Microbe

Thank you Marcos, i will let our client know about the above information. Thank you very much!

Hi ESET Team, I asked the client if they have existing Mail scanner, but he is not sure I am not sure how to answer the question about mail scanner. With respect to Eset, we are using Eset Protect Cloud for the office - the installation is standard and we did not set up anything special re mail scanning. Obviously once emails are downloaded to the relevant workstations, Eset Endpoint Security will scan. I attach a screenshot of how the "disarmed" subject line looks. I also attach a screenshot on how Web and Mail appears in my desktop. Most is greyed out, managed via cloud as standard. The change to have "disarmed" attached to the subject line started only yesterday and does not seem to affect all emails. I also attached the screenshot of the (disarmed subject line for your reference) SCREENSHOTS.zip

Hi ESET Team, See the below concern of our client: Since earlier today I notice emails coming through with the subject line {disarmed} before the subject - this so far affects at least two different accounts. These are very standard emails and I don't know why these emails suddenly have this additional flag. Has anything changed in how Eset Endpoint Security is handling Email processing? I would like to ask, is there steps that we need about this case?

Hi ESET Team, Thank you for your reply. Is there any plans in the future to have the option to disable notification for completed scan ? Cheers, Gil

Hi ESET Team, Is that possible to disable > 'Notification' once the scan has been complete I hope you’re well, I’m hoping you can help me with a notification I can’t track down. Staff are intermittently receiving a scanning complete notification since I enabled informational level notifications for the live guard notifications I wanted, I’ve checked both “Notifications > Application statuses” and “Notifications > Desktop Notifications” but I can’t find where this setting is enabled/disabled in our policies, can you point me in the right direction?

Thanks Gil. I don’t think my experiences exactly match with this reply, but it’s okay to close this ticket now. I’ll monitor over time and see how it all goes now that the main problem thankfully seems to have been fixed by the new program version. Thank you ESET Team

RE: #CASE_00722503 Hi ESET Team, Any updates from this ticket? , see the below response from our client "I can get in now, but the issue of it taking 3-5 minutes to load the page is still present." - our client Note: I believed ESET AU already submitted the logs to your Team (ESET HQ), can you give us an update about this case Thank you very much!

Hi ESET Team, See the below information from our client, it seems that he do not need to send the logs for us , but he has additional question, check his response with blue color. Thanks , however I can save ESET HQ time and effort looking into logs. I’ve re-checked scans since the upgrade to v17.1.9.0 and the main issue seems to have been fixed. On the device I’ve been using for tests, I don’t think I’m seeing an improvement from multi-threading, but significantly it does now seem to be doing the type of scan that’s actually been selected. That means a Smart Scan isn’t doing an In-Depth Scan any more, thankfully! Instead of scanning 4.8 million objects as a “Smart Scan”, taking 15.5 hours, including archives etc when it shouldn’t, now it scans 1.4 million objects and takes around 4 hours. I can live with that. So … I’m happy to move on from that problem for now, and just keep monitoring. I’ll get back if something goes amiss. A few things are still unresolved though … I’m still confused about Smart Optimisation. On a small file set, a Smart Scan done after the software version update took 19 minutes, and then a second scan of the same files straight after that took just 3 seconds! so a clear benefit there, and that’s what I’d expected from Smart Optimisation … but two Smart Scans of the whole system done back-to-back using v17.1.9.0 showed just a 20% improvement between the scans in time taken, and almost no change in numbers of objects scanned. So, that inconsistency is very hard to understand if indeed Smart Scans “prevent files that have not been changed since last scan, from being scanned AGAIN”. Any clarification you can provide about this will be appreciated. On the other issue, the problem of folder shortcuts leading to scanning duplication is still happening with v17.1.9.0, so this is still outstanding: The existence of file or folder shortcuts shouldn’t lead to ESET re-scanning all the same objects, should it Gil? ESET HQ: With Smart optimization it's likely that a file referenced by a shortcut would not be scanned again if it has already been scanned. ESET HQ seems to be answering this by saying what the program should do, but that’s ignoring what it does do. I sent examples from scan results that readily show the same files were scanned as many as four times, simply because there were shortcuts to large folders. (That file is attached again.) I agree with ESET HQ, that certainly shouldn’t happen, but it does. The problem should be easy to duplicate. I get around it now by removing large folder shortcuts from scan file sets, but surely that shouldn’t be necessary as ESET HQ’s reply above would also suggest. And, also regarding file sets, one other recent observation is intriguing as well – I noticed a recent scan was spending quite a bit of time going through many objects in “C:\System Recovery\Repair\Backup\ …”. When I checked that hidden directory, File Explorer said access to it was restricted, but it was empty anyway, so … Why/how can many, many objects still be scanned in that directory if it’s empty? And can I just exclude that directory without any issue? Thanks, Darryl updates _scan examples.pdf

