spc3rd

Peteyt is correct that the 'slim' version of CCleaner is typically not available for download right away. In my own experience, it usually has been about 5 or 6 days before the slim version becomes available (which is what I use). For anyone interested, there is an article (by Martin Brinkmann) at ghacks where you can read more detailed info about the Avast! acquisition of Piriform (link shown below): https://www.ghacks.net/2017/07/19/avast-acquires-piriform-makers-of-ccleaner/ Cheers!

Just a little note of interest here FWIW, Piriform (and its various products, such as, CCleaner, Speccy, Defraggler, etc) has now been acquired by Avast! (back in July 2017).

Thanks very much for that info, cyberhash!

Good morning, My old computer 'died' on me a couple of days ago. It had ESS v10 on it (just renewed the license this month). My question: Could someone explain how I can reinstall ESS on this new computer? Maybe I'm not looking in the right place, as I haven't been able to find anything that describes what to do in this type of situation. Thank you for your time and any help! Pete

Many thanks to everyone who has replied to my inquiry! The info you've each provided is definitely a big help to me! For the time being, I'll just leave all the settings the way they are and see how it goes. If the need arises...I know I can always return here to get great help! Cheers! Pete

Hi COStark26 and thanks very much for your reply - which is reassuring! The method you described for determining where changes have been made from the 'default' does seem to be the only way to go, though it will definitely be a lengthy process for me. I do have my daily scheduled scans set to "Smart Scan" as that is what I saw recommended here in the forums earlier this year. You mentioned that you had clicked on the [DEFAULT] button to reset everything in v10 to its default settings. Was that the default button shown at the bottom left corner of the "Advanced Setup" window/page? One of the reasons I decided to purchase ESS back in February of this year was because I'd posted an inquiry asking if ESS was a program that would not require a lot of tweaking. The responses I received indicated ESS would work just fine with the default settings it comes with. Perhaps I should try clicking that 'default' button and set the firewall to "Learning Mode" for a week or so & see how things go. I also changed the Windows Update setting in ESS so it will not display any alert. Since March, getting Windows Updates to install on 'Patch Tuesdays" has been nothing but a major, on-going headache. (I've had to get help over at the Sevenforums several times). Thanks again for your feedback! Pete

Hi again Tom, I upgraded over top of version 9 (i.e. I didn't uninstall v9 first). I downloaded the executable application (eset_smart_security_live_installer_us.exe), closed Firefox, then went to my Desktop screen and clicked on the file to do the upgrade. The computer was restarted and ESS performed a scan and something else. It didn't ask me for my license number or anything similar. As I mentioned, those light blue icons show how many things were changed from their default setting. Unfortunately, I have no way to know just which settings were changed. I see on the "Advanced Setup" screen there is a button on the bottom left side of the screen which says [DEFAULT]. I'm guessing...if I were to click on it - - ESS would revert everything back to their default setting - and those blue icons would disappear (or not)??? When I first began using ESS during the trial period back in late January-February, I did set the Firewall to Learning Mode for a period of time, then it returned to the default mode. Unfortunately, age and deteriorating health issues are taking their toll, so I have a harder time trying to understand a lot of the 'tech stuff'. I'm wondering now if there is a way for me to go back to using ESS version 9. That version worked well for me - but I'm not seeing anything here that provides the steps I should take to go back to version 9. Much obliged for your help! Pete

. Your saved exported settings are what's impacting it.Untitled.jpg Hi Tom and thanks for getting back with me! You've sort of 'lost me' with the last part of your quote above. I'm puzzled as to how the Settings exports I've done (when v9 was being used) and saved in the "My Documents" folder on the HDD could be causing these blue icons to be displayed? It would seem that during the upgrade process from ESS v9 to v10, a number of settings were changed by ESET itself, since I didn't make any. Another question at this point is: Should I just leave things the way they are or "Import" the most recent settings export file I saved when ESS v9 was still being used? (I frankly have no idea which settings were changed or what all the settings were when v9 was installed). Thanks again for your time and help! (For Ken): Just saw your post after I made mine. I have only this one standalone computer which is connected via Cox Communications cable. There are no others here, nor do I have any wireless devices (other than my cell phone). Pete

