itman

Inbound UPnP traffic; i.e. port 1900, UDP, is a security risk; especially if originating from the router. Most ISP issued routers no longer perform that type of network traffic. You can stop this type of traffic by disabling Win SSDP service. I have w/o any subsequent issues occurring. Alternatively, you can disable UDP PnP processing on the router. Unless you really know what you are doing, I would not override Eset firewall inbound blocking

My suggestion here to allow for manual user entry of their financial web sites. I was surprised to see that option removed. Also, it was my previous understanding that only Eset whitelist web site redirection would be the only function deprecated.

All the blocked entries are for inbound network traffic from svchost.exe. They are also all UDP protocol related. Have you modified Eset default firewall rules or added new firewall rules?

Other security solutions detect malware on this web site: https://www.virustotal.com/gui/url/b46e440427a1adca8708e0d7ae228ff3380b47975ae146cc749f610ffea6357e

The no. of accounts varies by Eset in-country provider. In the U.S., it's a minimum of 10 licenses! Also as a FYI, what Eset is doing marketing-wise is not unique among AV solutions. BitDefender's VPN solution also has a 10 license minimum purchase: https://www.bitdefender.com/solutions/premium-security.html .

As far as WindScribe VPN goes, they do offer a "not to bad" free version and other options to lower its paid version cost: https://www.techradar.com/reviews/windscribe

Someone at malwareips.com noted it's WindScribe: https://malwaretips.com/threads/eset-v17-0.127074/post-1066689 .

You should also purchase an Eset consumer product of your choice. All Eset products will prompt you upon insertion of removable media to scan the drive for malware which is a necessity when the drive has been used on any external device.

I installed ver. 17.0.15 yesterday from scratch after uninstalling same and it appears to have fixed the memory usage problem. Now ekrn.exe stays at 40 - 50MB.

This is not going to get resolved until you post the Eset logs @Marcos requested. Only Eset moderators can access forum attachments.

If Secure all Browsers enabled was All Extensions specified for Extension installation mode per below screen shot?

Disable Browser Privacy & Security in Eset GUI and Eset's extension will not install in any supported browser.

From a developer's point of view, it was probably one of the worst features Eset implemented. It required constant maintenance of an internal whitelist of known banking and select financial web sites with constant forum postings for some web site not being included. Bottom line is Eset wants you to always run in Secure all browser mode since it eliminates all the above. If you chose not to do so, B&PP standalone mode still exists accessible from Win desktop icon or within the Eset GUI.

It has been noted multiple times in past forum postings by Eset moderator that B&PP redirection would be removed in future Eset versions. The more recent of these postings stated it would be removed in ver. 17 as noted below;

Only for Firefox. Eset doesn't support Brave browser.

Refer to this Sucuri scan of your web site: https://sitecheck.sucuri.net/results/https/beskidzywiec.pl .

Actually, it's a problem for any AV solution currently performing HTTP/HTTPS scanning. See this posting/thread on the subject: https://forum.eset.com/topic/38340-web-access-protection-and-encrypted-client-hello-ech/?do=findComment&comment=173774 . Appears the only security solution that performs HTTP/HTTPS scanning that has figured out how not to bust ECH tunneling is AdGuard and only if using their DNS servers. -EDIT- "To add to this mystery" the Cloudflare test web site: https://www.cloudflare.com/ssl/encrypted-sni/ is excluded from Eset HTTP/HTTPS scanning which can be verified by mouse clicking on the web site page lock symbol and noting that Eset's root cert. is not shown. However if Eset SSL/TLS scanning is disabled, then the Secure SNI test passes. One possibility is Clouldfare is redirecting to this web site: https://crypto.cloudflare.com/cdn-cgi/trace/ to perform the Secure SNI test. This web site is scanned using Eset SSL/TLS processing.

Steam has instructions here: https://help.steampowered.com/en/faqs/view/66C8-4FF1-8470-B666 when using a firewall.

Based on what is posted here: https://help.steampowered.com/en/faqs/view/2EA8-4D75-DA21-31EB , it appears Steam randomly assigns ports in the ranges specified in the article. Hence, Eset firewall alerts being generated when different ports are being used. You might consider creating firewall rule/s for Steam processes for the port ranges specified. Or, creating generic rules for Steam processes without port specification.

Again, the problem is with your router configuration; https://medium.com/@jamescuban99_23577/how-do-you-resolve-an-ip-conflict-and-what-is-it-6d4f651a3508

First, refer to this Microsoft article: https://support.microsoft.com/en-au/topic/fix-duplicate-ip-address-conflicts-on-a-dhcp-network-d68499da-69a3-da3b-4630-d17e502adf50#bkmk_details . You can also exclude the static IP address from Eset IDS detection as shown in this Eset knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows .

Similar posting here in regards to ver. 17.0.15: https://forum.eset.com/topic/38893-antimalware-scan-interface-amsi-integration-has-failed/ . In this case, the problem disappeared when the user did a Win restart.

Open Eset GUI -> Network protection - Network Connections. Select your network connection and right button mouse click on it per below screen shot. Select Edit and change network profile from Public to Private. Once changed to Private, you can additionally set the network connection to "My Network."

To receive equivalent protection you need to enable Secure all browsers option for Safe Banking & Protection per below screen shot. In this mode, the Eset supported browser is in essence running in permanent Banking & Payment protection mode. Also note that the previous redirection to Banking & Payment protection mode only worked for select financial web sites previously defined by Eset; not all such classified web sites.

Manually uninstall Eset extension in Chrome and Edge if installed. Keep Browser Privacy & Security disabled. Is the problem resolved?