Thank you ESET Team, I will send the require logs, once I get it. Thank you very much! Cheers, Gil

Hi ESET Team, The reason why i posted (copy and paste ) the concern of our client is because he was doing testing related with this concern, We hope that you will be able to help us give them the recommendation and answer that he need. New information Meanwhile, I’ll provide answers to their questions, but in doing some related tests, I have some new significant information as well. Please bear with me as I go into some details, and then please pass on what I’ve found to ESET HQ. It might be related to the known bug that ESET said they’re aware of in their email of 26/3 (see the message thread below). Firstly, to answer ESET HQ’s questions, there’s a lot of inconsistency between scans, but the latest results of a full PC Smart Scan, with Archives supposedly disabled, and Smart Optimisation supposedly enabled, showed it scanned 4.8 million objects and took 15.5 hours. This was also with duplicates removed, which I’ll go into in more detail below in “Scanning Duplication” because scans are much longer when files are scanned multiple times, as you’d expect. It’s these sorts of numbers I haven’t been able to understand (especially when a second scan done soon after will look fairly similar, apparently not reduced by Smart Optimisation), and is making scans non-viable. From what I’ve seen just lately, the problem isn’t caused by any user files, and may not be related to any files at all. This is what I’ve found… As ESET HQ suggested, I tried to look at some folders that I thought might have been contenders for taking an extra long time, and this showed something very interesting. When I scanned three selected file sets with Smart Scan settings, they were surprisingly quick, but what I noticed was that the reported exceptions that always come up in my weekly Smart Scan results for these particular file sets (like “Error reading archive” and “Archive damaged” and so on), didn’t get reported. That’s probably what should be expected from a Smart Scan, but it’s not what I actually see in my weekly Smart Scans. I was suspicious about this, so I experimented with a hunch … I did a re-scan of these same file sets with the In-Depth Scan setting. I’ve never used that in any of my scans, or in the weekly scans, but it behaved just like my weekly scans. It was much slower, and it DID report all the same exceptions that I see in the results for these same file sets in my supposed Smart Scan weekly scans. It'll probably help if I give a specific example. This is a message that comes up in a scan result from an In-Depth Scan: “C:\Users\dw_001\Documents\Business\Insight Resources\Community Websites\templates\Hitech\_vti_cnf\Hitech.zip » ZIP » - archive damaged”. This doesn’t come up in a Smart Scan of a file set that includes that file, as expected because that scan type excludes archives, but it DOES come up in my weekly scans, which are Smart Scans and supposedly exclude archives. How can that be? It makes it seem as though the weekly scheduled scan is behaving very much like an In-Depth Scan, NOT as a Smart Scan. I’d previously reported on 10/4 there was a problem with Archives being scanned even when they’ve been disabled in the scan type (e.g. Smart Scan). Unfortunately ESET HQ didn’t respond to that, but it turns out the problem could be that the Smart Scan selection is strangely being ignored and something like an In-Depth Scan is being performed instead. That would explain why I’m not seeing any benefit from Smart Optimisation as well I guess, because In-Depth Scans don’t include Smart Optimisation. Tests just with the three selected file sets show a massive difference between an In-Depth Scan and a Smart Scan in the speed of the scans, the numbers of objects scanned, and the results reported. The only trouble is, from my real-world experiences, it looks like I haven’t been getting the benefit of a Smart Scan in my weekly scans. It always seems to revert to something that looks very much like an In-Depth Scan instead, and takes forever. Even more oddly though, while the weekly full PC Smart Scans are consistently behaving in this problematic way, unfortunately I haven’t been able to duplicate the problem with a smaller file set, so that’s extremely confusing. The documented results are very clear, but it’s totally illogical, and computer programs are supposed to be logical, right? Can anyone shed any light on all of this? Why/how could a Smart Scan actually act more like an In-Depth Scan, but only in some circumstances and not others? Before you say that can’t happen, please remember I have scan result documentation that shows it has happened. Scanning Duplication Secondly, what I alluded to above regarding “duplicates removed”, is that there seems to be a software bug, or at least a programming oversight. I raised it in my email of 10/4, and attached proof that shows if there are folder shortcuts selected in the scan file set, those files are re-scanned in addition to the original file set, so the same files are scanned multiple times. ESET’s 11/4 reply to that follows, and my new response to that is in blue … The existence of file or folder shortcuts shouldn’t lead to ESET re-scanning all the same objects, should it Gil? ESET HQ: With Smart optimization it's likely that a file referenced by a shortcut would not be scanned again if it has already been scanned. ESET HQ seems to be answering this by saying what the program should do, but that’s ignoring what I’m saying it does do. I sent examples from scan results that readily show that the same files were scanned as many as four times, simply because there were shortcuts to large folders. (That file is attached again.) I agree with ESET HQ, that certainly shouldn’t happen, but it does. The problem should be easy to duplicate, so please do that and then hopefully it can be addressed. I get around the problem now by removing the folder shortcuts from scan file sets, but surely that shouldn’t be necessary as ESET HQ’s reply above would also suggest. In conclusion I expect I may have to abandon weekly scans unless someone is able to make some sense of what I’ve found, even though abandoning scans would be a concern because past scans have actually found malware that wasn’t picked up by Real-time File System Protection. I’ve spent a lot of time trying to understand some apparent idiosyncrasies and unpredictability of ESET scans so I can use them productively, and I know there’s again a lot of information in this email. Hopefully with all this information, your own tests and analyses will now be able to identify causes and resolve the issues I’ve come across … for everyone’s benefit. NOTE : I also attached the file that we received Cheers, Gil scan examples.pdf

