Peter Randziak

Hello Duluc, you can follow part "Example of a full memory dump file setup" from this KB article in order to configure dump creation. Restart is needed.

Hello XiRw, you could add IP addresses of Nvidia servers to Addresses excluded from active protection (IDS) or untick the detection from the IDS. This channel is not commonly used by malware nowadays.

Hello Socha, in case you experience BSOD please provide us with full memory dump and SysInspector log for further analysis.

Hello, configuration task is one time procedure. When clients connects to ERA it downloads tasks - one of them is configuration task. Policy is applied as specific type of configuration task and the advantage is that it is applied repeatedly so even you overwrite configuration on endpoint it will be overwritten by policy again. Different policies can be set up for different groups of endpoints.

Hello Fiery, no the reboot is not needed, the changes are instant. After the setup of rules is finished do not forget to switch the firewall filtering mode to Automatic mode with exceptions (user-defined rules)

Hello, you can use the tool available on this link: hxxp://www.eset.com/us/support/lost-license/

Hello, do you have the policy assigned to the clients? Maybe easier would be to utilize configuration task for all clients.

Hello Itrain, the password is "clean" Script for collecting the system logs is here. Have you replaced the binaries as I described on 12 of August in the thread?

Hello Mecpooler, with HIPS enabled the windowsblinds wasn't working at all? If you experience issues with HIPS please enable logging of all blocked operations in HIPS setup and contact customer care with the HIPS log and SysInspector log for further analysis.

Hello Fiery, learning mode is not asking it is just creating appropriate rules for connections generated. In case you would like to be asked, use interactive mode of firewall.

Hello, yes of course you can. You could send configuration task to all clients or adjust policy settings if you use it.

Hello Duluc, No, the modules were released for all v7 users yesterday. V5 and v6 users will need to switch to pre-release updates in order to receive the latest modules or wait until they are released for all users.

Hello Scot, thank you for letting us know. In case you encounter such issue again please let us know. SysInspector log from affected machine and memory dump of ekrn.exe from frozen state are good for start of trouble shooting.

Hello Ali, could you please describe your question more in detailsso we can answer it properly?

Thank you for your kind words David.

Hello Fiery, enable logging of all blocked connections as described here and reproduce the problematic situation and adjust firewall settings according to it. Or you may use learning mode of the firewall in order to create appropriate rules for you.

Hello Boris, could you please provide us with SysInspector log from the affected system and 2 wireshark logs. One from correctly working state and one from the state, when are you experiencing the slowdown and traffic corruption. Please start the capturing before data exchange starts as far as we need to see the initialization as well. Thank you.

Hello Scot, ekrn.exe is scanning all files, but there are too many of them scanned to be displayed in the main GUI. In case you weren't running any scan the CPU usage should decrease very quickly. How long was the erkn.exe using CPU at nearly 100%? Generally you shouldn't be excluding any files on the workstations only in case of having issues with some of them.

Hello Kent, please submit customer care form (directly from the application) with reference to this thread for further investigation. The logs are kept in the system just for few hours (depending on many circumstances) so please submit the logs at most 4 or 5 hours after issue has occurred. Thank you.

Hello Cornel, in case you are getting detected port scanning attack you need to exclude IP address(es), from which you are getting the attack from IDS as far as these rules are evaluated even before the firewall rules.

Hello Yacut, HIPS is always adjusted for give kernel version in order to be able to protect. We already have HIPS module 1095 with support for Windows 8.1 build 9600 and we are currently testing it. It will take some time to release it for all users. In case you would like to replace it manually send me private message (registration is needed), I will provide you with instructions.

Hello Martvl, in case you have this issue too, please submit Customer care form as I described on 20 of August in this thread: "Please run the update manually wait for a while (2 minutes should be enough) and than submit customer care form (directly from the application) with reference to this thread for further investigation." P.S. We haven't received any relevant logs yet, that would have helped us to discover root cause of this issue. Thank you.

Hello Sunny, I'm not a lawyer but I think that would be violation of Google play's ToS.

Hello Mzbcracker, have you tried typing the username and password and also copy pasting it? What username do you use (just username, do not share the password)?

Hello Mzbcracker, which activation option have you used?