Marcos

AdwCleaner detects also benign stuff / leftovers that are not normally subject to detection. Without getting and analyzing what it detected it's impossible to tell if that stuff was supposed to be detected or whether it was a false positive by AdwCleaner. Moreover, AdwCleaner is not an antivirus and works differently than AVs. Let's stay on topic, don't turn this topic into a A vs B discussion and keep polite tone.

You have a rootkit in the system. In safe mode, delete the files c:\windows\system32\drivers\winmon.sys and c:\windows\system32\drivers\winmonfs.sys. If necessary, boot from a clean medium (e.g. ESET SysRescue) first.

This is dangerous and not recommended to do since you won't be protected when opening malicious websites or downloading malware. Please enabled advanced protocol filtering logging and advanced network protection logging in the setup under Tools -> Diagnostics, reproduce the issue. When done, disable logging, gather logs with ELC and provide me with the generated archive.

Protecting you from malicious websites and scripts is not a serious mistake but something that a security product is supposed to do and expected to do. The fact that you opened the website with Web protection disabled which subsequently caused the browser to crash is not ESET's fault. We cannot prevent users from deliberately pausing protection and subsequently opening websites containing malicious or otherwise dangerous stuff.

As for Adguard, please read https://forum.eset.com/topic/16066-112490-causes-netiosys-bsod-on-win10/. Try uninstalling it and let us know if it makes a difference. Should the problem persist, does it occur only with https websites and http websites open alright?

We have double checked the detection and what has been reported to be detected. We confirm the detection is correct, only a small correction to it will be made. It detects scripts that often server malicious ads delivering PUAs and malware. There's also connection with child pornography and the JS/Chromex.Submelius malware.

Files with the bip extension are legitimate files that were encrypted by Filecoder.Crysis. They are not subject to detection. Please provide me with logs gathered by ELC and with another tool that I'll provide you with via a personal message.

I'm not a Lotus Domino expert but I assume it generates some logs where you could trace from which IP addresses the spam was sent from. Then I'd gather ELC and ESVC logs from that machine for perusal.

It is not possible. We use Process Monitor to find out which files are processed by ESET (may not necessarily be scanned).

This is from one of the compromised websites, looks like a heavily obfuscated JS. Below is an already beautified excerpt from it : Do not disable protection to circumvent the detection / protection or you may get infected. Not sure what the script exactly does but it doesn't look nice and I'd never want such script to be run unless provided by a highly trusted entity.

If the alert is triggered when visiting a particular website, avoid visiting it. If it's blocked immediately when a browser is launched, disable all extensions and enable them one by one until you find the one which is triggering the alert and remove it.

That is ok. The address serves just for the purpose of redirection and no such request is actually sent out. It's a recent change in Chrome that causes Chrome to report "Not secure" for all http websites. A secure browser with a bank's website and https address in the address bar should open in a new window.

Try running the browser without extensions. Also you can try another browser to see if the threat is detected.

Since the malware has been removed, the website will be removed from blacklist momentarily.

If they don't run their own mail server, then they cannot use products for mail servers.

Do you mean that if you go to your bank's Internet banking website, it uses http connection instead of https? Could you post a screen shot?

Since this is an English forum, please post in English, otherwise moderators and most of other users will not understand it and won't be able to help you. Please provide a more accurate description of the issue that you are having. How is it related to ESET?

I'd like to check ELC logs from this machine as well as a Procmon log from the time of launching Chrome but that should be discussed further in a new topic.

I reckon it was added on the to-do list in the past, however, since resources are generally limited, each requirement/improvement has its priority and severity set and the more important ones are worked out first.

We'll need ELC logs from the machine. Something is causing ekrn to take too long to start until it times out.

There's no change. Wildcards in firewall rules are not supported.

Please provide step-by-step instructions to reproduce the issue. Also make sure that QUIC protocol is disabled in Chrome: https://support.eset.com/kb6757/.

1, Since AT works also on older operating systems, I assume that the Win10 location services doesn't need to be enabled. 2, A photo is taken only when you run AT test or when you mark the device as missing in the AT portal.

I meant especially real-time protection and the on-demand scanner. Would it be possible to provide me with an exported configuration of the installed ESET product at least?

Are you using ESMC or ERA v6.5? Is it agent v6.5 or v7 that is installed on the client? What OS is installed there? Does C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or trace.log on the client show any error ?