Hi ESET Team, 2 of our customer encountered the below error from the image 'synchronization was interrupted' Action taken: We tried to ping "edf.eset.com" n- but there's no signs of blockings Our client said they don't have any 3rd party firewall then when he tried to open the console using his mobile phone using hotspots problem still exist Can you help us on how to resolve this issue. Cheers, Gil

Some of our customer i mean, encountered the error even us Cheers, Gil

Hi ESET Team, I would like to verify the below screenshots, most of our MSP client encountered the pop error - can you advised us if there's any maintenance with ESET or what is the things that we need to be done. We are able to open directly our ESET Protect, ESET Inspect and ECOs by going to the directly link but with MSP this error shown. Cheers, Gil

You can close this case now. Thank you Cheers, Gil

Hi ESET, Sure, thank you i will passed the above information to our client Cheers, Gil

Hi ESET Team, See the response from our client: I just wanted to confirm with you if (a) this notification is an ESET error, or (b) the notification is a microsost edge errors or (c) is there actual risk of malware and (d) finally, do I need to reinstall ESET? Though we are able to provide him an information for his question above, but he is still have questions: thanks. But why is it trying to connect when there is no website and you are only trying to delete browser history. I get this notification rarely on startup otherwise only when i shut all tabs and only clear browser history. - Our client . Cheers, Gil

Hi ESET Team , Can you help me to answer the above question from our client. Cheers, Gil

Hi, The screenshot of the notification is below, followed by the information for your points below it As you can see in the screenshot above, although camera is blocked in edge, every time I clear browser history I get the webcam access blocked notification visible on the lower right.

Hi ESET Team, See the below details from the client: Note: That I only send the information to our client - so I didn't give him any response that I am not totally sure, that's why I posted here to our ESET Forum - I hope that you will understand See the below response with our client - the answer is highlighted with color blue Is my understanding correct that module updates “clearing the cache” between scans removes all the potential benefit of Smart Optimisation? No, whitelisted files will still be omitted from scans. Only non-whitelisted files will be re-scanned after a module update. Ok, thanks. So … I might be misunderstanding “whitelisting” etc. The reason I’m trying to understand this better is it’s key to making sense of what I’m seeing in numbers of files scanned and length of times for scans, and how I need to manage those things. I’d really appreciate your continued help with this please. Previously Gil said in an email dated 12/3 (included in the message thread below): “The basics behind the Smart scan is a proprietary technique that ESET uses to check digital signatures, time-stamps, and prevent files that have not been changed since last scan, from being scan "AGAIN" on the next scan you perform that uses Smart Optimization.” … Please confirm this is what’s supposed to happen. It's critical to know this, because it would mean two scans done closely together when there’s been no file activity between them should lead to the second one taking almost no time at all if the first found no malware (because virtually all files should be skipped in the second scan). Should that be true? Maybe this isn’t what you mean by “whitelisting” though. What are you referring to as whitelisting if it’s something different from this? Cheers, Gil

Hi ESET Team, What is the best recommendation about this issue? Even though I have blocked Microsoft edge from accessing my camera, every time I delete history or adjust settings I get an ESET notification that microsoft edge tried to access my camera and was blocked. Weird. I haven't visited any malicious sites or links, and both the eset antivirus update and windows update are working fine. The computer scan also did not reveal anything. I have also updated microsoft edge and reset/refresh it on a few occasions. I believe the system has also sent you logs / technical data. Hence I just wanted to confirm with you if (a) this notification is an ESET error, or (b) the notification is a microsost edge errors or (c) is there actual risk of malware and (d) finally, do I need to reinstall ESET?

