Marcos

It was fixed yesterday a few minutes after you reported it here.

You could set a maximum size of objects to scan or maximum archive nesting level in the ThreatSense setup for the particular on-demand scan profile. Of course, not scanning certain archives completely will not ensure that they are malware free.

Please carry on as follows: - enable network protection and update engine advanced logging in the advanced setup -> tools -> diagnostics - run update - stop logging - gather logs with ELC and provide me with the generated archive.

Not really: https://malwaretips.com/blogs/remove-inewcontentdelivery-info/

Have the scanner scan only one specific folder with more files that could not be scanned. This way you'll reduce the size of the Procmon log.

ESET doesn't integrate with Thunderbird, only the root certificate is imported to the Mozilla's trusted root CA certificate store.

An odd thing is that Chrome accesses other suspicious domains under a different account than the one the OP users. @Ian Ng, do you recognize that account? No wonder that the registrant is anonymized: Registrant Organization: PROTECTSERVICE, LTD. I'd try uninstalling Chrome and installing it from scratch using a new user profile.

That is not necessary since it's only the security research lab reachable at samples[at]eset.com that can comment on it. However, since we do not know yet what is behind this address, we won't be able to tell you more. I'd prefer not to unblock it unless the purpose of it and the company or person behind it is determined and a malicious or adware relation is ruled out.

If you were charged twice for ESET CyberSecurity (=ESET Antivirus for Mac), contact the seller for refunding your redundant purchase please.

Try switching to interactive mode and then run Skype. When prompted for an action, allow the communication and create a rule for it. Then you can switch back to automatic mode.

The attachment was either removed by email protection before it reached Outlook or it was detected and removed by the Outlook plug-in. The thing is it's nowhere to be found on your disk, neither in the pst file.

Smart scan is meant to be fast and to detect malicious files that can be executed right away. On the other hand, if one needs to scan the machine thoroughly he or she can use the In-depth scan profile which has scanning of archives enabled.

A Procmon log created during a scan might shed more light. Start logging at least a couple of seconds before you run a scan.

"Smart scan" doesn't scan inside archives by default. Maybe you used a custom or context-menu scan with archives enabled when the file was detected.

You should not basically notice any impact on free disk size if the log maintenance task is not run unless you have very huge logs which normally doesn't happen. You can also try switching to pre-release updates in the advanced update setup and upgrade to v12 when offered which has Scheduler revamped and a possibly related bug fixed.

If ESET cannot scan certain files, then any possible malware would not be able to modify them either,

C:\Users\Tino\Downloads\savilerow-1.6.4-windows.zip » ZIP » savilerow-1.6.4-windows/bin/minion.exe - a variant of Win32/Kryptik.AI trojan - action selection postponed until scan completion The Kryptik.AI detection is from 2008 so it could be a false positive. Please submit the zip file to ESET as per the instructions at https://support.eset.com/kb141/. If too big to email it, upload it to Dropbox, OneDrive, etc. and provide only a download link.

Since it will take more iterations to tackle the issue and probably also a dump will be needed, please contact customer care and create a support ticket.

You can post it here. Only moderators have access to attachments.

Please gather logs with ELC and provide me with the generated archive for perusal. Threats in archives do not pose any risk unless the malicious file are extracted at which point they are scanned by real-time protection. Also web access protection scans inside archives, therefore any such threats should be detected and removed upon download.

First of all, since this is an English forum we would like to kindly ask you to post in English next time so that moderators and other users can understand and help you. Yellow records mean handled detections (threats or potentially unwanted/unsafe applications).

