itman

Are you positive your network connection is active while in lock screen mode? Are other apps auto updating in this mode?

Also read this posting: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-to-read-this/

The reason why its not an issue for the Win firewall is Windows lets apps dynamically create firewall rules. This in effect overrides the purpose of using Interactive mode in the first place.

Nano Antivirus is also detecting it at VT when I just checked. Also VT detections are static ones for the most part. As such, other security solutions might also detect it via dynamic means.

Position the mouse pointer over the quarantine entry. What is the value shown in the Count field?

Adding and deleting Win firewall rules "on the fly" is not the way to accomplish this. Use of netsh advfirewall firewall via remote execution method should be restricted. If you can do it, so can an attacker.

Yes. Eset is just not scanning files at user logon time but also other system areas such as registry and WMI storage areas. By delaying this startup scan, you have in effect nullified its intended security protection intent. Eset scans some system areas and files early in the system startup phase. Examples are MFT, drivers, etc.

I will also make this comment about Eset's Security Report. I would take what is shown there "with a grain of salt." It for example. does not register a correct count for any Thunderbird e-mail scans for my IMAPS e-mail provider.

What I will do is use lock screen the next time I am away from the PC for a long enough period to verify or not Eset will update in lock screen mode. BTW - it is more secure to sign-off versus using lock screen when the PC is unattended for an extended period of time. In sign-off mode, the Internet connection will not be active.

The Detections count on the Security Report does not include blocked web pages. Scroll through your Detections log. Count up how many non-blocked web page detection's exist for the last 20 days.

Are you sure you're not being signed-off and/or entry into sleep mode after a certain period of time while in lock screen mode? Does the desktop when displayed upon resume from lock screen mode show Eset and Windows Security Center icons immediately on the desktop toolbar. Or, does it take a few secs. for these icons to appear? If the latter, you have indeed been signed off.

This is by design. Eset will not update if you are not logged on to the PC. It will perform a signature update immediately after logon if one is available.

In Eset Firewall settings -> Known networks, verify that two network connections exist; one for your LAN and one for the WAN connection. I also suspect the issue here is Eset is not recognizing the WAN connection due to the way it is being established; i.e. via command line setup. Eset sets up its network connections based on DHCP initialization processing at user logon time, existing network connection reset, etc.. In other words, from existing router settings. You might have to manually add in Eset Network settings, a network connection for the WAN connection. BTW - I assume you

Did you verify that the Regular Automatic Update task in the scheduler is running every hour?

OP never explicitly stated he had Eset installed. I suspect that he was just looking for the tool. If Eset was installled, an on-demand scan should have been able to detect WMI malware since it now scans WMI entries.

Restoring a file from Eset Quarantine does not require a password. Are you stating that Eset GUI settings are password protected? Ref.: https://support.eset.com/en/kb3195-restore-a-quarantined-file-in-eset-windows-home-products

MSBuild.exe can be used maliciously: https://attack.mitre.org/techniques/T1127/001/ . If you are deploying PlugX within the app, this might be what is triggering the Eset detection.

Based on what is shown in this article: https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/hotspot-netsh-wlan-start-hostednetwork/9ebe358b-b28f-4a2d-b06a-c6333782aadd , you have to manually set this connection to shared status. Did you do this? Also of note from this article:

This first thing to check is if Eset updates are failing for some reason. Check Eset's Event log for any like entries in this regard. The next thing to check is Eset's scheduled update setting. Open Eset GUI. Then Select Tools -> More Tools -> Scheduler. Verify that the Update task for Regular Automatic Update is enabled and its frequency is set to the default internal of 1 hour per the below screen shot. Also take note of current Next Run and Last Run values. These will show if Eset's signature updating is indeed running as currently scheduled. Note: I have modified my f

Did you also disable SSL/TLS protocol scanning - see below screen shot - as @Marcos requested?

Most likely something to do with the Win firewall rules the product creates at installation time.

I would contact ThompsonReuters tech support. They might be able to shed some light on where the issue might be with Eset NOD32. It isn't network related since NOD32 does not have a firewall.

I also don't understand the issue here. I assume you're stating that that app has a 10 sec. delay upon opening. Is that a problem? Unlike a browser that is opened many times per day, I assume an app like this is opened just a few times per day; e.g. user logon time.

I agree. Best Buy and MicroCenter also sell the same version here in the U.S.. One possibility is that they changed the installer to enable Gamer mode in real-time protection. The default setting is paused.

You can disable the Eset firewall as shown in the below screen shot. Disable time options are shown including permanent disabling - not recommended: