SeriousHoax

I did, but it's downloading the initial update extremely slowly. 3 megabytes in 45 mins, so I had to uninstall again. Maybe something is wrong from my ISP's side. Everything else is running fine though. I don't know what's the problem. This is why I always wanted a full offline installer containing all modules. It would make the initial update smaller. ESET have such installer for business products but not for home.

Though feeling a bit hesitant but maybe I should reinstall ESET now.

Hi, sorry I don't have ESET installed at the moment because I was having trouble connecting to internet because of it. As I said, I tried to switch to pre-release channel but the download never started even after restarting the system and triggering a manual update. Maybe @itmancan help.

ESET need to get their act together with the WSC integration. I haven't seen other products who still have this problem but ESET is having issues quite regularly randomly for some users. Every few months we see there's a new WSC integration module update for ESET. Hopefully they finally fix everything.

Well tonight I had a problem. Suddenly I saw WD is also running on the system along with ESET. Windows Security was showing WD as the AV as if I don't have ESET installed. Restarted the system but same. Tried to switch to pre-release channel and the updating windows was showing updating product with the usual animation but the download process never began. Restarted the system but same problem. Tried to download the ESET log application but that wasn't downloading either. No idea why! There were some internet connectivity issue due to WD vs ESET scenario maybe? So couldn't collect log and had to uninstall ESET. While both was active before my first restart, I saw ESET service was constantly using 50-60 kbps of my bandwidth. It wasn't downloading any update so also not sure what was it doing. I should also add when I installed ESET a few days ago, after installing it was not starting the initial module downloading update. It was stuck with the animation and I had to restart the system before it was able to download modules. I never faced any of these problems before.

This is common when If Controlled Folder Access of Windows Defender was enabled prior to ESET installation. Now if ESET has been installed then Windows Defender and it's Controlled Folder Access module should be disabled by now. Restart the system to be sure and everything should be alright now.

No. I use Adguard DNS and also have uBlock Origin installed. So that's not the case. The delay/slowdown is very minor which I should've added in my initial comment. e.g.: If a page is loaded in 1.59 seconds with Windows Defender then it takes around 1.79 seconds with ESET on average. As I said, this slight delay is expected because WD don't to HTTPS scanning while ESET does and this delay is true for all products that do HTTPS scanning. Bitdefender has the least delay and close to WD because their approach is slightly different. They don't do HTTPS scanning for most pages you visit regularly because I guess they consider most of those trusted and scans other sites. But ESET is fine and I haven't seen anyone complaining about ESET slowing down page loading which is the opposite of Kaspersky. So, I'm not complaining, just explaining.

I agree and even in my post I said ESET is fast in my experience. The only slowdown I can feel is page loading speed but I notice this for every AV that does HTTPS scanning and it's obvious that those who does is going to be slightly slower compared to who does not. So I don't consider it as a negative thing. ESET also lets the user disable this feature completely and even exclude certain apps only. I highly appreciate this.

I've seen the AV-Comparative report also but it's not possible to get a detailed idea there because of how they show the result. This could be correct because I've seen ESET detecting malware in temp folder before it was extracted/copied in its installation location while most products detect that same file after it had made its way into its desired location. So, ESET probably scan more thoroughly and more files. ESET is also able to detect Firefox cache containing malicious script by real time protection even if the web protection is turned off. No other AV I tested managed to do that. No, Kaspersky don't keep system watcher/snapshot feature disabled by default. It still works the way it always has. They should be given credit for their performance improvements. But Kaspersky use more CPU and disk in the background when the device is idle or you're doing some work. ESET is better here and maybe not having a typical behavior blocker helps ESET in performance.

