rugk

And what about the other things which are described in the article? There are more topics about this error here: https://forum.eset.com/topic/3778-error-updating-signature-error-0x1106/

If a file is modified for which there is a rules created and if the firewall is in interactive mode then you will see a question asking you whether you want to allow the connection with the modified version too. And this refers to Windows files of course too. So if a legitimate process is "injected" then you'll see a message about this when it is trying to connect to somewhere

Very thanks to @esetglobal for posting this. And of course also thanks to International Business Times (IB Times)... Debunking the Hollywood hacker myth: Inside a real cyber-security command centre www.ibtimes.co.uk So have a look into it...

Decent suggestion you made, but could you please avoid full-quotes. You don't have to repeat every time what you said.

Yes and I'd you're using Android 4.4 (or higher) no blocker (maybe except of pre-installed "system app" or the SMS app itself) will be able to block the SMS. You can also find this note in this kb article: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3284"]hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3284

Okay, when it's just to distinguish the Ethernet connection from a VM connection then why not use the other factors? There are much more and if you didn't disabled them in the default configuration it should be recognized correctly. And if you have changed the settings or they are (for what reason ever) not specific enough why not do it like I already said?

... or plug your SD card into your computer (maybe with an adapter when you have to) and recover the files with a tool on the computer. There you have more processing power! If you saved the pictures in the internal storage then - depending on the device - this maybe doesn't work.

Thanks, @Utini. And what does ESET say about this?

Okay, this has nearly nothing to do with "default deny", but I think this is what you may think of: Description: Live Grid execution blocker unless file is known safe.

Yes, you already said this. This could be an idea, but it can even be very bad if the DNS server is compromised or there is a kind of "DNS server malware" on your computer which redirected all DNS queries to a fake/another/bad/... DNS server. So to use IP addresses there is more secure. Yes great idea. I think you mean something like I described in post #149 in this topic[/topic]. Well, maybe this can be an idea. Although svchost.exe of course does much more than just Windows updates. What rules? Do you mean the firewall rules? I think it's quite good if not too much rules are created by default... Yes, that's a great idea! A search function would make it much easier if you want to find specific rules. Thanks! But also have a look on my update I added there. So you can make ESET already detect OpenCandy. Thanks too! I also think this could be a good idea. That's why I made the post.

Now a small update about this. I said OpenCandy wouldn't be detected by ESET - this is not (completely) true. It is detected - but only as a potentially unsafe application. These are "legitimate programs whose function is to simplify the administration of networked computers. However, in the wrong hands, they may be misused for malicious purposes." (source: product internal help of ESS). Please note: Don't confuse this with a PUA - a potentially unwanted application. Although I would rather classify this OpenCandy as a potentially unwanted application, a PUA is something different. About a PUA you can read here more: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2629 (The term PUA is usually used for potentially unwanted application and not for potentially unsafe application.) But back to the potentially unsafe application OpenCandy... If you want to detect it, you have to enable the detection of them. It will be detected as Win32/OpenCandy. So you have now a third way how you can prevent this PUA from being installed. However if you enable to detect them it will mostly delete the whole installer file, so you can't use installers with OpenCandy. In my other solutions you can still install the software - just without OpenCandy. Here some screenshot from the detection (as an example I used the installer of ImgBurn):

Oh great, thanks! It works! Now even visitors can simply watch e.g. this "image collection" of pictures from the ESET robot: Picture gallery of ESET robot/android - CD/DVD Cover for ESET SysRescue (Live) - ESET Wallpaper Great!

And just FYI here you can find more information about the "cleaning modes": How do I change the scanner's default response to a virus detection?

In fact, it's a must to update an antivirus product as frequently as possible and your advice suggests the opposite. If you do that at your own risk for whatever reason, please do not suggest it to other users. Yes, and I highly assume that this setting has nothing to do with "Flight Simulator X". And FYI the VSD updates should already suppressed by the Gamer mode automatically when an application is running in full screen mode.

I would suggest you to also follow Marcos instructions and PM him with the result.

