[Problem with depth-scan on-demand]

It seems the problem is finally solved.

[Problem with depth-scan on-demand]

On 11/21/2023 at 3:53 PM, Marcos said:

Cleaner 1245 is currently on the pre-release update channel. We'll continue with the release once the Antivirus and antispyware module 1605.2 with a workaround for the issue has been received by all users.

Hi, Marcos. I regret to report that after having automatically updated my ESET product to version 1245 of the disinfection module today, the problem with the depth-scan seems to have disappeared, but a new problem appears with the smart scan: it lasts now the same as the depth-scan (about three hours) and analyzes basically the same number of files (more than a million). I know because after testing if the problem had been fixed with the depth-scan I also performed a smart analysis. Before, the smart scan lasted just over fifty minutes and analyzed about half a million files. It is as if when selecting the smart scan the ESET product performs a depth-scan instead of the requested. And yes, I'm sure that first selected a depth-scan and after it a smart scan.

Best regards.

[Problem with depth-scan on-demand]

On 11/24/2023 at 7:58 PM, peteyt said:

I believe this is available if you enable pre release updates for now 

Thanks, I got it finally.

[Problem with depth-scan on-demand]

7 hours ago, simplicissimus said:

You are right.

Thanks for the clarification and let's hope the issue will be fixed soon.

[Problem with depth-scan on-demand]

5 hours ago, simplicissimus said:

 

My mistake ... sorry ... I meant to say:

Much more important than the release of version 17 is that the problem with the deep scan will finally be solved after more than a month!

... I was probably already asleep when I wrote that the issue has been solved.

Ah, so you talk in future, you mean it will be fixed, but it hasn't been solved yet, right?

[Problem with depth-scan on-demand]

3 minutes ago, Marcos said:

Cleaner 1245 is currently on the pre-release update channel. We'll continue with the release once the Antivirus and antispyware module 1605.2 with a workaround for the issue has been received by all users.

Thanks. So it means that the users that we still have the version 1244 we need the version 1245 to the depth-scan problem gets fixed, right? The user who says in this thread that the problem is fixed must have installed version 1245 from the pre-release channel. Right?

Best regards.

[Problem with depth-scan on-demand]

On 11/20/2023 at 3:43 PM, Marcos said:

Automatic update to v17 on the regular update channel should be resumed in 1-2 days.

Thank you very much. Is it true that the problem with depth scan is solved? But the the version of the module of disinfection is yet the 1244, not updated to 1245.

Best regards.

[Problem with depth-scan on-demand]

21 hours ago, simplicissimus said:

Much more important than the release of version 17 is that the problem with the deep scan has finally been solved after more than a month!

Has it been fixed? I still have the version 1244 of the module of disinfection. Was not it necessary to hope that they should release the version 1245?

[Problem with depth-scan on-demand]

On 11/19/2023 at 9:56 AM, Marcos said:

We'll need to release the Antivirus and antispyware module 1605.2 to all users first (most likely within a week) and then we'll continue with the release of the Cleaner module 1245.

Thank you, Marcos. The version 17 of ESET product isn't released openly yet in my area (Spain). Will it take much more time?

Thanks in advance.

[Secured browser keyboard protection & FireFox - mistyped characters]

2 hours ago, Marcos said:

V17 has been released worldwide, however, automatic update is currently available only for those who update from the pre-release update channel, however, you can also upgrade to it using the installer from the website.

The issue you are referring to was caused by the fact that upgrade was initially allowed only on systems without Azure Code Signing support. This was fixed and if you attempted to update from the pre-release update channel now, older versions on non-ACS enabled systems would not upgrade to v17.

While we're still working on resolving an issue with a subscription validation notification in gui that affects some users who have upgraded, it can be fixed by deactivating the product from ESET HOME and re-activating it. Once this has been fixed on the backend, we'll enable staggered product updates to v17 again.

Hello and thank you for the answer.Do you know when the automatic update will be available?

Best regards.