One of the strongest points of ESET is that it is fast and light. But in AV-Test lab's tests, ESET hasn't been achieving full marks in the performance department. The noticeable three points are slowing down browsing speed, slowing down downloads, and slowing down apps installations which are measured in percentage and ESET got lower marks here than industry average. Personally, I don't have much problem with the app installation slowdown because almost nobody installs new apps regularly. But browsing speed and download slowdown is important because we're always browsing the web and some of us often download various things too. Now, what does those percentage means in a real-life scenario? 4% download slow down means how much? 23% browsing speed slowdowns mean how much on average? Is it too much? I guess testing labs like AV-Test share their full results and methods to every vendor. Also, Is ESET doing anything to improve performance in these categories? EG: I see Kaspersky received a 0% slowdown in download speed in the latest test which is lower than they got in previous tests (1-2%) so I assume they took measures to improve it. I know one should not judge everything from this testing lab's results and to me personally ESET feels fast but still I'm hoping for some answers. I would very much love to see ESET achieving 6 out of 6 in performance. https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2020/eset-internet-security-13.2-204010/ https://www.av-test.org/en/antivirus/home-windows/windows-10/august-2020/eset-internet-security-13.1--13.2-203110/ https://www.av-test.org/en/antivirus/home-windows/windows-10/june-2020/eset-smart-security-premium-13.1-202409/

Hmm, only promises with no result so far 😕

The blog post is from 2016. So Avast has this for 4 years. BTW, this particular feature on Avast requires MOTW. Anyway, ESET should take inspiration from Kaspersky's Application Control.

Non malicious residuals usually gets "Not clean" status instead of "Infected". But some testers often don't mark that properly. Those rules are mostly made by earlier members and I'm not testing malwares there anymore either. Anyway, that's a totally different topic. ESET needs to improve malware removal but pretty sure that's not going to happen.

The default value is 10 sec. But that has nothing to do with this detection or removal. The sample is already detected by WD by local signature so no additional cloud analysis is required and also WD shows a notification when it does that extra cloud checkup which happens for new files only that are not known to WD. I have seen that quite a few times after downloading new safe/infected files. Like I said, WD was disabled before the execution of malware. I not only disabled Real Time Protection, but also disabled it by the Defender Control tool. I also tested Kaspersky to show that both have the ability to remove malware properly post infection. They looked for anything directly associated with the malware, they found its connection to scheduled task, registry entries so deleted those. ESET didn't/can't. All it did was remove the exe file. I can also test the same for Bitdefender but that's not necessary as I have prove my point already. It's not good enough because for some samples, it happens that the user will see an error every time that scheduled task is run. Also you said about OP that there's probably a scheduled task that's causing this. So if ESET could delete the scheduled task and other related items then this probably wouldn't have happened.

Tested Kaspersky and the result is same as Windows Defender. After infection I simply browsed the folder where malware is located and Kaspersky deleted everything. WD even deleted the folder in Task Scheduler while Kaspersky kept the folder which is blank but the task itself has been deleted so the system is clean. Before: After: So, my point about ESET still stands. It can't remove malwares properly. There should be no excuse here. It needs to get better at this. Otherwise the type of infection the OP posted will keep coming back.

You totally misunderstood. By original sample I meant the sample that I had on desktop. That original source had no direct connection to malwares in the Roaming and Roaming/Host folder so both WD and ESET deleted this file alone. But when the file in Roaming folder was accessed by WD it found out that this malware has correlation to scheduled task so it deleted that and related registry entries. The point is that WD's engine can look for that while ESET didn't even bother and deleted the file alone. Like I said, ESET deletes everything in a split seconds, it didn't look for any correlation while WD took its time to check for those. There's no logic to defend ESET here. It's plain and simple what happened here. I'll try checking the same with Kaspersky which is also known to be very good at malware removal.

ESET deleted the file when I right clicked on it and scan with ESET. Unlike WD where it automatically removed everything as soon as I opened Autoruns. The screenshot shows file not found because the file isn't there. The scheduled task itself is still there. ESET didn't do anything to remove that. The files in the Roaming/Host folder was also not touched by ESET until I manually scanned but WD automatically deleted that too even though I manually didn't browse/scan that folder. ESET just deleting file itself, that's it.

It was visible in my system I can assure you that. I didn't capture the screenshot but it was there. I checked it first before checking Autoruns in both WD & ESET cases.

