Patch

So with the new interactive rule creation editor, how is it intended the user determine what is the minimum port, protocol and host required for the current data transmission?

There is Microsoft's Legal terms and conditions for using Windows 10, prohibit blocking their spying and central control of code updates. It is clearly very important to their financial plans As I said, the code is fine, their legal T&C suck

Windows 8 then windows 10 is Microsoft monetizing their virtual monopoly. Windows 8 to buy into the tablet market Windows 10 to buy into the ad revenue / sale of personal data market, a margin on other companies software, and exclude competition. The program code is probably a step forward but the legal term and conditions are a massive and progressive step backwards.

Yep Fixed my system too. Although to be fair I have not retested ESET with Firefox v73.0 t see it ESET have fixed it at their end.

Doesn't work for me. I can readily restore my normal profile and that works fine but ESET appears to create another shadow profile which it uses for secure banking, indexed from the normal profile. Without updating restoring that to the pre Firefox upgrade version, Firefox objects each time I run secure banking and insists on creating a new profile

Same with Firefox 73.0 and ESET Internet security 13.0.24.0 Downgraded Firefox to 72.0.2 64b Firefox detects downgrade and forces creation on a new profile, (loosing all my bookmarks) Restored from backup C:\Users\UsersName\AppData\Roaming\Mozilla\ C:\Users\UsersName\AppData\Local\Mozilla Which mostly fixed the normal version of Firefox but not the profile for ESET Banking protection. Where is that stored?

It appears ESET have added new Windows update prerequisets https://help.eset.com/eis/13/en-US/outdated_os.html?status=&product=eis&version=13.0.24.0&osbuild=6.1.7601&platform=WINNT64 The details of that page varying depending on what Windows updates have been applied

What versions of firefox? I suspect the current firefox is corrupting keyboard / mouse input on one of my computers also. Started after upgrading firefox to the current version. But perhaps I will need to run Firefox is safe mode and do hardware testing prior to jumping to conclusions.

The same is happening for me running Windows 2 professional 64 bit ESET Internet security v 13.0.22.0 English (not sure how to tell if it is 64 or 32 bit) Edit: Although https://support.eset.com/en/which-eset-product-do-i-have-and-is-it-the-latest-version-home-users Says the latest version is 13.0.22.0

I'm upgrading a Windows sever 2012 64-bit Essentials (6.2.9200) domain controller virtual machine from a full installation of ESET file server v6.5.12007 -> v6.5.12017 Enabling program upgrades doesn't work as it reports v6.5.12007 is current. Running efsw_nt64_ENU.msi from the graphical user interface when logged on as a domain administrator doesn't work with this version due to the problem described above. Logging in as a domain administrator, opening a command prompt as an administrator, cd to the directory with the program update, and running msiexec appears to work, however I'm unsure what are the recommended parameters for this command. The following command appears to not uninstall the old version first, instead giving prompts expected for a first install. msiexec /qf /i efsw_nt64_ENU.msi Edit Just typing the file name at the command prompt works ie efsw_nt64_ENU.msi Which in hind sight this is probably the same as msiexec /i efsw_nt64_ENU.msi That requires a registry hack However elevation to administrator should normally happen automatically with msi files, and it worked in the past. Not sure if it isn't now due to a change in this installation file or my server

I had a similar problem. Domain administrator account did not allow ESET upgrade, had to use a local administrator account. Not that convenient for the domain controller. Note: Windows sever 2012 64-bit, both Std and Essentials (6.2.9200). Fully patched ESET file server v6.5.12007 -> v6.5.12017

Same here on some computers running windows 7 professional 64 bit and ESET Smart security 9.0.402.0 I suppose it comes down to: how long is ESET software maintenance for each software version?

