itman

I searched the web about this and could not find anything in regards to this Microsoft change you state. Eset Browser Privacy & Security will prompt you to add its extension. I suspect this is what you observed. It appears to me you have been infected with one of browser search engine hijack malwares.

Looks like the web site is no longer infected. Neither Sucuri or Eset detect any malware.

No problem here on ESSP ver. 17.0.16 for on-demand in-depth scan of memory, boot/UEFI, WMI, and registry. It took 26 mins. for my Win 10 22H2 build. I didn't notice any hang activity on anything.

Refer to the below screen shot. Assuming that Eset Safe Banking & Browsing is enabled with default settings, the green frame should appear on all supported; Chrome, Edge, and Firefox, browser web pages.

Sucuri is detecting magneto malware; namely malware.magento_shoplift.38.1. Refer to this article: https://labs.sucuri.net/signatures/sitecheck/malware-magento_shoplift-38-1/ .

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html This CERT article lists firmware known to be vulnerable along with recommended mitigations: https://www.kb.cert.org/vuls/id/132380

Same here using Firefox. However, Sucuri detects web site injection. It could be Eset Secure Browser mode for EIS and ESSP is blocking the code injection. It also appears to be an infected WorkPress plug-in, http://infinitumpartners.com.au/wp-content/uploads/2021/11/OTP2-Dark-overlay-60.jpg?id=3552

The domain is detected by 9 other security vendors besides Eset at VirusTotal: https://www.virustotal.com/gui/url/3e2debcb23564992506ed8278d6cd572be29bcd7c8d0436148600dd70f7b0858 . Most detect it as phishing.

First, review this: https://support.eset.com/en/kb6205-manage-auto-renew-settings-for-your-eset-licenses#disable . Are you stating you are receiving the "waiting for verification" e-mail as a result of trying to disable auto renew option via Eset eStore logon as noted in the above linked article?

Eset does now detect it as "A Variant Of MSIL/AVBDiscSoft.A Potentially Unwanted Application" per recent VT scan: https://www.virustotal.com/gui/file/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0?nocache=1 . I say now since prior scan results at VT were 7 months old with only two vendors detecting it.

A fairly recent detection of MSIL\AVBDiscsoft.A at Hybrid-Analysis: https://www.hybrid-analysis.com/file-collection/651d7f7ee010e723a20317b5 with detailed analysis here: https://www.hybrid-analysis.com/sample/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0 shows the malware present in DotNetCommon64.dll. Since this is a file infector, I would say you should at least run sfc /scannow from admin command prompt window to verify no OS files have been tampered with.

As far as DaemonTools goes : https://www.bleepingcomputer.com/forums/t/572079/2-mals-included-with-daemon-tools-install-file-from-disc-soft-website/ .

It's not ransomware; https://www.fortiguard.com/encyclopedia/virus/10141333 https://www.trendmicro.com/vinfo/us/security/definition/file-infecting-viruses

Highly unlikely. Refer to this posting: https://superuser.com/questions/759495/can-a-windows-installation-damage-an-hdd . You can also contact the manufacturer of the laptop about the issue.

Again, if you are deploying Eset recommended firewall rules against ransomware as noted in this article: https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware , one of those rules is to block any inbound/outbound rundll32.exe network traffic. You will have to determine if the rundll32.exe network traffic being detected is legit OS/app network traffic or not. If the network traffic is legit, you will have to create a firewall rule to allow it. Move this allow rule/s prior to the existing deny rundll32.exe rules you created. -EDIT- An example of how to determine if outbound app based rundll32.exe network traffic is legit: https://superuser.com/questions/1598094/rundll32-exe-making-outbound-tcp-connection .

Some additional ways partial data recovery might be possible; https://www.pcrisk.com/removal-guides/28739-cdpo-ransomware

This Win code integrity Event log error has existed for some time. It's due to the code signing certificate Eset uses. The error doesn't affect loading of eamsi.dll in any way.

This is the latest variant of STOP/DJVU ransomware. Unfortunately, file decryption is not possible. More information here: https://malwaretips.com/blogs/cdpo-virus/

Unless Eset recently changed the ver. 16 installer, you can't hide the notification in Eset home ver. products. The notification can only be hidden in Eset Endpoint vers..

Try the remediation steps shown in the 'Troubleshooting activation errors' section of this Eset article: https://support.eset.com/en/kb7297-resolve-act-or-ecp-errors-during-activation-home-users . If the problem persists, uninstall and reinstall Eset. If the problem persists, contact your in-country Eset authorized vendor: https://www.eset.com/int/support/contact/ . Mouse click on the link, "Product activation troubleshooting."

Try this;

Correct. Voluum is ad tracking software. When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 . If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved.

If you still get the Windows installer error w/Eset uninstalled, refer to this article: https://medium.com/@windows10help/how-to-fix-windows-10-installer-error-1601-6fc92be4a2ac .

Referring to this alert, do you have a HIPS rule that monitors child process startup from PowerShell? If this is the case, you will have to exclude conhost.exe since a number of Win internal maintenance PowerShell scripts invoke conhost.exe.

Another recent posting on this issue here: https://forum.eset.com/topic/39433-antimalware-scan-interface-amsi-integration-has-failed-endpoint-11020320/?do=findComment&comment=178892