eitanc

Thanks TomasP and Marcos. Well... this brings "heart attack" to the user... not nice. Don't do it this way. Really, find a way to do it "under the hood". Also, please add a public support KB for this behaviour, to let folks know what is happening here. Also, it will be nice to add a matching log record to the Eset app log for each such operation, so you will be able to show customers a (date-time) match between this feature's action to what the customer have seen on the GUI and found in the windows event log. Thanks!

I am running now procmon to capture only events where the process name is "ekrn.exe" and the path includes "firefox.exe". We'll see what we catch.

Nope. My product is only NOD32, I don't have the mentioned feature

Hello, I use NOD32 12.2.30.0 on Windows 10 pro 64 bit. Recently I noticed a sudden/flash appearance of the Firefox banner on the taskbar. Like it loads and then terminates. Looking at the windows security event log, I found it was launched by NOD32 process of ekrn.exe... very strange. see attached screenshot. Firefox is NOT my default OS browser. I didn't find any NOD32 scheduled process that is related to Firefox nor a matching windows "scheduled task". Any ideas?

Greath Peter! Thank you! I will be glad if you will post here the results once you know them. Thank you.

Hi, Your online scanner that run on Windows, access a host name of "onlinescanner.eset.com:80" and path of "/query/chsquery.php", but the request is like: POST hxxp://onlinescanner.eset.com/query/chsquery.php Content-Type: multipart/form-data; boundary=------------------------[random string with timestamp] Host: onlinescanner.eset.com:80 Content-Length: 1987 While in usual request the payload for the HTTP method (POST in this case) is the relative path from the root, using a full URL instead, which is typical for a proxy activity. This cause web gateways/IPS systems - to flag it as proxy activity and usually block it, when proxy is prohibited as part of the security policy. So, please change this behavior and use relative path to have a normal request, non-proxy one. Thanks!

I opened a support case via your site form with logs, but didn't get any email confirmation. I WILL NOT install win 10 from scratch because of of my AV. There is one basice test for a product - who works for who? the product for you or you for the product. that's it.

I tried a repair from appwiz.cpl - didn't work. Tried an uninstall, reboot and run a new install. The new install informed me the latest product is already installed. the ESET folder on program files was still there! and also the Hkey-local-machine\software\eset!!! some uninstall... I had to download eset uninstaller (hxxp://support.eset.com/kb2289/?locale=en_US) and run it from safe mode. rebooted. Then insalled version 10 again, from fresh. rebooted. same issue - the service will not run at startup. uninstalled. rebooted to safe mode again and run again the uninstaller. rebooted. installed version 9, rebooted - now the service run at startup. ESET - I must say, I am a veteran customer of yours, for many years, becasue of the product quality and security abilities, but in the last year NOD32 degraded drastically and version 10 is a new negative record. Get a grip on yourselves or you will lose customers very quickly.

I have the same issue, with the latest version 10.0.369.0. Also the sig update is running without error but the sigs have a of S/N of 14260 (20161011) and last successful update of 3/12/2016 <time> (december, euro date format) and I have the message of "update is not necessary - the virus siganture database is up to date." while by hxxp://virusradar.com/en/update/infothe latest version is 14579 from Dec-09-2016

1. The display issue is really minor. it can be divided into seperate lines. 2. Depending on the NOD32 settings - the email can be deleted, so one cannot see the headers. even if the email is not deleted - the headers are archived "out of band" on the log. Can someone from Eset reply?

Hello, I wish to ask that when you log an incident of an infected email - please add the email's full headers, to any possible alert/logging object - the GUI log, the email you send to the admin regarding the event and possibly to ESET for reputation scoring and research. It wil be nice if all of the above will be user controled, on/off, as part of the configuration GUI. These details will help us all in learning from the incident and possibly block future attacks with similar attributes. Thank you, Eitan