[Strange file in operating memory of the computer]

13 hours ago, itman said:

Repeat the test again. If you see clouldcar.exe file in your Downloads folder, check its file size. It should have a size of 0 bytes.

You car also check the cloudcar.exe files that currently exist in your Downloads folder. They also should be 0 bytes in length.

In other words, no actual executable file was created.

 

Hello. I reported the error to technical support then, I was told that there was a problem with the ESET web link and that they would fix it. So it looks like it was, two days later it was fixed. I did the cloudcar test several times after I was told it was fixed and no files were downloaded to the computer.

The files that were downloaded to the computer weighed 7 kb. But none should have been downloaded. I made six or seven attempts, three of them downloaded, you can see in the screenshot. The other three or four were blocked by the ESET product with a warning screen.

These LiveGrid tests, repeating the on-demand scan over and over again, are due to the fact that since early June I noticed that if I did not enable all on-demand scanning options, the ESET product does not scan pagefile.sys, hiberfile.sys and swapfile.sys, or home/UEFI sectors. You have to mark them all. Why do you have the option to choose which sectors you want to analyze if ESET don't do it?

File that can never be read by ESET (it is normal) and that's why usually appears a message with error number 4 (can't be read), so I realized that the ESET product should not scan them. In the attached screenshot you can see that by selecting only those sectors for analysis the result is zero detections, zero scanned files.

After sending several logs to the support service, repeated numerous times the on-demand scan, complete and partial, the support service told me that the developers had encountered a problem in the product that will be resolved in the next version of ESET.

It was doing so many on-demand scans (almost daily) that I realized the appearance of the mysterious file that motivated the current thread.

[Strange file in operating memory of the computer]

1 hour ago, itman said:

One final comment in this thread and I am done with responding to replies.

KVRT scan didn't detect anything malicious with this .dll in question.

Eset real-time protection employs an advanced memory scanner which would have scanned the .dll when it loaded into memory.

I therefore conclude baring further proof that this .dll is malicious, one should not worry further about it.

Thank you for your time. Anyway, although the file may not be malware, how do you explain that more or less since that file started appearing the task manager spontaneously opens every day at 22.13? Or that the restore points disappeared? You said yesterday that it could be, as a conjecture, a case of hijacking dll. Also, in your first answer you said have never encountered an instance where ESET on-demand scan could not scan something in memory. I yes found it sometimes, but it happened occasionally and if I repeated the analysis in one or two days, there was no longer any file that could not be read. However, this file, whatever it is, persists. There is some process that makes it stay there or that creates it every time the computer starts.

About the working of the ESET real-time protection last month I had some problems that I reported to technical service. Doing the test to download cloudcar from the link that ESET indicates to check the functionality of ESET LiveGrid, I came across the ugly surprise that in half the attempts the cloudcare file was downloaded to my computer, when ESET should have blocked it. Cloudcar is harmless, but there is other software that is not. By the way, look at the date of the screenshot, June 15. Soon after, the problem with the mysterious file began. Coincidence? Maybe yes, maybe not. Could the protection of my ESET product have been malfunctioning during those days running a risk for my computer?

Please don't get me wrong. I'm not claiming that file is malware. I'm just saying we don't know what it is and what causes it.

 

[Strange file in operating memory of the computer]

1 hour ago, itman said:

There is another possibility based on lack of comment by an Eset moderator.

If either of you have an Intel CPU installed on your device, open Eset GUI -> Setup -> Computer Protection. Then open HIPS settings. Under Ransomware Shield protection settings, does the following highlighted setting exist?

If this Intel TDT setting exists and is enabled, it is possible this mystery .dll running in memory is related to that protection.

Hello. On your question, I have Intel Core i7 -12650H, but the option you show isn't available in my ESET product. Why? Isn't supposed ESET product is the same for al countries?

 

[Strange file in operating memory of the computer]

1 hour ago, Mr_Frog said:

I have done this and KVRT.exe found nothing. Right now I feel insecure and just think maybe someone is spying on my Computer.

Hello. Looks like we have a similar problem. Does that file of yours have the same format as what it looks like to me? Like mem_2EBDBEB0000_7668.dll. Does it change every time you start the computer? Small changes, some digits. It's easy not notice it because seems to be the same, but in my case it changes every time.

The truth is that one feels unsafe not knowing if there is something dangerous on the computer. Good luck.