Can you make a screenshot of the window where you have to select this? Edit: Now I found it: Deep in the settings... Or this way (there it isn't such "deep"): Now to your problem: If you're not using a virtual adapter what are you using? - a LAN connection with a physical adapter I think... So why do you want to change this setting? In the automatic settings ESS already authenticates the network correctly. Additionally you could even deactivate the recognition with the "network adapter" completely, but I think this isn't what you want. So what settings does ESS select when you click "Populate with selected connection settings"? Maybe you use a special network card which isn't recognized correctly. Additionally it would be good to take a look what Windows "says" about the network card. Type in "View Network Connections" in the control panel and look what it states here about your network connection:

You have also the possibility to activate the interactive mode. Then you will get a allow/deny-question when an application is trying to connect somewhere and there you can also create rules and specify all the things you like (when you expand it with "show advanced options")... There you even have a button "custom rule" where you get the "normal" window for adding a rule - just with the difference that the settings you set in the notification will be shown there too and you can "fine-tune" them. ANd also with HIPS (in interactive mode) you have a similar possibility: I tzhink this way you can see not only what ports (and other things) are used/needed, but also create the rules easier and faster. If you want this I think you would have to specify not only the port, but even the IP addresses and that is time consuming.

@planet AFAIK even when Windows Defender is deactivated the signatures are still downloaded. @Spencer Also check the update history of Windows (you can view it at the left of the Windows updates window) and check if the update with which you're having problems (KB915597) is listed there. Of course also check whether it was installed successfully.

So you do not want to extend the username/password license, but you want to reset a password? So what password do you want to reset? If it's the password of the myESET account then you can do this here. Or what password is it? Additionally it may be useful to know in what country you live.

You haven't said what Windows you use. I think this is quite important for this issue. Also I think this issue has nothing to do with ESET - expect of the explanation Marcos gave - but if you say you validated it by phone then it should be valid. However what happens when you try the validation when you reinstall ESS?

It already had endpoint security before... But it was only an antivirus... now there is the "complete security suite" - the business version of ESET Cyer Security Pro. Here you can still see the old site with old screenshots: hxxp://www.eset.com/int/business/products/antivirus-for-mac/

Just to make sure you understand it correctly: When downloading ESS v8 e.g. it already includes the modules - yes -, but after this modules are constantly delivered through the VSD updates. So they change gradually and maybe an issue only happens with a specific version of a module.

Okay, great. We look forward to hear your opinion...

Zones are something different than rules. Firewall rules are only created automatically in learning mode - that's correct. But zones are one or more IP addresses - and some are created automatically from ESS when it detects a connection to a new network. @xxignis Great that you found the cause of the issue or at least a workaround. But it's normal that there are 3 zones which names are like this: DnsIp:<one or more IP address(es)>_DhcpIp:<one or more IP address(es)> In my case some entries there have the IP adresses "Subnet: 192.168.0.0 / 255.255.255.0". Please note that this "value" is a subnet so e.g. 255.255.255.0 contains all IP addresses (the address range) from 192.168.1.1 to 192.168.1.254. As this zone is automatically set by ESS as a "trusted zone" (when selecting the network as a home network) there should only be added local IP addresses. So, xxignis, what zones are set in your case and what zones you deleted? And what zone do you added afterwards you deleted the old zones? FYI there is also a zone "trusted zone" - this seems to be also automatically generated, but in this zone only contains some IP addresses and when you delete them (only the addresses - you can't delete the whole zone) there is a button "add automatically...", so maybe this adds something different (automatically) when you use it.

Okay, at first I tried to look for a description on the virusradar site, but there seems to be an error with the Android/Appinventor entry. If you click on the descriptions you will only be redirected to the page for the latest descriptions and you won't see any description for this detection. But I did what you say and created my own small apk. And when testing the detection with ESS and EMS I found something important out! This apk was detected as as a potentially unsafe application - don't confuse this with a potentially unwanted application (PUA)! (When we use the abbreviation PUA here it means normally "potentially unwanted application" and not "... unsafe ...") In the second pictures you can see a short description of a potentially unsafe application - it is legitimate, but it can be misused. And just FYI (and as an information for ESET): The link "more information online (only in English)" only shows the "homepage" of the ESET knowledgebase, so I don't get any more information and I also didn't found a specific kb article about "potentially unsafe applications" in the kb when searching manually. I don't know how exactly this apps can be misused - maybe they cause a security risk somehow... I don't know how this created apps work, so I can't say how they can be misused... BTW the apk is detected on virustotal from ESET too, but in this test no other vendor detected it. VSD versions I used: ESS: 10873 EMS: 5265