You are right about it I think. Few days ago someone was also telling me that WD has always been good at malware cleanup since the early MSE days. Nowadays according to AV-Comparatives and AV-Test Kaspersky is actually showing better performance than ESET and even in practice it is very light. But because of the rollback feature it probably use some CPU in background because a user on Malwaretips was saying that his laptops battery die out faster with Kaspersky compared to ESET & Bitdefender. It's true. Stopping a threat in the first place is more important so removal is less important nowadays. An already infected system should use separate tools provided by some vendors specially made for malware cleanup. But still ESET should do better. I'm sure you have often seen complaints here on the forum about ESET continuously blocking malware at system startup/browser startup and failing to remove completely. With a better removal engine many of those problems can be reduced I think. But that may slow down removal speed so don't think ESET will make any change here. Yes this should be great since system cleaner tool and system inspector is kind of pointless.

ESET can't but Windows Defender can. Few hours ago I did a test again after you asked. This is the sample I used for the test. https://www.virustotal.com/gui/file/57ffe59f3e0605df528abdabb18a0b191abf4bbd06808f61308796aa337bbd10/detection First tested Windows Defender. Disabled WD completely, extracted and executed the sample. Let it do its job. My main goal was to test startup entry and scheduled task removal. I saw that the malware had copied itself to Roaming and Roaming/Host folder including some other files, created a scheduled task to run at starup. I checked it in Task Scheduler and via that popular Autorun app. Then I manually stopped all the malicious processes, enabled Real Time Protection of WD and let it sit idle for 2 minutes. Then I right clicked the original sample file and WD immediately detected and removed it after few seconds. Nothing was associated with this original file so scheduled task wasn't deleted. I ran the "Autorun" app again to check scheduled tasks and immediately WD detected threats and removed everything after around 8-9 seconds. The sample of Roaming and Roaming/Host folder was removed, scheduled task was removed, including related registry entries as you can see in this screenshot. Now did everything in exact way for ESET by turning off all sorts of ESET's protection then enabled again. ESET removed the initial sample similarly. Then ran the Autorun app and unlike WD, ESET'S Real Time Protection didn't do anything. I manually browsed the Roaming folder, ESET deleted it, manually browsed Roaming/Host and ESET deleted it. In both cases ESET deleted the .exe file only. The scheduled tasks, registry entries etc remained. So I like I said, ESET is not good at malware removal and something like Windows Defender can do proper cleanup removing additional entries even after post infection, even when the malware isn't actively running on the system. So my assumption remained true. ESET basically remove the sample and active process associated with it. It doesn't look for anything else which is the reason how ESET delete every malware in a split second. Maybe it would do better if the threat was active but that wasn't my point anyway. ESET's removal engine don't do enough. Products like Windows Defender, Bitdefender, Kaspersky and some others do further scanning to check for additional related entries like startup and scheduled tasks and remove those if required. They tend to take longer to remove malwares because of this. Anyway, hopefully no one says that the Real Time Protection was disabled so this test is not valid, etc. My intention was to check ESET'S removal ability not protection where Windows Defender succeeded but ESET failed.

In my personal experience it didn't quite a few times. Eg: I executed a new sample for which ESET didn't have signatures and the malware created autorun and scheduled task. Few hours later ESET made a signature and detected the threat but the autorun and scheduled task remained. So looks like if ESET has the ability to delete registry entry, scheduled tasks then it doesn't work very well.

ESET really need to work on its removal engine. I heard that ESET don't use any correlation engine. So for malware removal it only delete the file itself and associated processes but can't delete registry items and important things like startup entries, scheduled task related to the malware, etc. Which explains how ESET deletes a malware in less than a second on average and how malwares often comes back through startup entries and scheduled tasks. Some of the competitors are much better and even Windows Defender is 100% better than ESET at malware removal.

I've sent multiple potential samples multiple times since November 2 and none of the files have been downloaded by a malware analyst. I can tell because it shows how many times the zip has been downloaded and when they did previously it always showed the number which has always been 1 download. But like I said it's 0 for every samples since November 2. What's going on? Are the mails not checked anymore?

@itmanIs it gonna help if he reinstalls Windows from an ISO and while installing remove C drive partition along with recovery, efi, partition. Then Windows will re-format efi at the start of the windows installation process.

Turn it on. It's not related to ESET, it's smartscreen that's built into the system. It doesn't usually turn off automatically so not sure what happened there.