[Strange file in operating memory of the computer]

1 hour ago, itman said:

Another possibility here is we are dealing with an unknown rootkit.

I came across the old Eset posting yesterday: https://forum.eset.com/topic/28800-cleaning-rootkit-problem/ . In this instance, the attacker dropped the .dll into the C:\Windows\System32 directory. Whereas Eset did detect the .dll as malicious, it could not stop the .dll from being repeatedly loaded into memory at boot time.

The original poster and others used Kaspersky's Virus Removal Tool (KVRT) to remove the rootkit. It can be downloaded here: https://www.kaspersky.com/downloads/free-virus-removal-tool . I have never used the tool since it's a Kaspersky provided product. If one has no reservation on using Kaspersky's products, you can try running it and see if it detects anything. Again, I can't help you with any issues with KVRT.

Hello and thank you for the answer. I have sent the logs to Marcos, indicating the thread of the forum I opened to see everything written here. I wait to see what he answers.

The other user with a similar problem uses a different operating system and the user of the thread 28800-cleaning-rootkit-problem/ had a similar and different problem at the same time, because his ESET product is able to detect the infection. In my case it only detects a strange file that it cannot open and there are some issues in the operation of the computer since then.

We'll see what's the result.

[Strange file in operating memory of the computer]

30 minutes ago, itman said:

Great news! I was waiting to see if this could be duplicated elsewhere.

Was the Eset scan done on a Win 11 device? My suspicion was that Win 11 OS was possibly loading this .dll into memory at boot time.

Hello again. I'm going now to the house of the person who will let me to use his internet conection. I've also made a file log now.

I've seen that another user has a similar case. It remains to be known if he is running Windows 11 and if each time the file has a different name (although only a few digits change). Anyway, I have this computer for almost two months and only for about last twenty days have I noticed this problem. Previously, on-demand scans (I'm used to do it weekly) did not show that mysterious file.

And let's not forget that simultaneously appeared the problems of the task manager that spontaneously opens every day at 22.13, the restore points have disappeared. It is possible that finally is a harmless file and the rest has explanation, but it is better to be sure.

[Strange file in operating memory of the computer]

10 minutes ago, itman said:

It is enough. What we are trying to determine is what is loading the .dll into memory.

Also, letting Process Monitor run for 15 mins. as instructed might create a log so large, it would exceed the allowable maximum file upload size for most file sharing web sites.

Thank you very much for the answer. When that person whose home I can go finishes his working day within two hours I will go to his home. I have the bootlog. Do you need a filelog too?

[Strange file in operating memory of the computer]

13 hours ago, itman said:

Upload the zipped log file to a file sharing web site. Then private message @Marcos the file download link provided by the file sharing web site.

I've found a possible solution. This afternoon I can go to the home of a relative of the person who I said is currently on vacation to whom I have explained the problem looking for help. I will upload the file from there and send the data by private message to Marcos.

Important before I do anything. In Malwarebytes instructions to make the bootlog said about to wait 10-15 minutes for all Windows processes and other programs to load. After five minutes I started the ESET on-demand scan, I saw that the mysterious file had already been created (like every time the computer starts, with a new name very similar to the previous one) and I finished the bootlog without waiting 15 minutes because there was already the file we want to search and track. Is it enough or should I repeat the process and wait 15 minutes as the instructions indicate? I would not want to go, disturb someone I don't know personally, upload the file, and then tell me that it was useless and I have to repeat the process.

Thank you in advance.

[Strange file in operating memory of the computer]

12 hours ago, itman said:

Upload the zipped log file to a file sharing web site. Then private message @Marcos the file download link provided by the file sharing web site.

Thank you for the answer. I explained myself badly. It's not just about how to upload the file to the ESET forum. It is a question of that since a week ago, due to technical incidence of the ISP in the area where I do live, the internet speed (upload and download) has been dramatically reduced, besides having random microcortes. Uploading such a large file to any server is virtually impossible. Nor can I ask a neighbor to let me use their internet connection because they all suffer the same problem. The only person I could ask for help living outside the affected area is on vacation and doesn't come back until August. The ISP does not know when it will be able to solve the incidence, it could be tomorrow or in ten days.

Do you have any other options? Use TeamViewer to remotely check the file on my computer?

[Strange file in operating memory of the computer]

1 hour ago, itman said:

Correct. Process Monitor and Process Explorer are two entirely different SysInternals utilities.