[Secured browser keyboard protection & FireFox - mistyped characters]

14 hours ago, Marcos said:

It's possible. Please switch to the pre-release update channel in the advanced update setup and see if the issue is gone.

Hello and thank you for answering. I do not find in my ESET product the option to download pre-released products. In Spain, version 17 has not yet been released, I still have the 16. Anyway, there seems to be some problems after the installation of version 17, right? For example:

And I have seen in the forum some stuff with Firefox.

Best regards.

[Secured browser keyboard protection & FireFox - mistyped characters]

Hello. In the last three weeks I have suffered sporadically something similar, only happens in the Firefox browser, not in Microsoft Office in any of its programs (neither Word, nor Outlook, nor Excel, nor PowwrPoint...) nor any program in which you can write in. I thought my keyboard was failing, although it would be weird if only failed in Firefox, but seeing this already raises my doubts as to whether I have the same problem. Is it possible?

Best regards.

[Problem with depth-scan on-demand]

8 hours ago, Marcos said:

We are anticipating an update of the Antivirus and antispyware module before we start releasing the Cleaner module 1245.

Hello and thanks. Is this update the version 17 of the ESET product?

Thanks.

[Problem with depth-scan on-demand]

19 hours ago, peteyt said:

Updates often get rolled out in batches. This avoids people all downloading something and then an undiscovered bug appears.

You can also change your settings to allow pre release updates to get these early. Eset prefers users to enable this option as often fixes to issues are included so they need more users on it to confirm if the fixes work, any more issues etc.

Hello. Does anyone know if the 1245 version has been released yet? According to ESET Spain technical support, its development was suffering from some problems (and I don't want to install something that could be problematic), but it was supposed to be released already and does not appear to me as available. That is why I would like to know if it has already been officially released for all users or I should worry that maybe there is some other problem with my ESET product that prevents the update of the module.

Thanks.

[Problem with depth-scan on-demand]

9 hours ago, Marcos said:

Cleaner module 1245 is already available on the pre-release update channel.

Hello and thank you for the answer.

ESET Spain technical support has told me that the update will be released for all users in open way tomorrow or the next Thursday. Is it true?

Best regards.

[Problem with depth-scan on-demand]

15 hours ago, itman said:

Not so according to Eset publication;

Hello and thanks. Is expected the disinfection module 1245, that should fix the problems with the depth-scan, to be released soon? It will be automatic or it will be necessary to do some settings in the ESET product?

Thanks in advance.

[Problem with depth-scan on-demand]

4 hours ago, Marcos said:

You can now switch to the pre-release update channel in the advanced update setup and see if the new Cleaner module resolved the issue.

Hello, Marcos. Do you mean the version 17 of the ESET product? According to the Spanish tech support (I wrote them last Friday about this issue thinking my ESET product was corrupted and only the weekend I wrote in this forum) they confirm there is a problem with the disinfection module 1244 but they say the version 17 will be released only in 2024.

Thank you in advance.

[Problem with depth-scan on-demand]

2 hours ago, Marcos said:

This issue will be fixed via an automatic module update within 1-2 weeks. As a workaround, please unselect the registry in scan target selection.

Thank you so much for answering. Apparently most users who have had problems were after installing version 16.2.15.0. However, I installed it and was able to scan depth without problems on October 3. The problem came up when I tried a new scan this month.

I'm waiting for the update to fix this. When it appears, please let us know so we can check if the problem is fixed.

Thank you in advance.

[Problem with depth-scan on-demand]

Hello. I use ESET Internet Security version 16.2.15.0 and have the same or similar problem that is indicated here: https://forum.eset.com/topic/38249-scan-is-not-working-properly/ and https://forum.eset.com/topic/38258-full-scan-freezes/#comment-174424 I perform a depth-scan on-demand every month. The last one done correctly was on October 3. Since yesterday I have tried to perform on-demand depth-scan on-demand and the scan is frozen after a while. It says it continues to scan, but does not advance and takes almost six hours, with only 1568 objects analyzed. Even the scan clock stops from a certain time and then goes back to advancing the time it had been stopped. It is as if the process advances from jump to jump without actually advancing the analysis of the objects.

