8.8 and 8.8.4.4, resetting your router to factory settings, etc. If it's possible to copy the address, please copy and paste it here, however, make sure that the address is non-clickable. Or at least post a screen shot of it with the address included in the screen shot.

It sounds like ehdrv.sys was removed from the disk but was not unregistered properly from the registry. Since booting in safe mode is not possible, I'd recommend: - creating a bootable medium (e.g. ESET SysRescue) on another machine and booting the OS from it - copying C:\Windows\System32\drivers\ehdrv.sys from another machine to that folder on your machine If you want, I can upload the driver for you somewhere. Just let me know if you have a 32 or 64-bit OS and what version of ESET you have installed.