Hi ESET Team, Thank you very much for the response, I will inform them and forward the above information. Cheers, Gilben Castro

Hi Marcos, He emailed us today, can you check the below information for us? Hi again Gil. Sorry about this, but is it possible to reopen this ticket? More information has come to light. When I closed the ticket, based on your previous responses I’d decided to persist with using standard Smart Scan settings for weekly scans, at least till version 17.1 is released, but strangely, things have gotten out of hand again. I’ve made new observations and now have some questions about Smart Optimisation, scanning duplication, and archives Gil... Smart Optimisation On one of our PCs in particular, I’m again seeing crazy long scan times, even using the “out-of-the-box” Smart Scan options (Email and Archives disabled, Heuristics and Advanced Heuristics enabled, and Smart Optimisation enabled). The system only has 456gb of disk space in use, but a scan of the whole system took over 29 hours on 31/3. That’s just totally impractical, so it’s prompted me to watch closely again. Admittedly, the internet wasn’t connected for most of that scan due to a wireless problem, but when I redid the same scan a week later, that time with the internet connected, it still took 24.5 hours. The detection engine version numbers were different for those two scans, but there’d been almost no activity on that PC through the intervening week so it’s hard to understand why they took so ridiculously long. Maybe the somewhat improved time of the second scan related to it being internet connected (?), but it’s hard to see any benefit at all from Smart Optimisation. Virtually all the same files had been scanned just a week prior with no problems detected. My understanding of ESET Support’s response about this is that Smart Optimisation won’t show any benefit if there’s been a module update between two scans, because the cache will have been cleared. I’ve seen that even running two scans a few hours apart, the detection engine version can change. Updates are so frequent, this would suggest there really is virtually never going to be any benefit from Smart Optimisation because the cache will almost always be cleared between scans. So, here are my questions about this: Is my understanding correct that module updates “clearing the cache” between scans removes all the potential benefit of Smart Optimisation? To better understand scan results, if a file is skipped because of Smart Optimisation, is it excluded from the files counted in the scan, or does it still show as included? This is a feature request - Could ESET perhaps be enhanced in the future to display the total number of files that have been skipped in the scan because of Smart Optimisation, so we can actually see the benefit we get from the feature? … And Gil, if you know of a way, a combination of circumstances or whatever, to truly get demonstrable benefit from Smart Optimisation as it works now, please let me know. Nothing I’ve seen so far in real-world results has provided any confidence that the feature is of any use at all, the way it currently operates. Scanning duplication I also noticed a couple of other odd things when looking closely at recent scan results. Firstly, some files had been scanned four times! Others, twice. Investigating this, I saw that there were some shortcuts set up on the system for things like the Documents folder. I don’t know the origin of the shortcuts. They’ve apparently been in place for years, but they suddenly now seem to have caused many files to be re-scanned multiple times. (See attached examples.) Re-running the same scan after de-selecting the shortcuts in the scan’s file set, it still took 15.5 hours, but at least the same filenames didn’t keep appearing in the scan results, and the number of scanned objects reduced by 5 million! The existence of file or folder shortcuts shouldn’t lead to ESET re-scanning all the same objects, should it Gil? Is this a software bug? and could it be a recent issue (like between 24/3 and 31/3)? … because the object numbers scanned on the system have skyrocketed this month, and no files have been added to the system. (Previously, even a full scan including archives, totalled 5.69 million objects at most, but these latest scans, supposedly excluding archives, have totalled nearly 10 million objects!) Archives It looks like archives are maybe still being scanned even though they’re disabled in the Smart Scan. (Again, see the attached examples – I’m assuming .zip files are regarded as archives, but other file extensions noticed in the scan results included .tar.gz as well, for example.) Can you shed some light on this please Gil? Is this a relatively recent issue as well perhaps (like between 18/3 and 21/3)? because I’ve previously seen a clear reduction in objects scanned when removing Archives from the scan, but numbers are significantly up again now, even though archives aren’t supposed to be included. scan examples (1).pdf

Hi Marcos, I will let them know. Cheers, Gil

Hi ESET, Question : Is there a way to point to another server, e.g. US or Singapore? Example the Update server is located in Singapore > then once the update server has been update > the modules updates or virus signature from ESET Update server will push to all the client in Australia. On the screenshot below > we tried the steps from https://support.eset.com/en/kb2850-troubleshooting-for-modules-update-failed-message the link and problem still exist, we would like to ask what will be the next steps? do i need to collect logs? Then the affected devices would 25 devices 5 license for ESET Server security 20 license for ESET Endpoint antivirus all of the machine have the similar issue modules update failed. Cheers, Gil

Hi Marcos, Next time i will do that I will send the logs, once i get it thanks Cheers, Gil