Greetings everyone, I upgraded my ESS v9 to v10 on October 28th via the full installer which I downloaded to my computer, then ran it. I've noticed that when I click on "Advanced Setup", I now see a circular, light blue-colored icon beside every module in the list on the left side of the window, except for "Device Control". A number, such as, 1, 2, 4, etc appears inside each icon. Hovering the mouse pointer over the icon displays "Changed from defaults". I made no changes at all, so I'm puzzled as to what has happened and why. Can anyone enlighten me on this, as well as, how to correct the issue? (I do have a few "Settings exports" saved - the most recent is from August of this year). Much obliged for any help.

Much obliged for the follow-up info, itman! At least it's reassuring to know "the bases are covered", so-to-speak...even if MBAM managed to beat ESS to the punch on this occasion. Cheers!

Good morning, Shown below is an excerpt from my MBAM Log this morning where it blocked an INBOUND connection attempt from the IP address indicated, apparently trying to connect to the executable file displayed. From what I can find in my limited checking on-line, the IP appears to be part of some botnet apparently located in Kiev, Ukraine. My computer is a standalone, not on any network, nor is there any file-sharing, and I'm the only one who uses it. My questions: (1) - Is there a reason ESS v9 did not block this IP? (2) - Is/are there any action(s) I should take at this point? Malwarebytes Anti-Malware Detection, 6/22/2016 7:59 AM, SYSTEM, XXXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.223.89.211, 5005, Inbound, C:\Program Files\Windows Media Player\wmpnetwk.exe, Detection, 6/22/2016 7:59 AM, SYSTEM, XXXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.223.89.211, 5005, Inbound, C:\Program Files\Windows Media Player\wmpnetwk.exe, (end) Thank you for your time and any feedback!

Thanks very much for getting back with me, Marcos! I certainly HOPE...it's a false positive, especially given the other sources mentioned in my OP which indicated "maliciousness." Thanks again! Pete

Good morning everyone, Since I first turned-on my computer earlier this morning, I have noticed every single time I click on the Firefox icon to open the browser (I'm offline at the time), ESS immediately displays the alert shown in the attached screenshot further down. Thus far, the alert is only displayed when I first open the FF browser. I haven't seen it re-appear whle visiting the usual websites I normally check each day. I have checked both the URL and IP address - they apparently belong to Mozilla. However, I see that VirusTotal (Quttera), and IPvoid (Quterra) are both flagging it as malicious. Quterra specifically reports 2 malicious files, as well as, the URL itself (hxxps://raw.githubusercontent.com...). URLvoid (Scumware) is flagging the URL as well. I've run scans of my computer with ESS, MBAM, and SAS - no detection's found. I also scanned the Firefox executable file in the (Program Files x86) folder with the aforementioned scanners - no issues were found. I've only been using ESS since February of this year, and still trying to understand how things work in it (unfortunately, age and health have taken their toll on me), I've only seen this type alert once before and it was for a McAfee-related URL/IP. (that particular alert has never occurred again). My questions: 1. Can someone please explain what is happening with this sudden alerting on Firefox? 2. Are there any action(s) I need to take? Thank you for your time, review and any help! Pete

Hi Tom, No...you're not having a 'senior' moment. If you were...I'd be in the same boat with you! I too see the Moderating Team list is blank,and Moderator posts do not have that pale green color either. I've noticed over the last 2 days, that there have been some extended periods where this forum was completely down. I checked the server status and the results confirmed it. I could access the Knowledgebase and another ESET area...just not this forum. Maybe one of the staff can enlighten us? Cheers! Pete

