Marcos

We'll need a Wireshark log with the network communication captured from time when the error "Failed to configure EPNS resource" is logged.

The machine cannot connect to epns.eset.com. Also make sure that a newer OS than Windows XP is installed.

I'd suggest uninstalling the following applications that use drivers and see if the issue goes away: "WinDivert1.3" = "c:\program files\freedownloadmanager.org\free download manager\windivert32.sys" "TuneUpUtilitiesDrv" = "c:\program files\avg\avg pc tuneup\tuneuputilitiesdriver32.sys" "SysInfoDetector" = "c:\windows\system32\sysinfodetector.sys" "AscRegistryFilter" = "c:\program files\iobit\advanced systemcare\drivers\win10_x86\ascregistryfilter.sys" "AscFileFilter" = "c:\program files\iobit\advanced systemcare\drivers\win10_x86\ascfilefilter.sys" If removing these applications doesn't make any difference, try renaming the following drivers in safe mode: "HDD Filter Driver" = "c:\windows\system32\drivers\sahdia32.sys" ; Disk Filter Driver ; Corel Corporation ; "Volume Filter Driver" = "c:\windows\system32\drivers\saibia32.sys" ; Disk Filter Driver ; Corel Corporation ; "PxHelp20" = "c:\windows\system32\drivers\pxhelp20.sys" ; Px Engine Device Driver for 32-bit Windows ; Corel Corporation ;

Please stay tuned, we'll update you very soon.

If you know your registration email address, enter it here and you should receive a license email within a few moments: https://www.eset.com/int/support/lost-license/. Otherwise contact the seller from whom you purchased your license.

Of course : ) It was just a typo.

IDS monitors all communication unless you specify exceptions. Exceptions should be defined only in case of false positives.

This is an example of how Fortinet corrupts files. In the left pane you can see data being replaces with zeroes: Usually at offset 1MB (including HTTP header), a 73-byte section is zeroed. This problem occurs with large files like em002_32_l0.dll.nup, em002_64_l0.dll.nup, em002_64_l1.dll.nup, em023_64_l0.dll.nup, em023_64_l1.dll.nup. Not sure if creating an exception will be enough, please try.

Unfortunately you didn't run ELC as an administrator and therefore a lot of logs are missing. Please gather fresh logs with ELC run as an administrator.

To start off, please gather logs with ELC and upload the generate archive here.

Please provide us with: - ELC logs (with a registry dump included) - a Process Monitor log created at the time you make the selection about the LiveGrid feedback system - if possible, provide information about older versions that you had installed before if you installed newer versions on top without uninstalling the previous version.

There is a default task "Regular automatic update" which is run when the systems starts. There's usually no need to run another update when the gui starts. You might be surprised but there are still rural areas where dial-up is used by quite many people. Also when using DLS, one needs to connect first when the system starts which is also detected as a dial-up connection.

As far as I know, the Japanese partner has not released Endpoint v7 in Japan yet.

Couldn't it be that you use Fortinet or another firewall? It is a known issue of especially Fortinet firewalls that they corrupt update files.

The name of the application should be listed in the prompt window that pops up when an untrusted certificate is detected.

1, Update at logon has always been disabled by default: 2, "That suggestion should be submitted to the requested "Future Changes" thread." That's not really needed. This information was removed intentionally since the version of the detection engine doesn't matter much nowadays in the era of LiveGrid and streamed updates.

Not only an idea but reality. We've been using automated detections for years and this system has developed over time.

@sypticle The file itself is not malicious but suspicious which is not enough for a detection to be added. Please search for Serv.dll and submit it in an archive protected with the password "infected" and with a link to this topic included to samples[at]eset.com. Let me know when done.

Unfortunately, it is not possible to set automatic mode with exceptions via ERA6/ESMC. Since Endpoint v6.6/v7 has lower memory consumption than EPv5, I'd recommend trying to install it on a machine with 512 MB of RAM and see how it works.

This forum is by no means a channel for disputing detections or blocks. For instructions how to report possible false positives to ESET, please read https://support.eset.com/kb141/ . Honestly, just a brief look at the website suggests that the content is not 100% alright. Personally I've found there instructions to use a rogue or PUA software to remove malware. I'd suggest removing dubious content first and only then apply for a review. Having said that, we'll draw this topic to a close.

The behavior is correct. The version of the secure protocol can be determined without actually filtering the SSL/TLS communication which is also why blocking https sites partially work even with SSL/TLS filtering disabled. When narrowing down an issue , one should try disabling protocol filtering.

Since it's v9 which didn't use dll modules yet, the memory usage is pretty low. Upgrade to the latest v12 to lower memory usage even more and to improve performance and protection capabilities as well.

You should hear a sound signal after a scan has completed. I reckon it's "Asterisk" which is played.

When reporting issues with bank websites not opening in a secure browser, we need to know: - the bank url - browser and its version - if the issue occurs with other browsers - ESET product and its version + the version of the Banking and payment protection module

If the certificate was trusted, the prompt window wouldn't pop up and users would not need to choose an action and enter a password. Please provide a screen shot of the certificate details.