FeMaster

I have to assume that they are showing as detected as spam because I had manually flagged them as such. In any case, all of those message are long gone by now. I'll see what I can do with any future messages.

Wow, Still no response. 😟 My license expires the end of January, maybe I'll get some help just before it expires? ...Or, maybe I won't need help by that time... 🤔

Am I being left out to dry on this one? Seems as if the problem is getting worse, and I would really like to get something figured out here.

Curious if there has been any progress on this? Thanks again for any help.

OK, I've completed the requested steps. One thing I did notice was that initially when I reclassified the email as SPAM, it did not add the "[SPAM]" to the beginning of the subject line like the software was set to do. The logs may reflect that the same emails were reclassified more than once as I drug them back out of the spam folder and into the inbox again, and the did the reclassification again, and this time it did add the proper prefix to the subject line. eis_logs.zip SPAM Email.zip

In my Outlook 2013 Eset has it's own tab at the top when it's enabled, like in the attached picture.

I live in the US, and I really don't get a ton of SPAM, maybe 4 to 6 a day between the 5 email accounts I have set up in Outlook. Eset manages to catch and filter about 1 email a week on average, some weeks it catches none of them. The 5 different email addresses consist of 3 from my ISP (Charter.net), 1 Hotmail, and 1 Gmail. Just as a side note, I've added a few extra ports (465, 585, 587, and 993) under the Email Client Protection Protocol setup section so that EIS should be able to scan emails from any of my clients. I know this helps with scanning for infected attachments, but I'm not sure if it has any affect on SPAM filtering or not.

I'm just wondering if others are experiencing the same poor performance with the Anti-Spam module? I'm using Outlook 2013 and the SPAM filtering is extremely poor. As far as I can tell, I've got the settings for filtering set to the highest they can be, yet Eset might catch 1 out of every 30 junk emails and flag it as Spam. I constantly use the Eset plug-in in Outlook to manually flag the SPAM emails such. I would have thought that this would have at least offered some sort of "training" to the filter, but it's fruitless. The same email SPAM comes in every few days and is constantly ignored and allowed to pass. I've attached an example of a piece of SPAM, which I would think should be blatantly obvious to the filter that it is, yet it's never flagged as such. What's going on here?

Thanks again itman. I've played around with different configurations and believe that the trouble stems from the combination of using the Safe Access package on the router and having Open DNS set as the DNS server in the router. I found a site that I could consistently get the certificate notification to pop up on, then went through every combination of setting I could up with, clearing the browser cache and closing and open the browser between every test. When disabling the Safe Access package, no certificate warning, using Open DNS, no warning, using Safe Access with my ISPs DNS, no warning, Safe Access with Google DNS, no warning. Set everything back the way it was and the warnings were back. Safe Access and Open DNS by themselves work fine, but in combination, there is something that must be clashing with the other and causing all the headaches I've been having. In conclusion, not an Eset Problem... Case closed!

OK, while I was typing up that last reply, something interesting popped up on me that I have never seen before this point. Eset was complaining about it's own certificate being untrusted, any ideas on this one?

Nothing suspicious or out of the ordinary, WiFi is is VERY secure. Neither Eset nor my router indicate any devices on the network that should not be there. Not a work PC, it is a home PC. I'm trying to piece this all together here, and I may have come across a possibility of what is going on, but it's going to take a bit a finagling on my end to determine for sure. Back story is, I recently (within the last couple months) replaced an aging Asus router with a Synology RT2600ac. This has worked perfectly since it was installed, no issues at all. Synology recently pushed a firmware update that MAY coincide with the issues I am having, but I can't recall on the timing of it all to be sure at this point. In the latest update, they removed the typical parental controls that I was used to which were very similar to those on my old Asus router. They now have a package in the router called Safe Access which is like parental control on steroids. I'd say it's a bit closer to a business class type of malware detection / web filtering / access control. One other issue I am having that I just stumbled on, which leads me to believe that the culprit here may just be the router, is that with Safe Access enabled in the router, there is an issue with DNS servers, which has lead to a fair bit of complaining over on their support community. I'll give you my scenario, and perhaps you can give me your opinion on it. My setup has been, for a long time now, that in my router I have Open DNS specified as the DNS provider the router should use (which coincidental, or not, is now a part of Cisco; it might just be an Open DNS problem, hmmm). This helps me to filter out the majority of sites that I don't want my children going to. In my own PC I have the DNS specified as Google servers (8.8.8.8 and 8.8.4.4), which would of course bypass the Open DNS filtering just for my PC. Ever since the changes made by the Synology Router update and the addition of this Safe Access instead of standard parental controls, the DNS I have programmed into my PC is being ignored and all DNS quarries are going out through the Open DNS that is set in the router. Apparently this is a known issue at this point, and is supposed to be corrected down the road. Disabling Safe Access makes the DNS function as one would expect. I'm not sure how the Safe Access can fully override the PCs DNS settings, but it does. Just had an epiphany typing this up. The issue with Safe Access forcing all my DNS quarries to go through Open DNS (a Cisco company now) could be why I just recently started seeing this issue about these Cisco Umbrella certificates. Before this DNS issue, my PC was making all it's look-ups through Google, like I have it set to do, but Safe Access is somehow overriding this, forcing the PC to go through Open DNS now. If I can get some time this evening, I'm going to try some of these trouble prone sites with Safe Access disable, and possibly with the PC plugged directly into the modem completely eliminating the possibility of any interference from the router or anything else for that matter. Thanks for all your incite so far!