Try downloading the addon as a file, then double click on it to open in in Firefox / install it in Firefox

V9.0.402 is currently available only as a program update (uPCU). OK Will wait till offline version is available as I update several computers at a time

Results show: Exploit testing, ESET endpoint score much better than CylancePROTECT and a little better than Symantec Endpoint Protection In-the-wild malware protection appears to not be reported for ESET. Selective omission of test results I always find concerning or have I just missed it?

After further testing, it seams zones with IP addresses outside of the local network maybe the problem. ESET created local zones appear to function as expected. I didn't have any user created local zones so I haven't tested that functionality. The ESET setting migration code also converts IP ranges to subnets eg 192.168.1.12-192.168.1.30 is converted to 192.168.1.12/18 (or something similar, I forget the exact notation). Unfortunately the converted notation results in a non functional rule. Fortunately they can be edited back to the original notation which does work as expected.

I recently upgraded several computers from ESET Smart Security v8 to v9. I use the firewall in interactive mode and have developed a reasonable number of specific rules so rather than a clean install and manual recreation of all the rules, I installed the newer version over the older, thus achieving migration of my v8 setting to v9 (as otherwise v8 configuration files are not compatible with v9). The procedure went well mostly. The problems I had were: 1) Firewall rules which use manually created zones in v8 are not functional or editable in v9. They are displayed in ESET SS v9 -> Setup -> Network protection -> Personal firewall -> Configure -> Rules edit Rule information appears correct except the zone label is not displayed. But if one of these rules is selected on this screen and the "Edit" button clicked, a blank pop up windows frame is displayed. The rule also does not function despite being displayed. I believe this is a program bug in the v8 to v9 settings migration code. 2) ESET Smart Security v9 enables adding new rules manually but does not have an add similar rule or duplicate rule which v8 supported (a useful feature in my opinion). 3) ESET Smart Security v9 explicitly shows firewall rule evaluation order, a feature I like. It enables promoting or demoting a rule by one place or to the end of table. Multiple rules can be selected but not moved as a group, which would be a useful enhancement. 4) Column widths can be changed and need to be to see the typical rule name and Application path, but aren't saved. Another potential useful enhancement. 5) I would also like to group rules together which apply to the same application. I'm not sure the best way to achieve this, perhaps add a button or pop up menu to "Group Application's rules". They can manually be grouped at the moment but program support would be a nice enhancement.

The issue is actually Windows 10 licence has some significant restriction Updates received without notice (Term 6) Diagnostic and usage data. Cannot be disabled (Group policy 0 setting ignored except on Enterprise versions) Disabling Windows 10 "Features" is also against the licence you agreement. Together with their privacy policy The Windows 10 licence also has some significant restriction for small business and Unix / Mac sites Cannot install software on a device for use only by remote users (Term 2. c. (v)) Can only remotely access from device running same or higher versions of windows (or one other user every 90 days) (Term 2. d. (v)) Your attempt to stop windows calling home is actually not allowed according to Microsoft's Windows 10 licence. In addition they are under no compulsion to honour software "Privacy" options you select during installation. So while windows 10 code has some useful feature, the commercial arrangement results in it being an inferior product. There may well be a profit to be made stock piling licences for older versions of windows.

I think you will need to provide more information to have any chance of a specific reply. What is the IP address / device from which the ARP cache attack comes? Is it always your router? What router do you use? Are you getting ARP attacks from another PC? Is that PC running AV software? How long have the attacks been occurring? What's your network topography, about how many and what sort of devices are connected, what software (OS and AV) is used thoughout? Or to answer your question in another way, ESET is designed to protect you from and report possible malware attacks however false positives can occur. Not easy to say what is causing your notification with the available information

Interestingly ESET rated behind Norton, Avast! and Trend despite being less compromised and having a lower false positive rate. The reason for this is blocking a web site was rated above detection of malicious code and neutralising it. I'm not sure I agree with this rating philosophy. Kaspersky did however perform well on the test set used.

