Marcos

In order to prevent duplicate topics on the same subject, we'll draw this one to a close. Please continue at https://forum.eset.com/topic/16066-112490-causes-netiosys-bsod-on-win10/. We need to know if uninstalling other security software, such as Zemana AM, makes the issue go away.

In the dump I got last time there was a Zemana driver. Please uninstall any other security sw that you have installed and let us know if BSOD still occurs. Also please drop me a private message with ELC logs so that I can check what software you have installed.

Error 20003 means "Cannot connect to host", 20006 means an error while sending. Are you able to open https://edf.eset.com/edf in a browser on those machines? It should display a short xml. If the machines connect directly to the Internet, does it make a difference? Should the problem persist, enable advanced logging as follows and try to activate the product again. Then disable logging, gather logs with ESET Log Collector and provide the generated archive to customer care for perusal. You can also drop me a message with the logs attached.

Did you disable protocol filtering or pop3/imap scanning ?

I've found Zemana's driver zamguard64.sys loaded. Please at least temporarily uninstall any other 3rd party security software while troubleshooting the issue.

Unfortunately, minidumps contain too little information to determine the cause. Please configure Windows to generate complete or at least kernel memory dumps: https://support.eset.com/kb380/

Is the application detected by ESET? If so, please post a complete detection record from the Detected threats log.

Yes, firewall can be enabled via a policy too:

To fix the problem with import of the root certificate, continue as follows: - disable SSL/TLS filtering - reboot the machine - without launching any browser, re-enable SSL/TLS filtering - after a few seconds, launch a browser and try to open an https website. As for the HIPS error, the best would be if you could provide us with a complete memory. To generate one, configure the system as per the following KB and trigger a crash when you start the computer and the error is reported: https://support.eset.com/kb380 When done, compress the dump, upload it to a safe location and drop me a private message with a download link. Also please provide logs gathered by ESET Log Collector.

http://update.eset.com/eset_upd/ep6/dll/update.ver doesn't obviously exist. What exist are folders with update.ver http://update.eset.com/eset_upd/ep6/update.ver and http://update.eset.com/eset_upd/ep6.6/dll/update.ver. Update.eset.com is the default update server from which the initial update.ver is downloaded. I assume the path is hardcoded in the mirror tool and in such case it's incorrect for v6 update files. We'll check it out.

If you have a kernel or complete memory dump from the crash, please upload it to Dropbox, OneDrive, etc. provide me with a download link.

Use the arrows to move rules in the list:

Eset any feedback on this? isn't useful? pls. First of all, this topic serves for gathering various ideas from users and we normally do not confirm or deny whether a particular idea will be accepted and implemented. In this case, I for one, don't see any real use case for blocking network communication when the screen saver is active.

1, From the ERA console you send a product activation task where you also select a license to be used for activation. Make sure that you have added your license in Admin -> License management: 2, You receive a license key shortly after the purchase within a registration email. It doesn't matter if you activate Endpoint manually on a client or from ERA.

A computer restart is needed after uninstallation or upgrade in order for drivers that are loaded to be removed. Do that during the regular server maintenance if the server cannot be restarted.

I'm sorry, it was a typo. The latest version is 11.1.54. V11.2.49 is being distributed to users with pre-release updates and will be released for the general public within the next few days.

Sometimes ESET can upload files with a suspicious behavior or characteristics to LiveGrid. However, it should upload dozens of MB and exhaust the bandwidth for a longer time. Do you know by chance what server it was connected to?

To accomplish that, after creating the necessary rules switch the fw to the policy-based mode.

What operating system do you use? If Windows XP, any http(s), pop3(s) and imap(s) communication appears to the system and other applications as it was coming from ekrn since it works as a local proxy for filtering the communication.

I for one don't think that having a rule with no source and target applications selected but limited to specific operations should be considered too general.

As Cyberhash wrote, ESET's firewall is not just as simple as the Windows firewall. Not only can ESET protection modules communicate with each other, providing the others with information contributing to better detection and protection, but the ESET firewall also provides Botnet and Network protection modules. That said, even if malware bypassed all protection layers, the firewall can identify it based on the communication protocol which is not that easy to update to evade detection. Also in network environment, Network protection protects the system from malicious exploits in network communication protocols such as SMBv1. As a result, it protected our users from the infamous WannaCry ransomware spreading from unpatched computers already at the network layer.

Version 11.2.49 is currently available only as a program update for those with pre-release updates enabled. It will be released as an installer within the next few days. Of course, it won't solve issues you are probably having with Windows 10 Insider Preview since it's Windows itself that needs to be updated in order for the issue to go away.

Do you mean this is somehow related to ESET?

ESET cleaned malware from the registry since the first version for Windows was introduced years ago and the cleaning has been gradually improved over the years.

It's not possible to wait with execution for several minutes, otherwise the system could become unusable. That will work only with mail servers and scanning email attachments.