itman

I will also add, what Filtering mode do you have the HIPS set at? If its set to Auto(default) or Smart mode, what @Marcos posted is applicable; the HIPS should not be blocking anything in the directory you posted. If on the other hand the HIPS Filtering mode is set to Policy or Interactive mode, that's an entirely different issue.

Let's back up to this posting. I don't know how good McAfee is at detecting UEFI/BIOS malware. However, I do know Eset's AV scanner can detect the same. I suggest you uninstall McAfee. Reboot and install either NOD32 or Eset Internet Security in 30 day trial mode. Either one as part of the installation process with run an in-depth scan on all connected SDDs/HDDs; see below screen shot. This in-depth scan will include an UEFI/BIOS scan. Ref.: https://www.eset.com/int/home/free-trial/

Again if Sakri is not responding to your inquiries about this, you need to contact Technobind about the issue. As I posted above, it appears Technobind is Eset's authorized distributor for India. If Technobind informs you that Sakri is not affiliated with them in any way, then Sakri is the only source that can resolve this issue. If Sakri refuses to resolve the issue directly or indirectly by not responding to your inquires, it appears you have been a victim of a fraudulent purchase.

Are you referring to the EsetUninstaller utility? If so, did you run in Windows Safe Mode? Do you have any other third party AV software installed; Avast, AVG, etc..? If so those should be uninstalled and their respective clean up utility run.

BTW - I forgot to mention this possibility since you have an ASUS motherboard: https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/

Is this a pre-release install? 1903 hasn't been officially released yet.

A couple of points here to clarify. On Win 7, Windows Defender only provides spyware protection; ref.: https://support.microsoft.com/en-us/help/14210/security-essentials-download .The default AV on Win 7 is Microsoft Security Essentials (MSE). MSE is disabled by default when Eset installs. There is no way to run MSE in on-demand mode once it has been disabled. The reference to using WD as an on-demand scanner only applies to Win 8.1 & 10.

Since it appears you ignored my suggestion to reinstall Eset, do a repair install and see if that resolves your LiveGrid issue.

Do the following which will validate that a LiveGrid connection is being made: https://help.eset.com/eis/12/en-US/idh_page_cloud.html

It was installed on my Win 10 x(64) 1809 build w/o issue. Appears you are the only one having issues using Eset. Check you default Eset firewall and ensure ekrn.exe rule shows Direction as "Both."

The ideal solution for Eset Home product users would be for Eset to interface with Windows Defender in regards to its block-at-first-sight and cloud scanning technology. When I researched it a while back, it appears to be a separate interface in Windows Defender. Doubt this will ever happen. Which means Eset needs to incorporate like technology for Home product versions.

Instructions for creating an Eset SysRescue USB or DVD media here: https://www.eset.com/int/support/sysrescue/ You can create Win 8.1 bootable DVD or USB media from here: https://www.microsoft.com/en-us/software-download/windows8ISO . Note: this web page took a while to render on my PC, so give it sometime to do so.

As @Marcos mentioned previously, it could be a firewall issue. Make sure the default Eset firewall for ekrn.exe is enabled that allows all inbound and outbound traffic for the process. Also ensure the Win firewall is disabled and that its outbound protection was not somehow inadvertently enabled. The Win firewall should have been auto disabled at EIS installation time. Short of the above, you might just want to export existing Eset settings if custom modifications were made; uninstall EIS; and then reinstall EIS and import Eset settings if so previously saved.

Suspected as much. Thanks for the clarification. Any plans on Eset developing a version of EDTD for its Home version products?

Which gets into the "which is first, the chicken or the egg" analysis. Are indeed "unknown" files per se being sent to EDTD, or in fact only those deemed in the suspicious category by local heuristic scanning?