The Malwarebytes link I posted just shows how to use Process Monitor. The link shown on the the MalwareBytes web page is just to download  Process Monitor from the SysInternals web site.

Finally, if all this is too complicated for you, I suggest you employ the help of a PC technical savvy friend.

The bootlog has a size of almost 4 gb! I don't know how I will upload it.

[Strange file in operating memory of the computer]

1 hour ago, itman said:

Correct. Process Monitor and Process Explorer are two entirely different SysInternals utilities.

The Malwarebytes link I posted just shows how to use Process Monitor. The link shown on the the MalwareBytes web page is just to download  Process Monitor from the SysInternals web site.

Finally, if all this is too complicated for you, I suggest you employ the help of a PC technical savvy friend.

Okay, thank you. It is that the link of your first answer was to download Process Explorer and when you told me about Process Monitor I was confused because I didn't know if it was the same thing said with other words name or not. Now I know they're two different things and I already know where to download Process Monitor. I've done it.

In Spain it is already very late, how I do not know how long it will take me to log, tomorrow I will put myself to it and post it here.

Thank you in advance.

Al

[Strange file in operating memory of the computer]

41 minutes ago, itman said:

As I stated in my initial posting, you can use Process Monitor to detect what is loading this .dll into memory at system startup.

MalwareBytes use instructions of Process Monitor are a bit clearer that Eset's, so I will post its download link: https://service.malwarebytes.com/hc/en-us/articles/4413798945811-Use-Process-Monitor-to-create-real-time-event-logs . Refer to the section on how to create a boot log. You can stop Process Monitor logging activities once the .dll has been loaded into memory. Once the log is created, create a zip folder containing the log. Post the zipped log folder as an attachment to your next reply.

Perhaps @Marcos will review the log to see if it can be determined what is loading this .dll into memory. Otherwise, contact Eset - Spain again attaching the zipped log folder.

Note: If the .dll does not load into memory after a system re-boot, this would be a strong indicator of malware activity. Certain malware are "Process Monitor aware" and will not perform malicious activities if it detects Process Monitor running.

Good evening and thanks for the answer. Maybe we're not talking about the same thing, but I downloaded SysInternals Process Explorer from the link you indicated in your first message, followed the instructions (fortunately they weren't complicated) and showed a screenshot of the result: no match. No file with that name. But the file is still detected by ESET in the on-demand scan, today I have repeated it and it appears again. Every time with different names, names so similar that until yesterday I didn't realize that they change some digits of the name. So this option, download SysInternals Process Explorer, run procexp64.exe as Administrator, select Handle or DLL, write the file name and search did not work.

Is it safe to use Malwarebytes at same time with ESET? Last time since ESET support I was discouraged from using it (in 2022), not even the free version that only works by doing on-demand scanning. Surprising thing because it was ESET's own technical support that recommended me to use it some years ago, but in 2022 they said that things have changed and that Malwarebytes is neither necessary nor useful, apart from that it can interfere in the operation of ESET.

[Strange file in operating memory of the computer]

1 hour ago, itman said:

Eset forum procedure is to instruct contacting Eset in-country tech support when the matter cannot be resolved in the forum. You have already done this . Eset - Spain tech support stated the file running in memory is not something to be concerned about.

At this point, I can't assist you further in this issue. If you are still concerned this file might be malware related, you could seek assistance in the following web site security forums;

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/

https://malwaretips.com/forums/windows-malware-removal-help-support.10/

Thanks. Unfortunately, technical support in Spain leaves much scope for improvement. ESET Spain has not told me that I should not worry about that file. ESET Spain said that at first, then nuanced it stating that could not ensure that this strange file is or isn't a malware because the ESET product can't read it and without reading it it isn't possible to get out of doubt. But if I'm worried I can seek help from a specialist malware technician to analyze my computer. This is like saying "don't count on us to solve your problem." It's not serious and I expected more from ESET.

You told me yesterday that it could be a case of DLL hijacking. Maybe or maybe not, but it's a possibility that would have to be explored. Just, how to do it?

ESET cannot abandon the customer in this way.

[Strange file in operating memory of the computer]

Some other idea and /or help to find out what is this strange file, please?

[Strange file in operating memory of the computer]

49 minutes ago, itman said:

Referring to your first posted screen shot of an Eset scan, the other odd thing observed is DeviceFlowUI.dll running in memory with the scan line suffix - esto correcto - which translates to - this is correct?