OK, this sounds wonderful. I've tried the same address through all 4 browsers (Firefox, Edge, Internet Explorer, and Chrome) and all of them lead to a warning page that there is a problem with the pages certificate. So, I guess I need to ask now, where do I go from here? This is my first time ever getting any type of infection or whatever this would be considered. I know a fare bit about computers and networks, but not so much about certificates and the like. I checked to see if there was any type of proxy settings set on my PC, but all appears clear there. Any advice going forward?

I've NEVER had a password on my advanced setup. Matter of fact, I didn't know you could have one until I read this and went hunting through the settings. Maybe I just breezed by it during initial setup or something, but I can confirm that there is no password by default. I do see, now that I've gone looking for it, that there is in fact an area in the advanced setup section where you can enable it and set a password of your choosing.

In the last week, or perhaps slightly longer, I've been getting a semi frequent popup from Eset Internet Security regarding an Untrusted Certificate. It's not happening on all secure sites, but on a few. All the alerts I have been getting so far have come from the same Root CA, so I assume it must be something to do with that single Root CA. I also would like to note that I found a recent posting about a similar problem with untrusted certificates and I tried the suggested fix of disabling Eset's SSL scanning, rebooting, and then re-enabling and rebooting again. This did not resolve my issue as I believe the two problems, while sounding similar, are completely different. I've attached pictures to show what I'm getting: Image #1 is the popup I'm getting stating that Firefox is trying to communicate over an encrypted channel with an untrusted certificate. Image #2 is the certificate Information (Why is the validity date range so short?) Image #3 shows the certificate path as well as it's status Image #4 shows the actual certificate details It would appear that the reason I'm getting this popup is because the certificate is not installed in the Certificate Store. Is this safe to do, and if it's an OK certificate, why is it not already installed? I guess I need a little guidance to what exactly is going on here, and why out of the blue this has started happening.

Yes, If this is the way of the future, where more and more apps and software are going to be going through the MS Store, there definitely needs to be something figured out with regards to this changing folder path issue. And to answer your original question, which showed up in my email but was apparently removed by you after the fact: Microsoft Firewall. The most obvious one that can handle when an application updates with a changed folder path. I've not used anything than other than Eset or Microsoft since this whole app thing has come about, so I can't comment on whether or not other vendors' products are capable of doing it or not. Perhaps the MS built-in firewall would be a good place for Eset's software developers to start with, to see how Microsoft does it and go from there with their own software firewall.

I literally JUST posted about this subject again myself, Jedis, before stumbling onto your post about it. My gripe focuses more on the C:\Program Files\WindowsApps\ folder where every time an app is updated the folder path changes requiring the manual creation of a NEW firewall rule, and the manual deletion of the old, obsolete rule. There should be a way to resolve this problem without using wildcards. At the bare minimum, the WindowsApps folder should receive some sort of "special" treatment. I don't know what, but there has got to be SOMETHING that can be done. I feel your pain, I really do!

I hate to rehash an old subject that I've complained about already, but the firewall issue in relation to Microsoft Apps (Store apps, etc.) located in the C:\Program Files\WindowsApps\ is becoming a bigger and bigger headache for those up us that prefer to use the Interactive firewall setting instead of the Automatic one. I'm having to recreate firewall rules and delete the old, obsolete ones almost daily now. The issue lies with the fact that the folder path of the app(s) changes every time the app is updated. The folder name contains the current version number of the app, so every time the apps are updated, the current firewall rule is no longer valid, and the the app now looks like a NEW app with no firewall rule, instead of an updated app that just needs approval from the firewall to transfer the current rule to the updated file. Because of this craziness I have create a NEW firewall rule for the updated app, and subsequently hunt down and delete the old rule that is no longer valid. It is a MAJOR HEADACHE, and I don't understand why something can't be, or hasn't been, done to resolve this problem. For further information, here is the original thread I posted about this problem: https://forum.eset.com/topic/13012-microsoft-outlook-communications-hxtsrexe-firewall-rules/?_fromLogin=1

I can say that it seems like every time Windows does any kind of "major" update, it completely screws up my EIS requiring me to unistall and reinstall in order to get everything working properly again. Antivirus seems to be fine, but my problem is always with the firewall. Rules no longer working, being ignored, and loss of all local file and printer sharing, just to name a few of the issues. Even turning off and on the file and printer sharing setting in EIS does no good. I've even tried to create a new "Trusted Network" and that was fruitless as well. I'm blocking the latest Windows update for the time being, as it has created too many problems (not with EIS, just in general) for many people. I'm waiting until they iron out a few of the bugs first. Hopefully I won't be in for a full reinstall once again, like every time in the past.