Scan Log Version of detection engine: 18166 (20181005) Date: 10/5/2018 Time: 12:33:59 PM Scanned disks, folders and files: C:\Boot sectors/UEFI;C:\ C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\0ed42f57fd974675eb6d09ea3ce7b9c5_e60bb0d3-c763-4f6a-91c7-15c664ea4473 - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.bk - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\EventStore.db - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\VortexSchemaRequests.dat - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\osver.txt - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1920_1080_notdimmed.jpg - unable to open [4] C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\4D3D3BFB-F0B2-45CC-A9BC-A30CF4D9A4FD-0.bin - unable to open [4] C:\Documents and Settings\All Users\NVIDIA Corporation\NvFBCPlugin\logError.txt - unable to open [4] C:\Documents and Settings\All Users\NVIDIA Corporation\NvFBCPlugin\logNvFBCPlugin.txt - unable to open [4] C:\Documents and Settings\All Users\NVIDIA Corporation\NvTelemetry\events.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Google\Chrome\User Data\Default\Current Session - unable to open [4] C:\Documents and Settings\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\WebCache\V01.log - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\WebCacheLock.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe - unable to open [4] C:\Documents and Settings\User\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\AppData\Local\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Documents and Settings\User\AppData\Local\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Documents and Settings\User\Local Settings\Google\Chrome\User Data\Default\Current Session - unable to open [4] C:\Documents and Settings\User\Local Settings\Google\Chrome\User Data\Default\Current Tabs - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\INetCache\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\INetCache\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\UsrClass.dat - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\WebCache\V01.log - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\Windows\WebCacheLock.dat - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe - unable to open [4] C:\Documents and Settings\User\Local Settings\Microsoft\WindowsApps\MicrosoftEdge.exe - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Documents and Settings\User\NTUSER.DAT - unable to open [4] C:\Documents and Settings\User\ntuser.dat.LOG1 - unable to open [4] C:\Documents and Settings\User\ntuser.dat.LOG2 - unable to open [4] C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.1.3290.0_x86__8wekyb3d8bbwe\archives\data-30e19a8e53aa3bb4cd8490fe5335e47f35bac111.archive » ZIP » all.bpackages - archive damaged - the file could not be extracted. C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.1.3290.0_x86__8wekyb3d8bbwe\archives\data-30e19a8e53aa3bb4cd8490fe5335e47f35bac111.archive » ZIP » adconfigs/msstaticadsconfigoriginal.js - archive damaged - the file could not be extracted. C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.1.3290.0_x86__8wekyb3d8bbwe\archives\data-30e19a8e53aa3bb4cd8490fe5335e47f35bac111.archive » ZIP » adconfigs/msvideoadsconfig.js - archive damaged - the file could not be extracted. C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.1.3290.0_x86__8wekyb3d8bbwe\archives\data-30e19a8e53aa3bb4cd8490fe5335e47f35bac111.archive » ZIP » tuning/ui_layouts.tuningdata - archive damaged - the file could not be extracted. C:\Program Files (x86)\IObit\IObit Uninstaller\IObitDownloader.exe - a variant of Win32/IObit.L potentially unwanted application - action selection postponed until scan completion C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe - a variant of Win32/IObit.J potentially unwanted application - action selection postponed until scan completion C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ed42f57fd974675eb6d09ea3ce7b9c5_e60bb0d3-c763-4f6a-91c7-15c664ea4473 - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.bk - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\EventStore.db - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\osver.txt - unable to open [4] C:\ProgramData\Microsoft\Diagnosis\parse.dat - unable to open [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4] C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1920_1080_notdimmed.jpg - unable to open [4] C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4D3D3BFB-F0B2-45CC-A9BC-A30CF4D9A4FD-0.bin - unable to open [4] C:\ProgramData\NVIDIA Corporation\NvFBCPlugin\logError.txt - unable to open [4] C:\ProgramData\NVIDIA Corporation\NvFBCPlugin\logNvFBCPlugin.txt - unable to open [4] C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat - unable to open [4] C:\System Volume