It is not possible to pause or stop the scan manually by clicking on the respective buttons. Nor can I stop the scan from the task manager by stopping the ESET process (the task manager says it is not possible). The scan is not stopped if I turn off and turn on again the computer. Once switched on, the analysis continues. The only way I could stop scanning is by disabling ESET in the computer startup programs and restarting the computer.

Smart scan works properly. What happens?

Thanks in advance.

[Strange file in operating memory of the computer]

2 hours ago, Marcos said:

As I have already mentioned, the error message shown during a memory scan will be fixed soon via an automatic module update.

I asked if it is just an error or a possible symptom of malware.

Plus I have this problem a few minutes ago: "the eset live grid servers cannot be reached". Why? I hace internet connection, I restarted the computer, but nothing, it keeps showing this message.

I tried to check if ESET LiveGrid is enabled, but in the Detection engine, where ESET LiveGrid used to be, you only see what appears in the second screenshot. Where is ESET LiveGrid now?

[Strange file in operating memory of the computer]

So nothing to say? Ok, the same that ESET Spain thech support, that who refused to respond to this, but also to another open incident since May 30.

[Strange file in operating memory of the computer]

6 hours ago, Marcos said:

Unfortunately it's still not clear to me what dll you are referring to. If that mem*.dll, then it's not a dll file but an internal virtual stream and you should ignore the error. In a couple of day we'll release a module update that will stop reporting it.

It's impossible to guarantee a machine to be 100% malware free. Normally if a malware is found, it's enough to clean it. In order to analyze what happened, on mission critical systems a forensic analysis has to be performed. It takes dozens of manhours at least and cost thousands of $. Also on mission critical systems it's recommended to restore the system from a 100% clean backup than just simply clean the malware since nobody would know what the malware could have done.

What we do for free is a basic analysis of logs that you have collected with ESET Log Collector and provided for perusal. They also contained a SysInspector log with information about files, operating system, autostart locations, system logs, etc. These logs were analyzed and no symptoms of malware were found.

Hello, Marcos. Thank you for answering.

Launching a new module that simply hides this kind of "files" or internal virtual stream is not a bit like fooling oneself by hiding a result you don't know how to interpret? I say it with all due respect, because we don't know the origin. You asked me for the ESET log collector to know what programs I have installed and if it was possible to replicate the result to find out what caused it. If ESET can tell "the cause is this, it's not serious" then I will not complaine.

I don't know what a virtual internal stream is, English is not my mother tongue, but in any case that wasn't there before, nobody knows what the cause is that since mid-June began to appear that.dll. And since it is not only the .dll, but coinciding with its appearance strange things are happening in the operation of the computer (spontaneous opening of the Files Explorer every night at 22.13, disappearance of the previous restore points) is what motivated and motivates my concern. If it were just the appearance of that .dll on the on-demand scan I wouldn't worry much. The appearance along with these other failures, I think it is normal that it is cause for concern, especially if no one knows how to explain the cause.

I understand that sometimes it is impossible to remove malware and you have to restore the system from a 100% clean backup. But ESET Spain has shown no interest in helping me know if that .dll and other operating problems that have appeared since then are caused by malware or not. You're the only one who requested logs to see if it was possible to find the cause. Try to imagine my uneasiness when ESET Spain told me that they can't tell me whether or not it's malware, but that instead of helping me I should look for the solution on my own looking for help in other place. It may not be malware, perhaps it is, but manage it yourself and seek help elsewhere, This is the meaning of ESET Spain answer. The client reads that and feels helpless. That is why I came to this forum and I'm grateful for the help received.

If you believe that the virtual internal streame and other problems that have arisen since then are not the cause of malware, then tell me and we can close the thread.

Waiting answer.

[Strange file in operating memory of the computer]

14 hours ago, itman said:

That decision is up to you my friend.

