rugk

And what email client do you use?

Well... AFAIK you can a also navigate with the keyboard in the graphical user interface. However for screen readers it may be more difficult to handle this graphical UI. It's expectable that the screenreader could have problems with the self-defense. The self-defense is just doing their job and protecting access to egui.exe, so yes a rule is needed for this. No antivirus (in terms of scanning) exception and no firewall exception are needed as it should work without it, but a HIPS rule (which includes self-defense) is needed. And ESS has a HIPS rule editor. However it's quite complex and may be difficult to use. On the other hand I don't think that ESET will add a pre-defined HIPS rule for all screen readers as such pre-defined rules could also be misused (e.g. if a malware imitates a screen reader). But if such a rule is configured once you should be able to let the self-defense (and HIPS) enabled and use ESS without problems with a screen reader. As for HIPS interactive mode it could also be difficult as the interactive mode will block some actions of the screen reader and ask the user what to do. Probably with creating the necessary rules for the screen reader it could be solved, but apart from that I wouldn't recommend the interactive mode anyway as it will cause really many questions. If you still like to control your system you can enable the Smart mode, which will only trigger at suspicious events. Sounds are currently played very rarely, but in situation where a threat is found or a on-demand scan is finished they are there. However an option to expand this sounds may be indeed useful.

BTW you can also disable the notifications completely... (or at least let them display as the "normal" Tooltip) Or change it so that it's 90% transparent. Or change it that it disappears after 2 seconds. You can also change the state (info, warning, error etc.) for what notifications are displayed. However I don't know to which state the renewing notification belongs to.

Yes, that's quite strange... However I think these kind of signatures are also used there. There is even no checkbox in the ThreatSense settings regarding the "traditional" virus signatures, so this is a bit confusing. But maybe they are just always used and you can't deactivate them.

Uninstalling ESET just because of such a small notification? Just renewing is the best solution for your problem. And as you can do this (usually*) also some time before the license "times out" (without loosing the remaining days of course), you may be able to renew it some days before it expires so you won't see this notification at all (or at least only one time). Additionally I think ESET is already quite reserved with this notifications - other AVs have other ways to "notify" the user of this. * in may depend on the country where you bought the license

@Mrzocor I think you're completely wrong with this question in this topic. However here are detailed explanations about the two modes and other information how to configure it more specifically: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2909#advfeatures To short it I would say a Smart scan is enough for a normal usage. Maybe a rarely in-depth scan may be useful, but you have to decide this by yourself.

About your update issues I think @yongsua may be right. However it would be good to know what the update logs say. But if it is such a "no connection" issue then maybe you can try some tips mentioned in this topic. At least for troubleshooting this could be useful.

And? Did this changed in the meantime?

About AV-Test it's really strange how they get these performance results. But this was in every AV test like this so personally I don't care about this AV test result. Instead of this many users can confirm that ESET runs very light on their system (see @SweX signature e.g.) and also AV comparatives confirmed this last year. So these tests are really only a test. Trying out by yourself is always the best test. Also have a look at this topic: Why does ESET always perform bad in AV tests?

In automatic mode this communication should always work.

No it's not really programmed "to load before everything else" and of course legit programs are always allowed. What sense would it make to block such programs? And you could of course even allow malicious programs (or PUA) by excluding it from scanning.

It's also good to note that there is another possibility: idle-state scanning This way it will only "stress" your system if you are using it.

About the cloud service I'd like to add that there are many cloud services which also store older versions of a file, so you maybe would also be able to get this older (unencrypted) version. About your heuristics question: Yes it's more or less a heuristic detection, it's a generic signature. More information you can find in this a bit old, but (I think) still valid PDF file: hxxp://static2.esetstatic.com/us/resources/white-papers/Understanding_Heuristics.pdf A normal signature detection is of course without this "a variant of...". Edit: Because of Marcos reply - Okay call them "smart signatures" or DNA signatures - it seems as it was previously called "generic signature".

This was surely not ESET. The default value for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute is "autocheck autochk *". So maybe it wouldn't be a bad idea to change this value. More information here: https://technet.microsoft.com/en-us/library/cc771787.aspx?f=255&MSPPError=-2147217396 https://superuser.com/questions/452131/bootexecute-what-is-autocheck-for

@yongsua Yes, to show this in the interactive alerts/questions is a great and useful idea. I already had the issue that ESS showed "rundll.exe" is attempting to connect to a site (e.g. with OpenCandy) and I don't know which process it was, because there were running multiple instances.

At first I think it's also on Linux not a good idea to run two antivirus software together. AFAIK it is this way. I assume the version for Linux will work like other ESET software too. Yes heuristics are used of course - for any filetype. About MIME: I don't know if ESET scans mails. Yes at the detection of PUA ESET is very good. Just look around here and you'll find many things. I think most joke programs are also detected as PUA. Yes of course, all files in archives are also scanned.

Great, @metaller. But how do you got out that he is using the free version of EMS?

This one? https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol This is just a protocol. If you have problems then they must be caused by a application using this protocol.

Ehm... no. At least it isn't stated there... But if you remember them you can of course "put them back" if you like to do. About what driver is installed in NOD32/ESS I'm also not sure. However I now assume that both of these drivers are installed. Just keep on thing in mind: AFAIK the drivers (or maybe not all?) are not installed on machines with Win XP or earlier. It would also be useless, because the WFP is not available in these Windows versions. But maybe there are other drivers which are installed for Windows XP instead of them. Hmm... maybe a moderator can clarify this unclarities.

A virus causing BSOD - unlikely. However there can be many issues for BSODs. The best way would be to note the error name it shows there and search this. Then you can get an impression what this is causing. I don't think this issue is related to ESS, but however here are the instructions to create a memory dump. As the BSOD happens already "voluntarily" you don't have to follow the instructions at the end.

Zones are just lists of IP addresses. I think the zone you talk about is the "Trusted zone". This is only set when you select the network as "home network". This zone represents the LAN. The IDS like we name it here is a NIDS. HIPS is another thing, but similar (based on the name) and so they have both the same aim: to prevent intrusion. (about your first point) This has nothing to do with zones. Use rules if you want to allow or deny communication. But of course in this rules you can include the "zones". (e.g. "allow inbound communication for X/Y from the local zone") IDS has nothing to do with zones or the firewall. It happens independent from these components. (however it may be react differently based on the chosen network mode and whether some data comes from the local network)ARP spoofing attacks are of course always blocked. Of course! (about your third point) Just choose the network mode you like. If you want to "hide" your device from other hosts in the LAN just choose Public network. However - of course - you won't able to use file/printer sharing. The necessary communication from your router to you is always allowed.

Normally ESS or NOD32 shouldn't prevent any defrag software from using/installing/uninstalling or whatever. Also defrag software is just a piece of software. All things should work well without any waiting - if not then you have problem.

Haha, SweX, nice find.

And if you're using a product for Windows: Did you tried this? How do I manually uninstall my Windows ESET product?

Yeah, I already thought that you meant this. But as you see there is such a day...