I have never seen an Eset scan show anything detected in memory; only a scan object count is displayed in the log. Why would Eset inform that an object detected in memory is correct? Perhaps this means - object is not detected as malware. But, why is the notification shown in the first place?

-EDIT- One possibility is DLL hijacking is going on. The attacker is replacing DeviceFlowUI.dll with mem_1883B4E0000_13256.dll and then executing ShellExperienceHost.exe, a legit Windows process, to run the malicious .dll. This is just speculation at this point.

Hello again. I expand information. I had not noticed, but it seems that every time the name of this mysterious file is different: the last one is mem_2EBDBEB0000_7668.dll. I was fool on no noticing it previously. It seems that each time the computer starts the file is created new or renamed. You can see it in the first screenshot.

I searched Process Explorer, following the instructions, for the last file name, but without success. The second screenshot shows it.

Any idea since ESET's technical service is limited to saying (not very politely) that they cannot guarantee that my computer is free of malware and if this file is or not a malware, but that if I have doubts seek help from a specialist malware technician to analyze my computer? This is not serious and I expected more from ESET.

And yes, "esto correcto" means "this is correct". I'm am from Spain, my ESET product is in Spanish.

Thanks in advance.

Al

[Strange file in operating memory of the computer]

4 hours ago, itman said:

It is odd that Eset is detecting a .dll in memory that it cannot scan. I have never encountered an instance where Eset on-demand scan could not scan something in memory.

The first step here would be determine what is loading the .dll into memory. Something like SysInternals Process Monitor utility set to run at system startup with logging enabled might detect the .dll loading into memory. Just don't keep this utility running for an extended period time since the log file would be huge.

You could also try running Eset's SysInspector and see if can provide any information on this .dll.

-EDIT- What you should do first is download SysInternals Process Explorer from here: https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer . Then run procexp64.exe as Admin. Mouse click on the Find tab and select "Handle or DLL." In the search bar, enter "mem_1883B4E0000_13256.dll" less the quote marks. Then mouse click on the Search tab. The search result should indicate what process loaded the .dll but no guaranty on that.

Good night and thank you for the answer. I am a user with poor computer notions beyond basic things, I have no idea how to use that program that you tell me. I'll try to see if I can make it work. In any case, you admit that it is unusual that ESET cannot read a file in memory. More reasons to suspect something disused and that it is necessary to discard all options, including the option of a malware.

Tech didn't tell me anything about Eset's SysInspector. Just told didn't worry about an error when opening files during the scan, and then nuanced that "don't worry" to "we can't guarantee no malware."

Thanks.

Al

[Strange file in operating memory of the computer]

Hello,

I am user of ESET Internet Security 16.1.14.0, running Windows 11 and since the second half of June on-demand computer scans a mysterious file appears that cannot be opened by antivirus: Registro memoria operativa "mem_1883B4E0000_13256.dll. As you can see in the screenshots, the file has no path, it does not indicate the disk on which it is, unlike what it does with other files, which it does.

I wrote to the ESET technical service and initially responded that I should not worry, ignore files that cannot be opened because they are not infected, they are simply in use by the operating system or another program. I asked how they can tell whether or not it is infected if ESET cannot open and scan it, and if there was hidden malware the file could be in use by the malware itself ("or another program").

They replied that they could not guarantee that there is no infection in the computer and that, if I have doubts about it, I could contact a specialist malware technician to analyze my computer and the other devices in my network in depth.

I don't think it's serious. Why do you need an antivirus product if they offer you that option when there are doubts on a strange file?

Because it's not just that mysterious file that pops up every time I do an on-demand scan. Since that mysterious file began to appear, the file explorer spontaneously opens every night at 22.13. The restoration points disappeared and I had at least four points, so I could not restore system to a point previous to the appearance of this file. These are strange failures. If you write to Windows Help explaining that you have a strange file and malfunctions in Windows, the first thing they tell you is to make sure you don't have malware on your PC. Should I tell them that the service of my antivirus product tells me that can't ensure if there is malware in my computer?

I have tried to perform on-demand scan immediately after starting the computer without opening any program, not even the file explorer, in case that file was created by some program after opening it, but that file appears anyway, so that is a file created by something that starts with the same computer (Windows or other, there are multitude of processes) or that was created at any given time and does not disappear since then.

I have tried looking for it in the computer, selecting the option "Show hidden files and folders," but it does not appear. However ESET detects it, it exists.