Hi dxcarnadi, I myself am using ESS, & MBAM Premium, both scanning in real-time. I do use SuperAntiSpyware (aka SAS) solely as an "on-demand" scanner. Personally, I feel the "layered-approach" to my own computer's security has worked the best. I've had a couple of occasions in past years where I relied solely upon a single Internet Security Suite program to protect me, only to get hit with malware which managed to get through. As has often been stated, there is no single antivirus, Internet Security Suite, or anti-malware program that will always be 100% effective at blocking all malware floating around the Internet. Since you indicated you are using MBAM (free version), I would recommend keeping it for performing on-demand scans as needed. This is just my own, personal preference. Obviously, the ultimate decision is yours. Hope this helps & best regards.

Much obliged for the info you provided, itman. I've briefly reviewed the info at the link you provided. Given the increasing difficulty I seem to have in trying to understand all the technical stuff, I'll just throw in the towel and leave things as they are, and not post about these issues here again. I'd done extensive reading of the ESS user's guide before I even tried out the trial version, and even after purchasing a license. The very first post I made here was to inquire if ESS required a lot of tweaking or one which would function effectively with the default settings it installs with. I'd also inquired elsewhere about ESET'S ease of use. From the responses I received, my impression was that ESS would be relatively simple to use. Perhaps age and deteriorating health have just taken too much of a toll...to the point I am no longer able to adequately understand all the intricacies of increasingly-complex security software. In any case...I thank you for your time and patience in trying to help me out. Best. Pete

Much obliged for your feedback, Ken! Pete

Greetings again, Today seems to be turning into a strange one. I just now noticed in the Troubleshooting Log where ESS made 27 inbound TCP packet blocks from IP address: 91.228.166.47 all at once. The IP belongs to ESET itself in Slovakia! The reason given for the block: "TCP packet not belonging to any open connection". I'm a bit bewildered. Questions: 1. Is there some explanation for this seemingly strange event? 2. Should I UNBLOCK this item, since the packets appear to be coming from ESET? Thanks for any info! Pete

Hi Tom, Thanks very much for the info link! If I'm understanding it correctly, then ESS will automatically continue to block any future such major port scanning attempts and I don't need to take any additional action. Sounds like a 'winner' to me! Cheers! Pete

Good morning everyone, I have observed the Troubleshooting Log shows an entry this morning (during the past hour) where ESS blocked 95 UDP inbound port scanning attempts all at once from IP address: 209.126.110.5. After the first block, ESS put the IP address in the temporary blacklist area. [screenshot attached below]. Checking the IP at Hosts-file.net shows it to be flagged red (malicious). The IP is apparently located in St. Louis, Missouri (USA). IPvoid, VirusTotal, and Senderbase did not flag the IP address, however. My question: Is there any action I need to take, such as, adding that IP address to the IDS Exceptions list to ensure any future inbound UDP port scanning attempts are blocked, logged, and I am notified? Thank you for your time and any enlightenment! Pete

Thank you for your follow-up, itman! With regard to the options you mentioned, I am hesitant to disable MBAM'S real-time scanning. Over the past several years, I've noted consistent recommendations in some well-respected security forums that a "layered approach" to one's computer security is preferred. (These same forums are also ones where ESET has been highly-recommended). This 'layered approach' would seem logical to me, especially since there was a time (several years ago) when I relied solely upon one particular Internet Security Suite program to protect my computer, only to get hit 4 times in a 6-week period with one of these fake anti-malware/scareware type programs. Several months later, an SAS scan quarantined a Sirefef trojan which managed to delete my ipsec.sys file. I realize there is no single AV, Internet Security Suite, anti-malware program, or any specific combination of programs that will always be 100% effective in blocking all malware activity. So, what I have done is implement part of one of your recommendations, namely to place a Web Exclusion within MBAM for the ESS ekrn.exe file, since that is the one MBAM has been intermittently (i.e. not an 'every-day event') blocking outbound connection attempts from. Hopefully, that will be sufficient. Thanks very much for all your help & the info you provided!