It's a semi-rhetorical question. I find myself in the unpleasant situation where ESET technical service does not know what the origin of the .dll is, cannot rule out the existence of malware but delegate to the user, that you don have to have computer skills, that you decide what to do, how to deal with the problem and if I have doubts seek help from a specialist malware technician to analyze my computer, a response from ESET Spain's technical service which is not admissible in any form. Especially since ESET Spain never asked me for any log or wanted to investigate the matter.

Let's remember that it's not just the existence of that mysterious .dll that we don't know what its origin is, it's the disappearance of the restore points after the first appearance of that .dll, the Files Explorer that opens automatically every night at 22.13. Now the boot sector of external hard disks, last analyzed in May (before changing computer) being correct. If it were just the .dll and nothing more, I wouldn't worry especially. But it's more and for ESET Spain this is up to me.

If you go to Windows answers (or any other computer forum) with a problem like this the first thing they tell you is: make sure your computer is free of malware. Should I explain in a public forum that ESET Spain's technical service has told me that it cannot guarantee the absence of malware but I must seek help from a specialist malware technician to analyze my computer? It would be a "nice" ad for ESET.

[Strange file in operating memory of the computer]

3 hours ago, Marcos said:

Since the SysInspector log didn't yield any suspicious files, I don't find any reason to be concerned about the safety of the machine. As for the error scanning the boot sector of the removable medium (e:), this would need further investigation if the scan was actually run with administrator rights, e.g. if the error occurs when the device/medium is connected to another machine with Windows 11 and scanned, or if it occurs if another similar medium is connected, if it also occurs on other systems, etc.

Hello and thank you for the answer. I think there's a confusion. I have not sent a SysInspector log, either to you or to ESET Spain technical support because they have not asked or wanted anything. I sent you the logs of Process Monitor (bootlog and logfile) and ESET Log Collector. If you need a SysInspector log, tell me.

Personally I have logged SysInspector and a multitude of "unknown" (almost a thousand) processes appear. I don't know if it's normal or not. I remember that in Windows 7 and 8 there were few "unknown" processes. And that this computer is new and I have installed very few programs (ESET, Microsoft Office, two browsers, Telegram Desktop, qBittorrent, VLC player, Adobe Acrobat for PDF and GonVisor for CBR files), most of programs were pre-installed when I bought it.

In relation to external hard disks. I can only test it with this computer, with Windows 11. I have no other, I gave it away the previous one because it was old and useless. I have tried to do the analysis as an administrator and normally. The result is the same.

ESET Spain technical support told me like that .dll: we don't know if it is malware or not. Solution? Formatting and so solves the problem, be it a disk problem or malware problem. What happens if you format external hard disks? That you lose all the information.

If the cause was malware, there is only one way that external hard drives could have been infected: through the computer. Format hard disks using an infected computer, the same infected computer that infected previously the same external hard disks... Well, it's not the best idea.

To check if this same boot sector problem happens on another computer, I would need to ask someone else for help. None that I know uses Windows 11, I don't know what validity the test would have with another operating system. I would have to install the ESET product on the computer of other person (troubles, desinstalal his own antivirus, install new one) and I would have to inform the owner of the computer that from the technical support of ESET Spain I have been told that they cannot guarantee the absence of malware. I think we all imagined the answer. It's the same as I would give: no, because one thing is to do a test to see if it works and another to put my devices in risk.

[Strange file in operating memory of the computer]

5 hours ago, itman said:

Non-withstanding the internal streams statement, I do know it is possible for an attacker to download a malicious .dll directly into memory as shown here: https://guidedhacking.com/threads/how-to-stream-a-dll-without-touching-disk-encrypted.16940/ . Since the downloads are encrypted, they are not accessible to AV scanning.

Hello, @itman and thanks for answering.

Then I really don't know what to think and nobody from ESET seems to know or want to say anything concrete. You pointed to an option where that .dll file or whatever we want to call it, could be malware. ESET says don't worry, it isn't important, there is no malware but they can't explain what that .dll or its origin is, so believing it's not important and not a malware becomes an act of faith. What should I do?

Thanks in advance.