At this point, the important thing is to know what that file is, where it is located and specially if it poses a threat. Depending on whether it is a threat or not the actions will be different.

Thank you,

Al

[High use of Memory by ESET Internet Security]

I'm sorry I didn't write this from these days, health problems.

The problem with using RAM seemed resolved, but in the last week it has reappeared again, although not in the same form. For some reason the ESET product returned to normality and was using an average of 150 MB of RAM, increased slightly during the on-demand scan, and then returned to 150 MB of average. Last two weeks, no. It began increasing again, slowly but persistent, to 260 Mb and never diminishes, only increases. You can see it in the first screenshot. If every time week increases around 50 Mb of RAM usage I will have the same problem again in some weeks: excessive RAM usage.

Second problem. It appeared that the random search for updates issue had been fixed with version 14.1.20.0. But in the last few days I have observed a new randomness. In the second screenshot you can see that the computer was switched on at 22:09 hours and updated (red arrow). It should have searched for updates at 23:09, 00:09... every 60 minutes. But you can see on the yellow arrows that the ESET product searched for updates at 23:58 and has a new search scheduled at 00:58. Both in the task that is configured by default with the ESET product and in the task that I created to compensate for the randomness of the update search. One more time it searches when it wants.

No updates of Windows or any other program happened during this last two weeks. I have in few programs. The ones I need and no more.

And the version of the protection module is already 1425, but the date of compilation is April 16, 2021. In April it was not released the 1425, it was still the 1423. I could use the 1425 thanks to pre-release option. Why date of release is April I it was released in May?

And again I have problems with the safe browser.

[High use of Memory by ESET Internet Security]

On 5/11/2021 at 2:55 PM, Marcos said:

That's not how customer care should close a support ticket. If they have no idea they are obliged to contact ESET HQ for assistance. If you wish, we can look into it, but please create a new topic for this issue first. Also make sure that you are able to reproduce the issue after installing the latest version from scratch with default update settings.

Hello, Marcos. In theory they did, it was a very long process from July up to February. Sometimes the answers were ridiculous and even contradictory. For example, say that there is no problem and I was watching problems where there were no, and immediately then recognize that there was evidently a synchronization problem. So, there was a problem. Or say that now the ESET product doesn't search for updates regurlarly every 60 minutes but randomly (but the product still was showing in settings the search every 60 minutes). And the last one was to say that could be possible to make a test with something that I wouldn't know how to translate into English (it's a rare technicality), but that they spent a long time with this matter and closed it.

BTW, I was checking last days and the version 14.1.20.0 and seems fixed someway the synchronization problem of ESET that began with the 13.2.14.0 version in July. Now, fortunately, it search updates every 60 minutes. I know because despite the task I created to to search for updates every 60 minutes, the update task that is configured by default with the product was still looking for updates aletoriously, so that in 60 minutes it was updated twice: one by the task created ex profeso and one random by the task configured by default. Now it search for updates only every 60 minutes.

On the RAM usage, probably may of you faced two days ago the problems with Microsoft Outlook. It was fixed, but was necessary to reboot the computer... so again the usage of RAM dropped like after every reboot. I'll see what happens next days.

[High use of Memory by ESET Internet Security]

23 hours ago, Marcos said:

We are not aware of any issues with the default update task that it would not run in 60 min. interval by default. I'd recommend opening a new topic for further troubleshooting.

Hello, Marcos. I did it time in July 2020 with the tech-support of ESET Spain and the result in february 2021 was "we have no idea but all is ok". So, I let it be. Just there is a desynchronization in the module of search of updates. By defect the product ESET is programmed to search for updates on having detected connection to the network and every 60 minutes from this moment until the computer is switched off or enters in hibernation. But it does not work this way. It was necessary to create a task so that the product ESET search for updates every 60 minutes.

Even once in September it stopped searching for updates, there was no error message at all and the options of searching for updates were marked when detecting network connection and every 60 minutes since then. But it didn't work to search updates. The only way to repair it was to uninstall and reinstall. I also commented it here among the failures that my ESET product had suffered in recent months. Well, let's hope it dodn't happen again.

[High use of Memory by ESET Internet Security]

13 hours ago, peteyt said:

Have you looked to see if anything is hidden by default in file explorer?  Although it was just a jpeg so it shouldn't be hidden.

