Carl S

  • Content count

  • Joined

  • Last visited

About Carl S

  • Rank

Profile Information

  • Gender

Recent Profile Visitors

137 profile views
  1. No, no other web sites have this problem, only this forum, but I tried it with multiple browsers and computers, all had the same problem. I have since changed authorization to use Facebook to login. I don't have this problem with it, (although I really didn't want to connect using Facebook.) It was only when using email and password that I have the problem. Before using the Facebook login, I was having to reset my password each time I returned to the Eset forum site.
  2. As an FYI, the online cybersecurity training that comes with ESS has a link to a page called "Take away PDF of tips and tricks." If you click on that link, it opens a pop-up window in the browser, but the server responds with error 404. The missing file is
  3. Yes, if you read my post to itman, you'll see that as part of the debugging of version 9, which was having problems starting the EGUI both from the start menu as well as displaying ESS in the system tray, I had added EGUI to the start menu. After upgrading to version 10, this addition remained. I had added by putting shortcut to EGUI.exe in the folder C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup While that didn't work for version 9--about 2/3 of the time I could not get to the GUI--once I had upgraded to 10, I was now getting the UI to pop up every time. I had forgotten that this was something we'd tried under version 9. When I removed it from that startup directory yesterday, the problem was resolved.
  4. Nope, but that got me thinking! If you'll look at my original post, one of the problems I had previously was that the ESET icon was not starting at all and not appearing in the system tray. I have a vague recollection that one of the things attempted to get it to go was adding it manually to one of the autostart places on the computer. That didn't work, though. Now, I'm thinking I never removed that and the startup is because I moved on to another strategy to get it to work.Eventually, moving to 10 seemed to get it to work. Now, I think I'm just seeing the results of my attempts to get version 9 to start at all. Sure enough I do Run|shell:startup and I see a shortcut to EGUI.exe dated 9/1/2016 from the height of my ESS 9 problems. Yep, that seems to be it. It was something leftover from earlier troubleshooting on version 9.
  5. Yes, I reinstalled version 10, it grabbed 10.0.390.0 during install, and after installing and rebooting, the ESET GUI stays open on logging in.
  6. KingSoft.D is the signature name by which ESET labels the unwanted program. It is the unique identifier that goes along with the definition in the ESET database that is used to name the PUP. The file in question is either the WPS Office installer or one of the files inside it or that it retrieves from the web during the installation process. Without further details, it's hard to tell exactly what file that is, and it may not be important. If the software is not working correctly, you might try installing and clicking Ignore instead of Clean if you're sure you really want WPS Office. You can probably see why it is considered a PUP at 1:18 in your video. At that point it is going out to a possibly shady ad-server on the web when you start the Office program. You can see this WPS Office is advertising supported (see the ad in the spreadsheet for WebStorm). That's why it's considered a PUP. It is getting advertising from the web, probably without fully warning the user before installation that it would be doing that. If you're OK with that type of behavior, just ignore the Win32/KingSoft.D PUP warnings during the installation. The URL warnings near the end of your video are a bit more problematic. It appears it is getting javascript from to load up ads in the software. Either that javascript is malicious or URL/domain have been identified as a problem. You can ignore them by whitelisting, but without further details, that would be a tough call for the user. My thought is if WPS Office works as expected, would be to let ESET block the URLs. You might want to turn off the notifications, though as that might get annoying. There is an option in the settings called "Display only notifications requiring user interaction." That would let ESET silently block those URLs. If, however, WPS Office stops working as expected, then you may need to whitelist things so the software can work correctly, but I would not recommend that unless you're absolutely clear as to why ESET is blocking the ad URLs. You can ignore PUPs if you're personally OK with that. Ignore other ESET warnings at your own peril.
  7. No, I didn't. I will do so and report back.
  8. Well, it's doing exactly what it's supposed to be doing. ESET is warning about files that may be "harmless" because you have PUP detection turned on. If you don't want it to be so aggressive and that ESET's being too cautious, you can turn PUP detection off. Or, you can temporarily turn off ESET's detection while you install the software, and turn it back on later. It is clear that software from Kingsoft has been determined to be a Potentially Unwanted Program by ESET and/or some of its users. Otherwise, they wouldn't have named the detection after the software publisher itself. This doesn't mean it is a virus or trojan. It means that it does something else that many users don't like. It doesn't make sense for ESET to ignore this software for everyone, when you're the one who has determined this particular PUP is OK for you. I understand that. In the past, I have installed software that included adware, but I thought it was worth it to get the free software. I ignored ESET's PUP warning and still used the software. I do not expect ESET to remove that particular PUP detection for that item for everyone else, because for many it is indeed an unwanted program.
  9. Since it's called Kingsoft.D, I suspect that's not a false positive, but a PUP that was specifically found in WPS Office. If you don't like it, turn off PUP detection.
  10. I'm finding that the last few times I have tried to log in the forum does not recognize my password. I am forced to reset my password every time. I change it, save it locally on my computer, and the next time I try to log into the forum, it says it is wrong. I am cutting and pasting, so I know it is right. I have tried multiple browsers with the same result. Anyone else experiencing this? I've resorted to just resetting my password each time I return here.
  11. Tried this. Same thing. GUI is up and stays up after cold boot.
  12. Hmm. Didn't seem to make it smaller by turning off profiling events....and to top it off, this time EGUI started minimized. Anyway, sending the Process Monitor boot log. Good thing was that the 2.0Gb size was uncompressed--oops.
  13. OK, removed all three, EMET, Sophos Removal Tool (which was installed under a different account and I couldn't find it at first), and WinAntiransom. Still, EGUI opens and stays open on login/reboot. Sending Procmon boot log via pm (Edit: well, I was going to, but it was 2.0Gb zipped--probably should not have told it to include profiling events).
  14. I installed version 3.0 a long while back when it was recommended on a blog I was reading at the time. I then upgraded to 4.0 and 5.5 as I discovered new versions, but hadn't really paid attention to it. It was triggered by a few false positives over the years, but I seem to recall it catch a couple of things when I wasn't paying close attention to where I was clicking. I'm happy to remove it.
  15. Sent logs in pm yesterday. In the meantime, I see this message (attached), and the odd thing is I've been at 10.0.390.0 for some time. I'm not sure if it is related.