itman

Would be interesting to know where you found those language options? Suspect those might only be available via ERA installation.

What I suggest is Eset display an informational popup alert that the browser certificate add attempt failed. Many users don't review their Eset Event logs as they should. Also any browser with a master password option such as that employed by FireFox will be problematic for this activity since it appears this setting will block Eset's certificate add attempt.

Is this a commercial or consumer installation? If commercial, I believe the appropriate Eset product would be either Eset Endpoint Antivirus (EEA) or Eset Endpoint Security (EES). The commercial equal to NOD32 is Eset Endpoint Antivirus. Note that EEA or EES have minimum license seat requirements. Neither are available as single license puchase option.

Proper diagnostic procedure in regards to optional or non-default settings of software of any type is as follows. Modify settings one at a time. After each modification, perform necessary functional testing to ensure the change is performing as designed/stated and is not adversely impacting the specific software or other system operations. This is also the only way to definitively identify specific software issue/s. The worse thing that can be done is to en-mass modify settings since it becomes impossible to identify which change resulted in adverse software or system operation.

Open Windows Task Manager and see if either Eset Service or ekrn.exe is running. Additionally, Eset Proxy GUI should also be listed and running. In any case "Security at a glance" should not be totally blank. Does this directory, C:\Program Files\ESET\ESET Security, exist assuming you're running a x(64) Windows version. Does it contain files and folders? Also are you running Windows Pro or Enterprise?

Another thing that is not just adding up right in my mind is this attempted Eset root CA certifcate add into Firefox would make sense if FireFox was opened manually by the OP. As he posted, FireFox is not his default browser and it is assumed this browser, whatever it may be, is what he is using for Internet access.

If Eset IDS protection detected a DNS poisoning attack, there should be entries to that effect in the Eset Network Protection log. If there are no log entries to this effect, then your Internet connection issue is not related to this IDS setting.

Did you do what I posted previously? Namely enable the option "Disable checking upon inbox content change." If that doesn't help, next uncheck mark the option "Integrate into Microsoft Outlook" on the same screen. Eset will still scan all incoming POPS or MAPS protocol traffic. You do not want to totally disable Eset's E-mail filtering protection.

If you are referring to the default scheduled scan at user logon time, I would leave the parameters for that scan alone. It should run as originally setup. It will only scan system areas vulnerable to malware that runs at logon time and only runs for a few seconds at most.

Agreed. I never use the CD for other than another coaster. The main reason for the CD version is I am assured a legit license key and I have a readily available source for my license key w/o trying to find my confirmation e-mail.

According to this posting, the activity should be logged in the Eset Events log: https://forum.eset.com/topic/16028-attempting-to-add-the-root-certificate-to-all-known-browsers-on-your-computer-failed/ -EDIT- Also make sure you read the last posting in the above thread. The OP had set FireFox Master Password option on which was the cause of Eset's failure to add it's root CA certificate to FireFox's Authorities CA certificate store.

Did you verify that only one instance of ekrn.exe is running?

The Eset certificate import into browsers should only occur once; usually at installation time. The original posting lead me to assume multiple Win Event 4688 log entries existed. Also as a long time Eset user, I have never seen any like log entries associated with Eset use in any capacity. Finally, these log event entries show system process activity that occur immediately at boot time and prior to lsass.exe loading and user logon.

According to both the English and French Eset online help for EEA, the correct codes for French(France) language are: PRODUCT_LANG=1036 PRODUCT_LANG_CODE=fr-FR Ref.: https://help.eset.com/eea/7/en-US/supported_languages.html

A few clarifications needed. First, multiple AV/anti-malware solutions can be installed. However only one should have its real-time protection enabled to avoid conflicts. The other solutions should have their real-time protection option disabled. Some solutions will run just fine in this status. Others might constantly complain via internal status display or alerting about their real-time protection being disabled. The interesting point posted is AVG's detection of an Eset protection module. Granted it was a "suspicious" detection but I would assume AVG is capable of detecting known safe processes/dll's. So let's get back to the original posting where you stated you installed a free version of NOD32. Do you mean that you installed it in trial license mode? Did you download NOD32 installer from the official Eset web site? Finally, to avoid conflicts with multiple AV solutions installed, the main engine component of each should be excluded from the other solution. For example in AVG, ekrn.exe needs to be excluded from AVG's real-time scanning, behavior monitoring component, web access protection component, etc.. Likewise in Eset, the above AVG protection components need to be excluded from Eset's real-time scanning, HIPS, and Web Access protection components. Bottom line and again - it is best to only use one AV solution. If others are used, you must disabled all their related real-time and behavioral/HIPS components and only use these solution as on-demand scanners.

Open Process Explorer or Win Task Manager and see if multiple ekrn.exe processes are running. There should be only one instance of it; a child process of services.exe.

Also this activity does not cause a like Event 4688 entry to be created when B&PP activated within a FireFox session.

OK. I am using EIS. Thought B&PP was also included in NOD32. Just checked my Event 4688 Log entries and the only thing I observe is activity from Win system processes. I know of no reason why ekrn.exe would actually attempt to load FireFox outside of B&PP activity. Very strange indeed.

Suspect this is caused by Eset's Banking & Payment Protection. It in essence opens a hardened browser session under ekrn.exe protection. Did such activity occur around the time the Windows Event Log entry was created? However, this only occurs if FireFox was already opened. If B&PP is selected via desktop icon, it will open the Win default specified browser.

Don't you have direct contact info to Eset headquarters tech support in Slovakia?

What I will note is that it is virtually impossible via web search to find an authorized Eset reseller. A search for U.S sellers will point you to Eset U.S. web site in San Diego, CA. I have always made it a point to purchase sealed box versions of whatever Eset product I was purchasing from whatever source in the U.S., and never had a licensing issue.

Purchase a new license from the Eset web site or an authorized Eset retailer. Places like Amazon, eBay, etc.. are not authorized Eset retailers. If you have made customized changes within the Eset GUI, export those. Uninstall your existing Eset version. Reboot if not specifically requested to do so after uninstall. Install the Eset version you just purchased and activate it with the provided license key. If Eset previous settings were exported, import those into the newly installed Eset verion. Neither MBAM or SuperAntiSpyware are needed. If MBAM is installed, its real-time protection should be disabled since it can conflict with Eset's like real-time protection.

There is no "free" Eset product to start with. There are Eset products named NOD32 and Eset Cyber Security - for Mac's only. There is no Eset product name NOD32 Anti-Virus & Cyber Security.

Personally, I think the feature is a bit "spastic" to me. I had the same behavior occur in select earlier Eset versions. The latest versions so far have displayed the splash screen in a consistent manner; as least so far ......... knock on wood.

This reference: https://help.eset.com/eea/7/en-US/installation_command_line.html is for Eset Endpoint Antivirus ver. 7. Note however that the installer is named ees_nt64_enu.msi; not eea_nt64_enu.msi. The format for command-line installation is: msiexec /qn /i ees_nt64_enu.msi ACTIVATION_DATA=key:AAAA-BBBB-CCCC-DDDD-EEEE I checked your Eset download link and it is indeed eea_nt64_enu.msi, so I am a bit confused. Substitute eea_nt64_enu.msi in the above command as see if that will work. -EDIT- Here's a link to the French version: https://help.eset.com/eea/7/fr-FR/?installation_command_line.html . In the on-line help, the installer is repeatedly referenced as eea_nt64_enu.msi except in the command-line installation section. Looks like a documentation screw up by Eset to me.