rugk

No, not "incorrect" and I don't care how "reputable" majorgeeks is. The links from Neowin and Softpedia you posted also download the version signed in January 2015 (276EE97F9E4409F2FB222F0EE13E99B35612FB32) so maybe majorgeeks just linked to the wrong version, which is indeed an older one. So obviously ESET has just don't updated their (download) sites, but the download already downloads the new one.

That's interesting. On all ESET sites it states v 8.0.304 is the newest. But they are indeed different files (SHA-1): Majorgeeks version: B60BCB86814FDA5786CE6D93CC87734627CC99A9 (it's the same regarding less whether you use normal Download button or "Download@Authors Site (32 Bit)") Majorgeeks 64bit version: 15C6C1A2AC5284645EC63A319FE11E9B8FD5BF4A (button: "Download@Authors Site (64 Bit)") v 8.0.304 from eset.com (32 bit): 276EE97F9E4409F2FB222F0EE13E99B35612FB32 So the difference between the download links is the following: hxxp://download.eset.com/download/win/eav/eav_nt32_enu.msi (official download link) hxxp://download.eset.com/eval/win/eav/ENUV8/eav_nt32_ENU.msi (majorgeeks link) So what is this eval/ENU version? Edit: Okay, I checked the signature of these installers. Both are singed by ESET, but the majorgeeks version was signed at September 2014, so it's much older than the official version: So I wouldn't recommend updating NOD32 with the majorgeeks version.

Also this statement on both sites is surely not correct: AFAIK this isn't possible, because the VSD, which includes these detections, is updated every 60 minutes by default.

Here is a complete instruction how to do this: How do I find the automatic memory dump generated after a system error and send it to ESET Customer Care? Instead of sending it to the customer care just PM it to Marcos.

AFAIK in Windows Vista and above Windows doesn't use C:\WINDOWS\Tasks anymore. You could try blocking the access to "C:\Windows\System32\schtasks.exe" (so that it can't be run), however this would only block the commando line tool and this wouldn't help very much as there are other ways to modify tasks. Edit: No they are still stored in the file system but mostly under C:\Windows\System32\Tasks in Windows 7. Source: hxxp://stackoverflow.com/questions/2913816/how-to-discover-the-location-of-the-scheduled-tasks-folder So this way if you block access to both directories C:\Windows\Tasks and C:\Windows\System32\Tasks you should be able to protect the tasks from changes. Edit2: If you're running a 64bit version of Windows then you may also block access to C:\Windows\SysWOW64\Tasks.

Now it seems as it was deleted... A few minutes ago I could access it in the Chrome store, now it only displays an error. ("Item not found. This item may have been removed by its author.")

Okay. But the much more important thing is the root certificate. So AFAIK the Levono tool doesn't remove the root certificate, so how does the ESET tool? @SweX Sounds good. So the root certificate too?

No, but nearly real. So you could simply try it out and if you can reproduce it then you know that you can reproduce it. If not then not. And of course you can also test it on a real system. If you have installed the software anyway. So am I right that this issues described by the TS currently doesn't happen on your system (ESS + EaseUS Todo Backup Free)? There could be some drivers... @josifusz Just to make one thing clear could you answer this question with yes or no? Did you see any alert from ESET about a malicious file/website/... related to EaseUS Todo Backup Free? If not why do you think it's malicious? There could just be some incompatibilities or other problems. The problem could also be on ESETs site or it could be fully unrelated to EaseUS Todo Backup Free. So if you install ESS and EaseUS Todo Backup Free this issue happens? And if you uninstall EaseUS Todo Backup Free after this it's okay again?

Okay, so it seems stuck. And you're sure this has to do with EaseUS Todo Backup Free? BTW did you noticed that (in your first video) the disk usage of the Disk 0 was 100%?

It's already there. Just click on "configure HIPS" and you'll get a huge rules editor where you can add very specific rules. Yes, that's expected. But nobody forces you to use the interactive mode. And if you create some rules (e.g. with the learning mode like you did) then you get less prompts. If a rule was correctly created then it shouldn't be blocked. If it still does then it surely wasn't created correctly or only a similar rule was created which doesn't cover the actions the application did later. For troubleshooting this we would need to know the exact application, HIPS rule(s) and more information about how you Yes, this is expected in the policy-based mode. In this mode HIPS only applies the rules and blocks every other action. And again if you want to receive a prompt you have to use the interactive mode of course. Great, so you found the mode(s) which fit's to you. That's the sense of these modes. Use the one you like. And as you complained about the crowd of messages from interactive mode I would have recommend you the Smart mode anyway. There you have a huge "whitelist", so you will only be prompted for very suspicious actions.