Information\IndexerVolumeGuid - unable to open [4] C:\System Volume Information\MountPointManagerRemoteDatabase - unable to open [4] C:\System Volume Information\WPSettings.dat - unable to open [4] C:\System Volume Information\Wcifs.md - unable to open [4] C:\System Volume Information\klBackupDepository.dat - unable to open [4] C:\System Volume Information\{052e9757-c41b-11e8-931f-0862664c1ba6}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\System Volume Information\{052e9cda-c41b-11e8-931f-0862664c1ba6}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\System Volume Information\{1b7e0d2c-c584-11e8-9324-0862664c1ba6}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\System Volume Information\{1b7e0d39-c584-11e8-9324-0862664c1ba6}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\System Volume Information\{3ab5a556-bccb-11e8-92f4-0862664c1ba6}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\System Volume Information\{6fe0abd8-c29d-11e8-9318-0862664c1ba6}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4] C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0ed42f57fd974675eb6d09ea3ce7b9c5_e60bb0d3-c763-4f6a-91c7-15c664ea4473 - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.bk - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\EventStore.db - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\VortexSchemaRequests.dat - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\osver.txt - unable to open [4] C:\Users\All Users\Microsoft\Diagnosis\parse.dat - unable to open [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4] C:\Users\All Users\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1920_1080_notdimmed.jpg - unable to open [4] C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\4D3D3BFB-F0B2-45CC-A9BC-A30CF4D9A4FD-0.bin - unable to open [4] C:\Users\All Users\NVIDIA Corporation\NvFBCPlugin\logError.txt - unable to open [4] C:\Users\All Users\NVIDIA Corporation\NvFBCPlugin\logNvFBCPlugin.txt - unable to open [4] C:\Users\All Users\NVIDIA Corporation\NvTelemetry\events.dat - unable to open [4] C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session - unable to open [4] C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4] C:\Users\User\AppData\Local\Microsoft\Windows\WebCacheLock.dat - unable to open [4] C:\Users\User\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe - unable to open [4] C:\Users\User\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Users\User\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Users\User\AppData\Local\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Users\User\AppData\Local\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Users\User\Local Settings\Google\Chrome\User Data\Default\Current Session - unable to open [4] C:\Users\User\Local Settings\Google\Chrome\User Data\Default\Current Tabs - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\INetCache\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\INetCache\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\UsrClass.dat - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\WebCache\V01.log - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4] C:\Users\User\Local Settings\Microsoft\Windows\WebCacheLock.dat - unable to open [4] C:\Users\User\Local Settings\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe - unable to open [4] C:\Users\User\Local Settings\Microsoft\WindowsApps\MicrosoftEdge.exe - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4] C:\Users\User\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4] C:\Users\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{68425FC4-862A-4F55-8AEE-65B057FE3E71}.tmp - unable to open [4] C:\Users\User\Local Settings\Temporary Internet Files\Content.Word\~WRS{EF4C856D-444A-4D64-8D4A-5CF0026D84D0}.tmp - unable to open [4] C:\Users\User\NTUSER.DAT - unable to open [4] C:\Users\User\ntuser.dat.LOG1 - unable to open [4] C:\Users\User\ntuser.dat.LOG2 - unable to open [4] C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_4.0.1301.0_x86__8wekyb3d8bbwe\archives\data-84580d8cee4b84f391ccd24f3d770d5b1418cddd.archive » ZIP » all.bpackages - archive damaged - the file could not be extracted. C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_4.0.1301.0_x86__8wekyb3d8bbwe\archives\data-84580d8cee4b84f391ccd24f3d770d5b1418cddd.archive » ZIP » audio/init.bnk - archive damaged - the file could not be extracted. C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_4.0.1301.0_x86__8wekyb3d8bbwe\loc_archives\en-gb\loc.archive » ZIP » localization/en-gb/fontmapping.fontmapping - archive damaged - the file could not be extracted. C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_4.0.1301.0_x86__8wekyb3d8bbwe\loc_archives\en-gb\loc.archive » ZIP » localization/en-gb/import.binloc - archive damaged - the file could not be