PUA stands for Potentialy Unwanted Application. You would probably need to expand the Application section of the log and find out what application it is flagging. Then I'd add that application to the exception list in the Basic Antivirus section and see if that does the trick for you. Someone else with more knowledge might have a better answer, but from my semi-educated brain, this seems like it should fix your problem. You can also reference this Help topic for a better understanding: https://support.eset.com/kb3204/

Wildcards are not my goal here, my goal is to not have to create a new firewall rule (and remember to delete the old one) every time an app in the WindowsApps folder is updated. Some of these apps (like the irritating HxTsr.exe ) are updated on an almost weekly basis and attempt to access the internet to varies different IP addresses multiple times an hour. This makes the need to create a firewall rule for it a necessity. Frankly, I could care less how this is implemented, wildcards or not, as long as it works without having to turn off Interactive mode on the firewall. Personally I'd like to see the firewall recognize the updated app as just that, an update, and not a completely new piece of software just because the folder it was in changed. Since this seems to only be an issue with apps within the WindowsApps folder, whatever is implemented should probably be specific to just the things within that folder so as to not potentially weaken the firewall in normal folders. Hell, at this point I'd be happy to be able to set an exception to never block outgoing connections from things inside just the WindowsApps folder. While this is definitely NOT an ideal situation, I am THAT FRUSTRATED with this that I am actually considering it as an option! BTW, sorry AGH1965, I didn't mean to hijack your thread, I'm just glad to see that I'm not the only one frustrated by this, and am hoping that the more of us in a single place might help to push things on a little faster. Wishful thinking maybe...

I absolutely agree. Call me anal, but I want to know what is both coming in and going out. Being prompted for something wanting to go outbound, that I have never seen before, is a HUGE first step in determining if you might just have a problem somewhere on your system. While I'm plenty savvy enough to know the dos and don'ts to avoid infections, what I can't stop are baddies that just might sneak in because of exploits and holes in poorly coded software; something that seems to be getting more and more rampant these days.

I have the same issue. The app that is particularly annoying to me is the HxTsr.exe which is apparently associated with my Office 2013 installation. This file seems to get updated about once a week, and every time it updates the sub-folder changes based upon the apps version number. I think it is the same for everything in the WindowsApps folder, but don't quote me on that. I've posted in the past about this particular file (HxTsr.exe), and was met with pretty much the same worthless response. No REAL solution to the problem (I was told to change to "Automatic" mode to resolve the issue), and not even a "we'll look into it and see if we can come up with a fix." The problem has been ongoing for over a year now, and nobody seems to care. Apparently those of us that use interactive mode are in the minority, and spending time on a fix would require more resources to try to come up with a solution than they would benefit in return from. Highly annoying to say the least! The worst part is, the firewall rules list keeps getting longer and longer as the old rules don't get automatically removed, and requires me to go in and clear out all the old, no longer relevant rules. It would be nice if the software could do something similar for the apps in the WindowsApps folder, like it does with the desktop apps when they get updated. The software notices that the executable has changed and asks me if I want to keep the same rules as before the change.

So my same activation of Smart Security will work with Internet Security 10? Just want to make sure if it comes down to needing to do a reinstall. On a side note, I have yet to uninstall my Smart Security, not that I didn't try. When I went to uninstall it, it never gave me the option of uninstall, It automatically started a repair of my Smart Security installation without even prompting me. Is this normal behavior? In any case, since the repair ran, I have been getting the virus database updates again, and after restoring all the firewall settings to default again, that seems to be operating normally as well. I guess time will tell...

It just states Eset Smart Security, so that must be what it is then., not the Premium.

I'm finding the need to uninstall and reinstall my Eset Smart Security, as the recent "feature update" to my Windows 10 Pro (Version 1703) has completely hosed my Eset. It can no longer update virus signatures (constantly states "server not found", even though it can check to see if I am running the latest version of Eset), it keeps asking me to created new firewall rules, even when the exact rule already exists, etc. I've reset the entire firewall portion of Smart Security back to factory settings, but nothing has changed. I figured it was time for a fresh start of it, SO... I went to download the installation file for my Eset Smart Security, only to find out there are 2 different ones listed. Is the Premium version a completely new version? If I had premium, I'd assume it would state that in my currently installed software? Right now it just shows Smart Security at the top of the application, and in help and support, it states version 10.1.219.0. Need to know which one I have so that I can reinstall. Thanks for any info!