The forum software defaults to quoting a selected post and all of the included post quotes. When selective deleting unnecessary text, it is easy to break the message structure (very annoying before I found the message undo vs browser go back). The combined effect is to encourages large quotes. Modifying the forum software quoting, so only the new text is included by default would minimise large quotes. For cases where the earlier quoted text is actually needed, users could still use the multi quote function.

If you really want this rules why don't make it yourself? Make it like you said, create a fresh VM, install a fresh copy of windows (and do not install any "integration components" or something like this), install ESS, do not install any other software at all and then you can create all the rules while using the VM. Before creating the rules I would suggest you to export the configuration, so you can compare it to the configuration later. ... After this you can export the configuration and compare the configuration files, so that you can "extract" only the created rules. Here is how you can do this: https://forum.eset.com/topic/3512-eset-passive-quiet-install-to-include-pua-detection/?p=20461 Okay if you don't want to do the last step you can also send me the XML files and I do this for you. Then you finally will have a configuration file which everyone can import who wants to have the pre-defined system rules you talk about here. Okay there would be one exception: The users would have to use exact the same OS (e.g. Windows 8.1 Pro, 64bit) otherwise there could be rules which are not needed or some rules are missing. ESS has the capability to import/add to a users current configuration. Multiple configuration XML files can be sequentially added to build up a desired configuration. Creating and sharing firewall configurations for standard applications is an interesting concept. By grouping sets of rules for a particular functions we may achieve an efficient way to customise the firewall configuration. Using/editing the rule names so their source is readily identifiable would further facilitate subsequent customisation/selective deletion. As well as OS firewall configuration, the same concept could be applied to application suites. Sharing configurations would also facilitate discussion on configuration options and their merits. The difficulty in sharing firewall rules is application path varies (drive letter, 32 vs 64 bit etc.). We may need multiple versions of configurations. Alternatively search and replacing the application path in a word processor prior to using the configuration snippet maybe optimal if a different installation directory is used.

If ESET add a predefined rule it must be broad enough to cover the requirements for all users. It also announces to malware writers that all ESET installation are open to communication along that path. If all users need to create such a rule then it is sensible for ESET to add it to their predefined rules, as doing so simplifies set up with no change in the resultant firewall users actually use. If many users will not use or need communication along a particular path, or they will only use a subset of a general rule, then users wanting a tight firewall are are best served by not having unnecessary broad predefined rules. The learning mode can then be used to create the specific rules each individual actually needs. For most users, who want ease of use and a strong AV suite of defences, the default automatic mode is appropriate. So in summary, if ALL users actually need the SAME rule then I agree it should be added to the predefined set. If not, then I would prefer to build my own rule. I hope this clarifies the contention.

They do state that they have actually set up a malicious network and record fails when they can get a password from the system under test to their servers. An impressive test setup, and to fail it I would care. I may have missinterpreted their description though, as you are implying that test protocol did not apply to the API testing, perhaps only applying to the Botnet test.

If you are confident your system is clean you can stop worrying and create rules for all communication which occures with normal activity. ESS will conveniently tell you when each application tries to call out and if you can see no reason how the communication will help you, then block it. As for why does Microsoft store call home when you do not intend to use it, the answer is no doubt it helps Microsoft. Either it simplfies their code by not worrying about network traffic for non paying customers, or potentially increases their sales by data mining. Microsoft are trying to move all their software to an online rental model. No doubt they do not like customers using their software for an extended period without paying more. Either way your decision process it the same. ESS alerts you to the activity:- allow it, if it is OK (system clean and comfortable with that company having free access) block it, if you can't see how that communication helps you (you can always change it later if it breaks something) investigate what is being sent and why if you are curious Worrying about it is not a recommended option. Having everything allowed also does not make any sense as an option. If that is what you want use the automatic or learning modes. I beleive the communication these processes use varies with system configuration. How much is actually needed depends on what you are doing. Interactive mode encouges each user to make their system as tight or as loose as they want. However for users who want an easy setup, which allows normal traffic, and is reasonably safe, then automatic or learning modes are more appropriate