@josifusz The links to the videos you posted are private.

Another way would also be to follow this instructions: How do I enter my Username and Password to activate ESET Smart Security/ESET NOD32 Antivirus? However if there happens really nothing if you click "Activate now" there could really be something wrong with the installation, so I would also recommend reinstalling ESS.

Okay, if you're experiencing the same issue then you can follow the things I said to @josifusz. However I'd like to say again that he didn't mention that he started a computer scan, but... It's not really a button (it's rather a kind of tab), but there is no other button in ESS which has the same label. The buttons to start a scan are either "smart scan", "userdefined scan" or "restart last scan". Other buttons are "Scan" or "Scan as administrator". Okay, great.

However to use ERA you also have to use the business products from ESET. As I assume that you don't have 19 computers in your home LAN it might not be a problem and you can use ERA to fully manage all clients from one point.

No the TS didn't run a scan. He just clicked on "computer scan". But I think we should stop speculating what the cause could be until the TS clarified this a bit. @josifusz Also a screenshot of the "stupid behaviour" would be very helpful.

I think it was not detected by ESET at all... If it would have been detected by ESET he would known it and wouldn't be "almost sure" that there is malware... Also keep in mind that he installed this software before he installed ESS, so ESS couldn't detect the installer (e.g.) he used. Could you clarify this, @josifusz? And if it was detected by ESS could you please post a screenshot of the detection message?

ESET (respectively ESS) has never said it would contain malware. The one who said this is, @josifusz. And he could solve the problem by not installing it. His assumption was it contains malware. However I would rather think it's a incompatibility between ESS and EaseUS Todo Backup Free. Maybe report this to EaseUS Todo Backup Free if this should be the case. The issue @Marcos was referring to was this one which had not many to do with another software, but with devices plugged in which were sometimes causing the issue.

Normally if you uninstall ESS in the usual (not safe-mode) uninstaller it keeps the quarantine files, so they should be there. But please note that you have to install the same ESET product otherwise nothing may be shown in the Quarantine window. As for ESS the files should be located at %localappdata%\ESET\ESET Smart Security\Quarantine.

Yes I would also like it if you could in some way prioritise and I already suggested this a quite long time ago. How it works (with sorting the rules or whatever) is not such important, but if it would be possible it would be great. So in your case maybe the rule for "Firefox - all all connection" is considered as a more general than the rule "All applications - block access to IP01, IP02, ...", so maybe it could work if you try to make the second rule more specific. So maybe change the second rule, so that it also applies to Firefox, i.e. "Firefox - block access to IP01, IP02, ..." is maybe more specific.

Here is now also a English article about this update: Update for Windows 7 and 8.1 silently installs Windows 10 downloader And I tested the installation now in a VM and no it's still an "recommend update". However as I already said also recommend updates are downloaded like other updates if the option in Windows updates is enabled. And AFAIK this option is enabled by default and so many users will get this update.

@Marcos Yes, I can fully agree. @Matrix Leader The possibly slowdown is also the reason why I added this: So if you really don't want this top start when the system starts then at least configure another startup file scan which runs daily (or any other period you wish), so the scan will still be executed. (Keep in mind that there is under "Scan priority" even the option "when idle") BTW you can of course also do this if you leave the "normal" startup scan task enabled and configure your own startup files scan to scan "All registered files", so that a "deeper" startup scan will be executed in addition to the default startup scan.

@SweX WOW, I didn't know that ESET published their own tool to remove it. Great... However in their KB article they linked to the official tool from Levono, so what's the best way? Use the ESET tool or the Levono tool?

I only want to wake up this thread for a link to some information how to remove Superfish: https://forum.eset.com/topic/4582-superfish/ Just because I want to add that ESET also offered a free tool for removing Superfish. BTW also interesting too see the statistics on virusradar for Superfish.

The way ESS applies the rules is simply to explain: The more specific a rule is the later is the rule applied. So more general rules should be overridden by more specific rules. And if it really shouldn't work you could also use block the sites/IPs by the web protection.

I think this block is maybe a block from Firefox. Many browser also block malicious downloads. So as this file got blocked by seemingly 1000 parties I really would stay away from it. BTW under what name is it detected from NOD32?