A new update for what it's worth... At 6:30 p.m. today, while I was viewing ESET > SETUP > Network Protection page, MBAM displayed another Outbound block alert as shown in the log excerpt below. At the same time of MBAM's alert, the ESS Troubleshooting Log shows it blocked an INCOMING TCP packet from the same IP address, 91.212.124.32. Reason: "TCP packet not belonging to any open connection". This new IP address (91.212.124.32) appears to be located in the Ukraine. IP is flagged by VirusTotal (i.e. Kaspersky & Dr. Web) as being malicious. Malwarebytes Anti-Malware Log excerpt Detection, 3/21/2016 6:30 PM, SYSTEM, XXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.212.124.32, 58282, Outbound, C:\Program Files\ESET\ESET Smart Security\ekrn.exe, Detection, 3/21/2016 6:30 PM, SYSTEM, XXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.212.124.32, 58282, Outbound, C:\Program Files\ESET\ESET Smart Security\ekrn.exe, Detection, 3/21/2016 6:30 PM, SYSTEM, XXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.212.124.32, 58282, Outbound, C:\Program Files\ESET\ESET Smart Security\ekrn.exe, Detection, 3/21/2016 6:30 PM, SYSTEM, XXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.212.124.32, 58282, Outbound, C:\Program Files\ESET\ESET Smart Security\ekrn.exe, Detection, 3/21/2016 6:30 PM, SYSTEM, XXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.212.124.32, 58282, Outbound, C:\Program Files\ESET\ESET Smart Security\ekrn.exe, (end) Cheers everyone!

Hi again, itman and Tom, and my thanks to both of you for your continued follow-up! (For itman): I appreciate the screenshots you included. I'm not so adept at being able to do a lot of things as I once was, so the inclusion of such images, and/or step-by-step instructions are a BIG help to me! I'll try my hand at creating the rule you suggested tomorrow, since I'm getting ready to hit the sack after I finish this post. (I've never been able to quite get the hang of firewall rule-creation). (For Tom): It does indeed seem a bit odd that despite our Geo-proximity, I seem to be the only one experiencing this issue. (My previous internet security suite program was Outpost Security Suite Pro (lifetime license)). Unfortunately, as you and itman already know......Agnitum was gobbled-up by Yandex, so I began my search for a new application to replace it with, before Agnitum ends all updates and support for it at the end of this year. After trying-out ESS for about 2 weeks or so,, as well as, monitoring the ESS sub-forum here (to get an idea of both the timeliness and 'quality', so-to-speak of responses to various problems users posted about - I decided to purchase the license for it. I concur with your comment about itman and SweX! In addition to the help they provide here, I've seen their respective helpful posts in a couple of other forums as well. Thanks also for your 'welcome to the forum'! Reckon I'd better sign-off for the evening. Again, I really appreciate yours, itman's, SweX's, and Marcos' timely replies and continued follow-up! Cheers! Pete

Much obliged for your feedback, TomFace! I should have re-worded my post a bit to reflect what you mentioned. I'd been hoping someone at ESET would be looking into the issue I presented and be able to provide more info. Being a new ESS user, it's more than 'just a little disconcerting' to be experiencing an event of this type right from the start. Thanks again!

Greetings again... Just a brief update that today at 1:15 p.m. (U.S. EST) MBAM has again blocked another attempted outbound connection from ekrn.exe to IP address 119.1.109.121. It occurred shortly after I exported an ESS configuration file. The difference(s) this time were: - The port number was 51957. - ESS did not show a block of an incoming TCP packet from the same IP address like I mentioned in my last post. Given the reputation of the IP address in question & since no one from ESET has entered this discussion to explain why these events are occurring - I consider it unwise to add the IP to MBAM'S Web Exclusions list. Hope this is of some help & thanks very much for your time and feedback.