itman

"Green people" are always better than "red people." Devils are usually portrayed as red people.😁

When Eset is installed originally, all its settings are at default values. When an Eset in-program product update is performed, all existing settings are retained. The same applies if you download an off-line installer version and run that to perform an "on top" installation over the current version. As far as your current Eset GUI settings are concerned if they are not at default values, it is because you manually changed them. Another way your default settings could have been changed is if you previously saved your settings via Eset's settings Export feature and sometime later used the Eset Import feature. If you want to reset Eset back to its original default settings, the easiest way to do so is: 1. Uninstall your current version. 2. Download from the Eset web site that latest product version you have a license for. 3. Install the latest Eset version you downloaded. Note: The above obviously will result in any custom Eset GUI changes you manual made being removed.

I wouldn't put a lot of stock into their statements. The Eset installer supports multiple languages. I could install an Eset license purchased in the U.S. and at installation time select Spanish for example, as the installation language.

Are you stating the BIOS/UEFI no longer recognizes the drive where the OS is installed on? Are you sure that the drive selection order just didn't get rearranged and the first drive selected is the USB drive. Did you physically remove the USB drive from the device and then try to boot with the HDD auto selected and Windows starting?

OK. I enabled Edge startup use. Both the eicarcom2.zip downloads blocked by Eset. See below screen shot:

It's located under Cloud-based protection. See the below screen shot:

I also just tested these two downloads in FireFox and Eset detects. I currently have Edge start up blocked in Win 10 so I can't test using Edge. Also which version of Edge are you using; the new Chromium based version?

Here's the problem with Eset's distribution network. There is usually only one authorized partner per country. However that partner can set up reseller arrangements with other in-country business concerns. The problem is the only way to know if the reseller is legit is by directly contacting the in-country authorized Eset parnter. So my advice is to use the above link I posted for Eset - Portugal and contact them directly if blitzhandel24 is one of their resellers. Also note that Eset licenses are country specific. If a reseller is located let's say in Germany, that license won't work if installed on a device located in Portugal. It does appear to me that blitzhandel24.com is a German business concern. Note: I am not familiar with EU trade agreements in regards to what is stated above. But I strongly suspect that the in-country license restrictions also apply to the EU countries.

Did you check the price for Eset on this web site: https://www.eset.com/pt/ ?

in Win 10 Sign-In options, make sure your password setting options are properly setup:

All Eset's reputation status is showing is that the application is new; i.e. recently discovered. As such, there is not enough feed back "reputation" data to mark the process as a fully trusted one. Note however that the check mark status is green in color which would indicate other than low use of the app, Eset did not find any other reputation based isses. You're "reading to much" into this security mechanism. It is performing as designed and is showing nothing more than what use, and the status of that use, is at a given period of time. The time to be concerned about Eset's reputation status is if a highly used process shows red - risky.

In regards to my above recommendations posting: https://forum.eset.com/topic/23153-logging-of-dropped-packetsblocked-connections-in-interactive-firewall-mode/?do=findComment&comment=112031 , it appears presently that a hidden "Ask" rule is run after all existing firewall rules have been parse in Interactive mode. As such, I would recommended that Eset by default log all activity resulting from a firewall alert while in Interactive mode. Eset rule creation is not the "most straightforward" process in that Advanced settings must be accessed and appropriate check boxes marked. Or simply the Allow action is selected, and a permissive rule created. Having a log entry showing all applicable original network activity as a reference point would be very beneficial in post event forensic analysis.

Also let's talk about AMTSO testing standards that member AV labs adhere to. The standard for real-time AV product testing is the malware sample must be downloaded from its source. If "simulated" malware is employed in a test series, it must be indicated as such and can not be used to penalize for non-detection in certification testing.

I would also recommend you password protect your Eset GUI settings: https://support.eset.com/en/kb3433-best-practices-to-protect-against-filecoder-ransomware-malware

Let's talk about malware delivery since I am really tired of this ad hoc amateur testing baloney. 90%+ of malware including ransomware arrives on a device via e-mail. That is the malware dropper is the e-mail itself. If your going to test a product's anti-malware capability, you need to duplicate how the malware was delivered. This means your malware sample needs to be the source e-mail. Additionally, the e-mail must be delivered through normal e-mail methods; not downloaded as a password protected archive malware sample. If downloaded as an archive, extract the e-mail malware sample and e-mail to yourself. What is going on with these ad hoc tests is the samples being used are malware components embedded in the e-mail; scripts or whatever. Running these outside the context on how they were actually deployed is not only irresponsible, it is ridiculous. The common perception being perpetuated is that the malware payload; i.e. sample, is effective regardless of how it is deployed. That's is a flat out misconception. Finally, ponder a bit on what is the basic element of malware behavior testing. That element is duplicating the behavior on how the malware was delivered originally.

Below is a screen shot from FireFox. Yes, one of the scripts shows garbage characters at the end. However, the script Firefox is throwing an error on does not.

As far as all this amateur ad hoc malware testing is concerned, I think the Chicken Little nursery rhyme is appropriate. Foxey Loxey is the malware payload deliverer: https://www.worldstory.net/en/stories/chicken_little.html

This time all I get in FireFox is a spinning circle on the displayed web page.

Another "absurd" test from the PC Security Channel. To begin, the author is an Emsisoft employee that "supposedly" runs this web site independently. If you believe that, I assume you also still believe in the tooth fairy. The reason why he disabled real-time scanning is his supposed objective is to test Eset's behavior detection. He repeatedly refers to Eset's HIPS indicating the fool has no idea how Eset's protection mechanisms work. By disabling real-time protection, he disabled the most important new Eset protection; Augur's advanced machine learning. This type of "garbage" testing is what you would expect from the amateur ad hoc malware test sites. These also espouse disabling a security solution's real-time protection to supposedly test a products behavior detection capability. However, the PC Security Channel author purports that he is a skilled "security professional." Finally and most import and highlighted previously by @Marcos is this. Malware doesn't just "magically" arrive on your PC. All this like crap testing assumes just that since the amateurs just run their previously downloaded password protected archived samples one after another. The whole objective of modern security software is to prevent those downloads from happening. If this can be achieved, anything after that point is irrelevant.

I see other issues here. As far as these keys are concerned: My Groups or use names correspond exactly to what @JozefG posted. Any other entries there are suspect. You might want find something that will set your registry permissions back to Win 10 defaults. Or proceed with a Win 10 repair or fresh install.

Of note is this article that notes ChinaNet; i.e. China Telecom, is the no. 1 source for BGP hijacking: https://www.zdnet.com/article/russian-telco-hijacks-internet-traffic-for-google-aws-cloudflare-and-others/

Show a screen shot of the PUA alert. I have never seen an Eset detection that begins with "BH/."

As implied, Eset BP&P uses whatever default browser was set up in current Windows installation. Appears that was set to IE11. If you want to use Google Chrome for BP&P, you simply change your Windows default browser setting to Google Chrome.

That's an interesting question and the answer depends on why the feature was developed. Basically it's a way for nob users to auto create a firewall rule for a connection Eset blocked. By simply clicking on the Unblock tab, a "permissive" firewall rule as the Eset mods phrase it is created. "The devil in the detail" is the rule created is just that - permissive. For example if a program network communication is blocked, the rule created will allow all network communication for the program. The main problem with Network Wizard is you have no idea that Eset blocked any network connections unless you open the Eset GUI and then Network Settings.🙄

That's by design since the firewall only supports IP addresses. Ditto for most other firewalls.