[NOD32 v16.0.22.0 prevents KeePass from using Secure Desktop when unlocking database]

@Marcos you should disable Gamer mode to replicate the problem.

[NOD32 v16.0.22.0 prevents KeePass from using Secure Desktop when unlocking database]

It's happening on my system also, although I had to enable master password on secure desktop in Keepass which is not enabled by default.

[How to make EIS realtime protection exclusion work?]

Hi.

As described here about process exclusions:

Quote

By excluding specific process (for example those of the backup solution) all file operations attributed to such excluded process are ignored and considered safe, thus minimizing interference with the backup process.

If you know which process performs file operations you can add it to the list and all file operations performed by it will not be scanned (no matter in which folder they happen).

File extension exclusions are described here. I don't use them but here is a description of possible use case:

Quote

Excluding files is sometimes necessary if scanning certain file types prevents the program that is using certain extensions from running properly. For example, it may be advisable to exclude the .edb, .eml and .tmp extensions when using Microsoft Exchange servers.

Performance exclusions can be used to white-list folders. You can add there all folders you don't want to be scanned.

Detection exclusions can be used to whitelist specific detected threat. Here is my exclusion for uTorrent which I created during Initial scan detection:

 

In your case I would use either Process exclusion (to list processes that perform file operations) or Performance exclusion (to list folders where file operations happen).

[there is release date of version 16?]

7 hours ago, Stefan_ESET said:

This is to the fact that not all modules are released on release update servers yet (they are available only on pre-release).
When you change from pre-release to release, program does not downgrade, but modules do.

In your case it is translator module 1943 on release, 1946 pre-release (it will be aligned before the official release)
 

Thank you for explanation.

[there is release date of version 16?]

One additional info about reverting to regular updates after v.16 install. Although program itself did not revert to v.15 some options disappeared ( like choosing colour mode). After enabling pre-release updates and updating those options are back again (probably module update). So it's probably not wise to change update type after updating to v.16.

[there is release date of version 16?]

25 minutes ago, Nightowl said:

Possibly it can revert back the program version

It does that for modules , but for product version it can do that also , I never tried.

I tried it. It re-downloaded 175 MB of data but it remained on v.16. In log files it logged that modules were successfully updated.

[there is release date of version 16?]

Here is a screenshot of new setting:

 

I guess that there should be no problem if I reverse to regular update type after updating to v.16?

[there is release date of version 16?]

4 hours ago, itman said:

I will also add, Kaspersky has had a UEFI based AV solution for some time: https://usa.kaspersky.com/antivirus-for-uefi . All that is required is the OEM motherboard vendor has to employ it in its firmware.

ESET can scan UEFI for malware but AFAIK it can't be run from EFI as Kaspersky. Of course this is not related to Intel's TDT protections discussed in previous posts.

[there is release date of version 16?]

7 hours ago, itman said:

Doesn't apply to me or many others using non-business class PC's or one's that use AMD CPU's:

I'm not sure. I hope that home products get those protection also. Another quote from article (my bolding) but I'm not sure that none business Core processors supports ITDT :

Quote

In the first round of releases, ESET will focus on endpoints with 9th Gen and newer Intel Core™ and Intel vPro Windows based PCs, which are capable of leveraging Intel TDT out-of-the-box.

 

[Windows ESET products and Android threats]

Some more info why there is no antivirus for iOS (my bolding):

Quote

Search the App Store and you will find things called Internet security apps. These apps have two things in common: They are not antivirus apps, and they tend to get bashed in user reviews for that reason. As we already said: A proper antivirus solution cannot run in iOS. These apps are not antivirus utilities, even if they have antivirus engines embedded, they are not allowed to scan other apps and their data. That point typically appears in reviews by knowledgeable users, who bash them for not being actual antivirus apps.

https://www.dibrax.com/blog/why-theres-no-antivirus-ios

[What is compiler error?]

11 hours ago, New_Style_xd said:

There is no way to do this because the product does not open. I try to go to windows safe mode to use the tool but it doesn't go to safe mode.
1 - I did a test I removed any program that is on the computer I restarted the machine when I came back the program was there. as if windows had frozen to not let remove any programs on the computer.
2- I went to msconfig to enter safe mode on windows, restarted the computer but it did not enter. entered the normal account, as if it had not saved the settings I put.

To me this sounds like there is some kind of restore software installed (like Deep Freeze or Shadow Defender) which reverts all changes when system is restarted.

[Question about updates when computer is locked]

I don't have screensaver enabled. If I put my system in locked state (Windowskey + L) and gamer mode is enabled, updates are paused.

[Question about updates when computer is locked]

I can confirm that after disabling gamer mode updates are performed when computer is locked.

Thank you @Marcos for your help.

[Question about updates when computer is locked]

Thank you Marcos for suggestion. Will try disabling this option and report back.

[Question about updates when computer is locked]

Hi. Thank you for your answer.

7 hours ago, Peter Randziak said:

Hello,

check the Scheduler, by default Regular automatic update runs each hour.

Also information on tasks' last run is shown there...

Automatic update task is enabled and working without problem when computer is not locked.

Last run time is shown at the time when I unlock computer and automatic update is performed. If I check log files - events all updates are logged there. Non of them happen when I have my system locked.

7 hours ago, Peter Randziak said:

There is also Automatic update after user logon task scheduled, which might explain it.

Peter

Automatic update after user logon is not enabled (default setting). I also did not log out and then log back in, I just locked my computer when I was away.

[Question about updates when computer is locked]

Hello.

I have a question about ESET definitions updates when computer is locked. It seems that during that period regular definitions updates are not performed but only pico updates are downloaded. After I unlock computer ESET updates right away.

Is this how it supposed to be or should regular updates also happen during the time that computer is locked?

[Memory Usage]

For me it's not a problem. Eset probably loads something when it needs and doesn't release it after it's not needed any more. Since it doesn't consume much memory and it stays at 240 MB for me it's really not a big deal.

To be frank I would even like them to use more memory if that would speed up system performance. I prefer for AV to use memory instead of a disk.

[Memory Usage]

I updated Firefox to v.97 and behaviour on my system is the same as before (increased memory usage that doesn't decrease when I close Firefox).

[Memory Usage]

Here is a collected log if it helps to narrow down problem.

 

eis_logs.zip

[Memory Usage]

Another info. If I disable protocol filtering for Firefox, I can't reproduce problem any more.

Well it's not a big problem for me to be honest...

[Memory Usage]

12 hours ago, SlashRose said:

The Browser was Open.

Try going to this site and see if RAM consumption will increase on your system: https://siol.net/

It always does on my system.

[Memory Usage]

For me memory consumption increases during Firefox usage. Usually when I open browser and I browse to few sites, for a moment ekrn.exe uses 100% CPU and over 1 GB of memory. It happens only for a second or two and then CPU falls to normal level and memory usage to about 240 MB. It stays that way even when I close Firefox and it returns back to about 50 MB sometimes later (didn't figure out when or why decrease happens).

[Version 15.0.21.0]

10 hours ago, Marcos said:

You should get an alert like this upon downloading CloudCar from hxxp://amtso.eicar.org/cloudcar.exe

That's strange. In the morning I could not get it blocked ( I tried multiple times), but ATM it is blocked. So it seems that there was some problem in the morning. Not very reassuring but it works now.

[Version 15.0.21.0]

8 hours ago, itman said:

This doesn't show anything related to your problem. You didn't answer my previously posted questions.

As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly.

Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected.

[Emsisoft antimalware]

I suggest that you use their on demand scanner Emsisoft Emergency Kit, which doesn't include real-time protection:

https://www.emsisoft.com/en/home/emergencykit/