itman

Then why doesn't write activity detection in this registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\* , work?

I believe what you are stating is Eset HIPS has preset internal rules/whitelist/etc. that allow for monitoring write activity in select registry keys only. That is not acceptable. I should be able to monitor write activity in any registry area I desire.

You're kidding here I hope. Here's a nasty one - Snatch ransomware: https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/

In the Eset firewall you created, change the protocol setting to any and retest.

First, Eset as far as the Banking and Payment Protection feature only officially support Chrome, Edge, IE, and Firefox. As far as normal web browser use, Eset should work with all Windows based browsers. The "glitch" would be SSL/TLS protocol scanning. If a browser such as Yandex uses an internal root CA certificate store versus the Win root CA certificate store, then you would have to manually import Eset's root CA store certificate into it. Doubtful that Eset would do that automatically at installation as done for one of the above noted officially BP&P browsers.

Eset in its online HIPS documentation states it can monitor registry key additions. Problem is I have tried repeated to create a rule to do so and it does work. For example, a HIPS rule monitoring all registry changes for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\* doesn't stop a new registry key from being created there.

Since no one has answered this, I'll take a shot at it. Notice the log entries for spare-7 device. The first entry shows APIPA: https://www.geeksforgeeks.org/what-is-apipa-automatic-private-ip-addressing/ , network IP address assignment. When there is an issue with auto DHCP device address assignment by the router/gateway, Windows will fallback to APIPA IP address range assignment. I do know at least for Eset client products, it doesn't handle APIPA address assignment well and the result is usually a duplicate IP address warning/block. On the other hand, spare-7 is showing in the AP

You can test Eset web site protection using yandex browser here: https://www.wicar.org/test-malware.html The eicar.com test should be sufficient.

For starters, create an Eset firewall rule for surfshark.exe including its full path name. Set the rule to allow all inbound/outbound UDP and TCP protocol traffic. Move the rule to the top of Eset's existing firewall rule set. Make sure to save your firewall rule changes. If Surfshark works OK after performing the above, the issue lies with an existing Eset user created or default firewall rule.

Refer to this: https://help.eset.com/eis/14/en-US/idh_referral.html . Your existing license time is only extended if you are also using a trial license. Paid license time is not extended based on what is shown for this topic in Eset on-line help:

I posted "clear" the log; not remove it. In Event Viewer, open Applications and Services Logs -> Microsoft -> Windows and scroll down to WMI - Activity log and expand the entry. Right mouse click on the Operational log and select - Clear Log. Alternatively, you can select Properties and mouse click on the Clear Log button displayed there.

As far as KB4023057 goes, I also received it again on 2/19. Appears this is an update to Windows Updating itself and Microsoft is just using the prior KB number.

Yes. But Display notifications on desktop was disabled which I enabled and hopefully was the issue. "One of my favorite self-inflicted Eset snafus" is to inadvertently disable this setting via Eset desktop notification popup option. When that is done, it disables the the corresponding Eset GUI setting. Wish Eset would reposition this option at the bottom of the list of available options to prevent inadvertently selecting it. Thanks for the reply.

Eset populates the DNS suffix with whatever is established for connection-specific DNS suffix value established by DHCP initialization as I posted previously. You can determine the current connection-specific DNS suffix value by opening a command prompt window and entering the following: ipconfig /all Under each network adapter connection section in the display, note the value shown for connection-specific DNS suffix value : Above is shown DNS suffix assigned via my router and ISP for my Ethernet network connection. Note that the "lan" value you are observing is being as

Win 10 x(64) 20H2, Eset IS 14.0.22 This just started a couple of days ago. Assume it might be related to a recent Win 10 update or the like. Eset is updating fine. The problem is the desktop popup notification no longer appears after a signature or module update. All other like Eset desktop popup notifications working fine.

Based on your posted screen shot, "lan" network does not exist. Repeat the same Eset GUI access process but this time, mouse click on "Connected Networks" and post a screen shot of what is displayed:

Correct. But the excessive logging in the Win WMI event log should not be adversely impacting anything. It doesn't do so on my PC. When I run an Eset scan that scans WMI entries, I just clear the WMI log to remove all those bogus error log entries.

The above HIPS log entries show Windows Defender real-time is running which could be all or part of the issue. Note that when Eset is installed, it turns off both Windows Firewall and Defender. This status should also be shown in Windows Security Center. As far as I am aware of, Eset doesn't officially support Win pre-release versions let alone beta versions.

In Eset GUI firewall settings, mouse click on "Edit" for Known Networks setting per the below screen. This will show all network connections set up in Eset. Post a screen shot of what is shown. Normally, there should be only one connection shown in Known Networks which is associated with your network adapter. The network name assigned by Eset is normally the connection-specific DNS suffix assigned by your ISP during DHCP initialization at system startup time. Eset assignment of a "LAN" network name indicates to me you might have an ISP issue in regards to DHCP processing, or there is an i

As far as Webroot's BrightCloud filtering: https://www.brightcloud.com/tools/change-request.php# BrightCloud use is not free with cost based on URL lookup use.

Here's an interesting parental controls bypass; no proxy or VPN needed: https://www.makeuseof.com/tag/7-ways-children-might-bypass-parental-control-software/

Here's Eset's online help instructions in regards to leaked license detection: https://help.eset.com/license_manager/en-US/elm_leaked_license.html

No problems here with Eset on Win 10 20H2 since I upgraded to it last fall.

I actually found a posting on this subject: https://security.stackexchange.com/questions/107105/what-do-browser-vpns-actually-do . The gist of it is: I believe Eset's Parental Control monitoring is IP address based as is most of Eset's web filtering.

Seems the way around this issue is to use something that is router based such as Cicso's Family Shield: https://umbrella.cisco.com/blog/introducing-familyshield-parental-controls that works in conjunction with OpenDNS. Obviously, router access needs to be locked down.