Hello and thanks for answering. Yes, I checked if there are hidden files and no, thare aren't. So the ESET scan module worked as under on-demand scan (but I didn't performed on-demand scan, I literally had no time to open the ESET and perform it when it already was done this misterious scan) analyzing non-existing files. Quite strange.

[High use of Memory by ESET Internet Security]

12 hours ago, itman said:

Eset performs background scans at system startup, after module updates, etc.. These scans are not logged and therefore don't show in the Eset Scan log.

One possible explanation is when you switched to pre-release updating resulting in Internet module ver 1825 being downloaded, there was some type of Eset "hiccup" resulting in a scan creating a log entry it shouldn't have. I really wouldn't be concerned about it.

Thanks for your answer, itman.

That's exactly what worries me, that ESET running in the background doesn't warn of such a task except if detects some malware. However, ESET worked as if had been working under an on-demand scan, but I did NOT do such. And to make it even stranger, it scanned non-existent files because the My Downloads folder was empty.

Your explanation is feasible, but I'm worried that the analysis module might not work well. Since version 13.2.14.0 and successive I have accepted that the update module running randomly (isn't updated every 60 minutes as configured by default and it was necessary to create a specific task to correct this failure) and that the protected browser stops working from time to time (last last month, I explained it here), but I worry that the analysis module that is the backbone of an antivirus might have some fail.

[High use of Memory by ESET Internet Security]

5 hours ago, peteyt said:

You need to renable the pre release updates. You mentioned the RAM went right up but you aren't on the pre release update and it is the pre release version that may have fixed fixed the issue.

Ideally you'll need to renable the pre release updates and run for a few days to see if it makes any difference

Thanks for your answer. I thought it too, but the point is the following: with the other problem I mentioned above, the strange ESET non demanded scan on non-existing files in an empty folder, it's obvious something is wrong. Don't know if it's wise reeabling the pre release updates that, as you said, ESET recommends use the pre release updates for general use if it's not an important work computer. It'm my main computer right now, I don't want run the risk of some issue that can affect even more. Let's check other people all issues there can be with the module. If it wasn't released with the last version of ESS there must be a good reason for that, they must be doing more tests.

[High use of Memory by ESET Internet Security]

6 hours ago, itman said:

I guess you're referring to this posting: https://forum.eset.com/topic/27927-high-use-of-memory-by-eset-internet-security/?do=findComment&comment=133565 .

I have never seen anything posted to the Eset Computer Scan log that was not manually initiated via some user activity; either a manual or previously setup scheduled scan. Are you positive you didn't perform a manual scan on a download perhaps via Win Explorer Context menu Eset scan option?

As far as what appears in an Eset scan log entry, it will only show either malicious/PUA detections or files that Eset couldn't scan because they were locked from Eset access by the Win OS. The scan log entry never shows all files that were scanned by Eset. Finally and referring to the aforementioned, Eset on demand scanning will not show a desktop alert if malicious files are found unless the ThreatSense "Cleaning level" for the scan profile being used specifies that user action is required.

Thank you for your answer, itman. I positively affirm that I didn't perform a manual scan neither scheduled scan was performed.

It was me the first surprised to see that message, less than one minutes ago I had switched on the computer, I opened the ESET window to see if in the last update (which is done just after detect network connection) the Internet protection module had been updated to 1425 version and the first I saw that there was an Analysis warning indicating that the analysis was complete. I thought: "Analysis? Which one?". I checked and saw that, indeed, it seems that ESET had analyzed some files on disk D, folder Mis Descargas (My Downloads), and that everything was ok, there were no malicious detections, but I repeat that I hadn't performed any manual analysis, that the files ESET says it examined (at least the three whose names are seen from the six supposedly examined) didn't exist in that folder. The folder was empty. Hardly ESET could analyze something there. And even more surprising the fact that if it was an action of the system protection module, which is always running and scanning in background without intervention of the user, there was no malware detection, ESET should have indicated nothing because there was nothing to warn about.

It's quite strange. An error?

[High use of Memory by ESET Internet Security]

On 5/8/2021 at 1:25 PM, Marcos said:

Modules are not included in installers. They are downloaded after activation. Also if you switch between the release and pre-release channel, existing modules are deleted and available modules are downloaded.

Thank you, Marcos. Yes, I understand this. Just I suppossed that as we started on thi topic when a previous version of the ESET product was in use, I thought that the last released version, 14.1.20.0, would contin too the 1425 version of the module of Intenet protection. But it seems that the last version keeps still the version 1423.