itman

You should be able to excluded the app via file hash or detection name. Refer to this online help article: https://help.eset.com/eis/13/en-US/idh_detection_exclusions.html

Assuming you're running Win 7 Pro+ versions, extended support will available after 2/2020. However, it is not cheap: https://www.petri.com/microsofts-windows-7-extended-support-pricing-announced From an economic view, you would be better "biting the bullet" and upgrading to Win 10 Pro. The Win 10 Enterprise versions are a different story since they are only offered via subscription method.

Augur appears to be flagging anything that displays malicious behavior whether its malicious or not. Worse, it will flag via a Smart scan. So the process doesn't even have to execute. For example, yesterday I ran my first Smart scan under 13.0.22. It detected HitmanPro Alert's Test Tool as ML/Augur - trojan. Granted this is a security test tool that performs all kinds of simulated nasty malware behavior. If the detection was at attempted execution time, I could accept the detection. Note this file has existed on my disk for years w/o prior Eset detection issues. Also, I have been receiving feedback via PM that many others are having their security test tools and the like being detected by Augur. I am all for more aggressive Eset detection methods, but believe the best application for same is at execution time. Is the solution here to disable Advanced Heuristics on the Smart Scan?

This is a Stop ransomware variant. If it's a new version, you're out of luck as far as decryption goes. If it's a variant that precedes 8/2019, Emsisoft might have a decryptor for it: https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Check your network settings and make sure you have full Internet connectivity. Yes, Augur is turning out to be quite agressive. I just found that out when I ran my first 13.0.22 scan and it deleted HitmanPro Alert Test Tool. As far as uTorrent goes, Eset flat out doesn't like it. You will have to exclude it from being detected.

Only way that is possible is if you upload them to a file sharing web site and post the link to them in the forum. Only Eset moderators can read any forum attachments.

Does this happen only with utorrent.exe or any executable you select?

As the OP noted in another forum, he installed utorrent prior to installing Eset. Assumed is he was careful not to allow any of the PUA installer crud that comes with it. I am beginning to think the above might be a factor in the utorrent.exe startup in some way. Something along the lines that Eset keeps performing a detailed scan on startup for PUA crud and the like. As such, @Marcos suggestion to reinstall utorrent with Eset installed might also eliminate the issue. Also don't believe excluding utorrent from real-time scanning is a good idea.

Was the update performed via Eset GUI upgrade option? Make sure you use Eset's GUI Export feature prior to uninstalling to save all your existing settings. After reinstalling, then use the Eset GUI Import feature which will recreate all your previous settings. Also since you have appeared to have created and/or modified Eset default firewall settings, ensure that those changes haven't adversely impacted on DNS server access and resolution. See this: https://ugetfix.com/ask/how-to-fix-error-code-dns_probe_finished_nxdomain-problem/ for further details and possible mitigations to the issue.

All I can suggest is what worked for one Eset user having the same issue using Firefox. In that instance, the user totally uninstalled FireFox. Then and most importantly, he deleted anything leftover including his FireFox profile. Note that FireFox does not delete the user profile file when it is uninstalled. This will allow the user to retain all his custom settings when FireFox is reinstalled. The problem is most of the "nasty" issues are due to a corrupted profile and the only resolution is to allow FireFox to build a new profile when it is reinstalled. You will have to do research if Chrome works the same way. That is if the profile is retained when it is reinstalled. If this is the case, advise you do what is stated above. Then recreate all your custom settings including add-ons and extensions. Finally, now retest at the AMTSO Desktop Phishing test site. Alternatively, below are a couple of "live" phishing web sites that Eset's phishing protection detects: http://www.paypal.com.myhr.app.aruntest.shnpoc.net/ http://alnamal.com/

Are you running as a limited admin or a standard user? As you are aware I assume, the screen shot popup occurs when the sign-on user account doesn't have sufficient privileges to perform the required action in reference to the object being accessed. Have you employed GPO in regards to SRP rules? Are you using any other security software that can restrict access to system objects such as SysHardener, OSArmor, etc..

The school network would be my best guess. You should switch to the Eset firewall Public profile when you are connected to a public network. -EDIT- The above assumes you were directly connected to the school network via Wi-Fi connection or Ethernet connection on the school premises.

Is this a default setting? -EDIT- Ignore this. Forgot I added that exclusion manually.

As far as ver. 13.0.22 goes, four startup scans can possibly run assuming the PC has been powered down for some time: system startup user logon - files run after user logon * system startup after module update - commonly use files * * Not supposed to run in battery on mode update after user logon - update profile based regular update - update profile based So it appears what you are observing are the last two scans running due to the fact a module update most likely occurred at PC power up time.

Like I posted, it hasn't occurred again. Also, it was random in nature in my case. So Process Monitor use is not applicable; the log would be enormous. In my case, I strongly suspect something like a process hollow attempt was made against ecmds.exe to modify it. Upon process startup, Eset's code signing certificate hash for ecmds.exe didn't match its modified size.

Tip: When it comes to freeware, always opt for the "portable" version. As such, no software installation is performed. If the freeware does not offer a "portable" version in the form of a zipped download, consider that "a big red flag" that something is suspicious about the software. Note that LightShot is not offered in a portable version. Now the following I find hilarious. There is a web site that supposedly offers a portable version of LightShot here: https://karanpc.com/lightshot-free-download/ . When you select the DirectLink download, you are greeted with the below screenshot. If you proceed further, you are indeed a fool.

https://malwaretips.com/blogs/remove-yandex-ru-search/

As far as CPU-Z goes, download the zip version from here: https://www.cpuid.com/softwares/cpu-z.html . It is in essence the portable version and installs no drivers. It will run with Eset not detecting anything.

@Rami is correct. It's the installer that contains the PUA/PUP components. Refer to this article for another like example of how crud is embedded in installers and a way to remove the crud from the installer: https://superuser.com/questions/1246402/remove-adware-from-installer-exe-before-installation . I have often commented in other forums that there really is no such thing as "free" software. For many of these, you will indeed end up paying for the software via adware and the like.

STOP Ransomware Decryptor Released for 148 Variants https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/

You're clean. In this instance Eset detected a redirect to a malware web site via JavaScript HTML code associated with the web site you were viewing at the time.

Just noticed that my HIPS specified logged entries are now appearing in both the Eset Event and HIPS logs. Is this by design?

Post a few link references to what you used. We still have no idea what you are referring to in regards to this border issue and how it could be in any way related to the Eset software you have installed.

One other important part about ecmds.exe. It only runs at system startup time via a registry run key. Its sole purpose is to start the desktop toolbar icon Eset GUI and Windows Security Center processes. If it runs at any other time, it is most likely malware related. It would be an ideal malware target since it can run hidden.

I assume you have verified that ekrn.exe is indeed running and Eset is fully functional? Also did you verify that WD; i.e. MsMpEng.exe, is not running? Appears this is a "glitch" with EFS registration processing on Server 2019. Suggest you open an Eset support ticket.