extracted. C:\Windows\Resources\Themes\aero\VSCache\Aero.msstyles_1033_96_01.mss - unable to open [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - unable to open [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - unable to open [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - unable to open [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - unable to open [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - unable to open [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{0265876E-8129-42E8-BF9D-AF6BC06C8BA6}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{06F7002A-7CBE-4DCA-A8C7-28F0B922C62B}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{1B49F38B-681B-40D9-A182-938CE139BDF8}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{23337D18-2FED-48D7-8E10-72D4771EAD39}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{30BE55B3-D1B0-49C0-AD89-E2E1E8D3FC06}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{4281EE65-C857-409E-A3F2-C7C141985FB2}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{5966D78A-E707-49D5-A7DB-85933E1689F3}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{5C58E330-F3EA-4830-8763-6FA1230D11AA}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{5E86640D-FC35-474B-B365-7561772EB3CC}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{66E7923F-1F06-4696-8F54-1B28C67B28C0}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{6B578F65-D1AC-4566-90D1-46A4DE795E90}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{A917146B-7CE7-4DAB-B605-751B46C16C6C}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{AD9AA779-DC20-4D11-B54D-4F8E28CD54F9}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{BF077333-C787-4B19-A082-89476EBA9A19}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{C0E64C84-42CF-4FC0-9BCD-844B4750B174}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{EF6BD318-AB29-443F-AD62-4666325D7CD4}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{F46E2347-B3DE-4B71-AC25-75ACC8CFD4A1}.etl - unable to open [4] C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRT{FDC58D0D-1236-4987-8DE1-3DCB07C2D07A}.etl - unable to open [4] C:\Windows\System32\config\BBI - unable to open [4] C:\Windows\System32\config\BBI.LOG1 - unable to open [4] C:\Windows\System32\config\BBI.LOG2 - unable to open [4] C:\Windows\System32\config\DEFAULT - unable to open [4] C:\Windows\System32\config\DEFAULT.LOG1 - unable to open [4] C:\Windows\System32\config\DEFAULT.LOG2 - unable to open [4] C:\Windows\System32\config\RegBack\DEFAULT - unable to open [4] C:\Windows\System32\config\RegBack\SAM - unable to open [4] C:\Windows\System32\config\RegBack\SECURITY - unable to open [4] C:\Windows\System32\config\RegBack\SOFTWARE - unable to open [4] C:\Windows\System32\config\RegBack\SYSTEM - unable to open [4] C:\Windows\System32\config\SAM - unable to open [4] C:\Windows\System32\config\SAM.LOG1 - unable to open [4] C:\Windows\System32\config\SAM.LOG2 - unable to open [4] C:\Windows\System32\config\SECURITY - unable to open [4] C:\Windows\System32\config\SECURITY.LOG1 - unable to open [4] C:\Windows\System32\config\SECURITY.LOG2 - unable to open [4] C:\Windows\System32\config\SOFTWARE - unable to open [4] C:\Windows\System32\config\SOFTWARE.LOG1 - unable to open [4] C:\Windows\System32\config\SOFTWARE.LOG2 - unable to open [4] C:\Windows\System32\config\SYSTEM - unable to open [4] C:\Windows\System32\config\SYSTEM.LOG1 - unable to open [4] C:\Windows\System32\config\SYSTEM.LOG2 - unable to open [4] C:\hiberfil.sys - unable to open [4] C:\pagefile.sys - unable to open [4] C:\swapfile.sys - unable to open [4] Number of scanned objects: 332794 Number of threats found: 0 Number of cleaned objects: 0 Time of completion: 12:36:44 PM Total scanning time: 165 sec (00:02:45) Notes: [4] Object cannot be opened. It may be in use by another application or operating system.

When installing ERA/ESMC agent on a machine with Endpoint v5 that has been reporting to ERA v5, the agent will change EPv5 settings so that it reports to the agent. The agent itself will provide communication with your ERA/ESMC server then. If your Endpoint v5 is already reporting to your ERA server, the agent won't change anything in Endpoint's setup. Whether to set up an ESMC server from scratch or upgrade ERA to ESMC depends on whether you want to keep current ERA data. If you can afford installing EMSC from scratch and then re-deploy the ESMC agent on clients, I'd suggest going this route.

There several domains like that on the IP address, neither of which seems kosher by the looks of them:

Yes, "Replace" will replace / overwrite the rules completely. If you want to merge fw rules from both policies and want the "Policy 1" fw rules to take precedence over the "Policy 2" rules, use "Append" instead of "Replace" for the fw rules in "Policy 2".