Marcos

This is a known issue. Please refer to https://forum.eset.com/topic/16476-after-upgrade-agent-to-v7-old-agent-is-also-visible/?do=findComment&comment=81383.

What error is listed in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or trace.log? If possible, post them here. I assume you have already upgraded ERA Server v6 to ESMC, haven't you? In case you still had ERA v6 installed, Agent v7 would be unable to communicate with it.

Try performing a factory reset of your router and install the latest version of firmware. What brand / model of the router do you use? Is the threat detected on every device connected through the router? Should the problem persist, change the router for another brand if you can. Should the problem persist, there's a change that the CoinMiner script is already injected at your ISP.

This is the place where you define file exclusions. They are applied to all scanners, including real-time protection: I wonder if you could provide some examples of exclusions you need to create and why. Basically the product should work alright without any exclusions defined. Each exclusion creates a potential security hole so we encourage users not to exclude anything unless inevitable. If exclusions need to be used, we'd like to hear about real use cases since we'd prefer to find another solution than using exclusions.

Also it appears there is already a newer Insider Preview build 17751 in the fast ring. Let's see if installing it resolves the issue. In the mean time I'll check with QA engineers if they are aware of any incompatibility issues with recent IP builds.

It doesn't mean that ESET is the culprit. Please read https://www.bleepingcomputer.com/news/google/google-chrome-showing-alerts-about-incompatible-applications/.

I recall there's a problem with slow connection to the repository servers from Australia but we should come up with a solution soon. My colleagues will correct me, if needed.

I'm not able to reproduce it. A detection is triggered but Chrome doesn't crash. Perhaps knowing the exact version of Chrome, operating system, ESET product and version of installed ESET modules along with step-by-step instructions would help us reproduce it:

There is already another topic on this detection. The ads provider will need to take certain steps and cease providing PUAs, malware, etc. via ads. To prevent duplicate topics, we'll draw this one to a close.

This has been already discussed in another topic. The problem is with ExoClick ads that are used on the website. One of the images was removed. Posting sexually explicit images is strictly prohibited in our forum To prevent duplicate topics, we'll draw this one to a close.

Since everything has been said and explained, we will draw this topic to a close. It's ExoClick's turn now.

Exoclick can contact us directly and we will explain them what the problem is. Our primary goal is to protect our users. The detection will remain unchanged until Exoclick sorts out the issues.

Please report incorrect website blocks to ESET as per https://support.eset.com/kb141/.

Again, the website was not blacklisted but it was a dodgy javascript that was detected there. Removing the script allowed users to visit the website without the html code being detected and blocked.

In this case it's probably a local infection because of the wscript.exe process. Please gather logs with ELC on that machine and provide me with the generated archive.

If you have an opportunity to try a router of a different brand, please do so and let us know if the issue goes away. I'd also suggest trying SysRescue and the browser included with it to see if the alert is still triggered to rule out a local system infection.

As itman said, the website is not blacklisted. It was a javascript that was detected and that might have been removed in the mean time by an admin of the website so it's no longer detected by ESET.

If you don't need telnet, disable it in your router's setup.

AdwCleaner detects also benign stuff / leftovers that are not normally subject to detection. Without getting and analyzing what it detected it's impossible to tell if that stuff was supposed to be detected or whether it was a false positive by AdwCleaner. Moreover, AdwCleaner is not an antivirus and works differently than AVs. Let's stay on topic, don't turn this topic into a A vs B discussion and keep polite tone.

You have a rootkit in the system. In safe mode, delete the files c:\windows\system32\drivers\winmon.sys and c:\windows\system32\drivers\winmonfs.sys. If necessary, boot from a clean medium (e.g. ESET SysRescue) first.

This is dangerous and not recommended to do since you won't be protected when opening malicious websites or downloading malware. Please enabled advanced protocol filtering logging and advanced network protection logging in the setup under Tools -> Diagnostics, reproduce the issue. When done, disable logging, gather logs with ELC and provide me with the generated archive.

Protecting you from malicious websites and scripts is not a serious mistake but something that a security product is supposed to do and expected to do. The fact that you opened the website with Web protection disabled which subsequently caused the browser to crash is not ESET's fault. We cannot prevent users from deliberately pausing protection and subsequently opening websites containing malicious or otherwise dangerous stuff.

As for Adguard, please read https://forum.eset.com/topic/16066-112490-causes-netiosys-bsod-on-win10/. Try uninstalling it and let us know if it makes a difference. Should the problem persist, does it occur only with https websites and http websites open alright?

We have double checked the detection and what has been reported to be detected. We confirm the detection is correct, only a small correction to it will be made. It detects scripts that often server malicious ads delivering PUAs and malware. There's also connection with child pornography and the JS/Chromex.Submelius malware.