itman

When you click on the Notifications settings under Tools, Eset should display the screen @Marcos posted. From your screen shot, it appears that setting is missing. Suggest you either do an Eset repair install if that option still exists for 12.2.23 or uninstall/reinstall 12.2.23. Make sure you export your Eset settings prior to uninstalling if you have made custom changes to the Eset GUI settings. You can then import those settings after 12.2.23 is reinstalled.

The above also applies to select SMB installations. I state this after one posted in the forum a while back that they allow their employees to install whatever software they want ......🙄

Possibly due to the behavior I observed in FireFox with SSL/TLS protocol scanning Interactive mode active. I was getting the below screen shot alert "up the wazoo" prior to finally arriving at the desired web site after repeatedly hitting the scan button. FireFox implemented DNS over HTTPS in the latest release. I have been using the option for a while. Appears Eset's Interactive mode can't handle it. My advice again is only switch to SSL/TLS protocol scanning Interactive mode when creating the web site certificate exception. Then immediately switch back to Automatic mode since Policy mode is busted.

I just discovered one major issue. SSL/TLS protocol scanning Policy mode doesn't work. Refer to the below screen shot. I added a certificate exception for mirror.cedia.org.ec . I then switched from Interactive mode to Policy mode. I then re-accessed the web site and Eset is still scanning the site. -EDIT- On the other hand, I know from testing the certificate exclusion does work in SSL/TLS protocol scanning Automatic mode.

Hum ........ We might have a "can't see the forest because of the trees" situation here. If the Eset firewall is set to Interactive mode, you will receive an alert for every outbound connection being made for which no firewall rule for that connection exists. Specifically in regards to FireFox this means if you connect to three web sites for example, you have to create an allow rule for each IP address associated with each web site. Ditto for any other Internet facing app you run. On the other hand, you can just create an allow firewall rule for the app process alone; i.e. C:\Program Files\Mozilla Firefox\firefox.exe and allow all outbound communication from that app. If you want a bit more control, you can specify only remote ports 80, 443 be used. The above will prevent any further Eset firewall alerts in regards to that process as long as all conditions for that rule are met. For example if FireFox attempts to use a port other that 80 or 443 as given above, you will receive an alert for that activity. As far as using Interactive mode for SSL/TLS protocol scanning is concerned, that mode should never be enabled unless you wish to create a specific exception for a given web site. For normal usage, always keep SSL/TLS protocol scanning mode set to its default Automatic mode. Web site certificate exclusions should also be kept to a minimum. This feature was never intended to be used for en-mass web site certificate exclusions.

The fact that you don't know what the extension is would be indicative of you haven't installed it in the browser you are using I assume. My point is that Eset will silently block sub-domains of mirror.cedia.org.ec. The Malware Domains list hosted there finally updated yesterday in FireFox. Here is the specific sub-domain I had to exclude from Eset's web scanning: Time;URL;Status;Application;User;IP address;SHA1 9/23/2019 6:20:47 PM;hxxps://mirror.cedia.org.ec/malwaredomains/justdomains;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX-XX\XXXXX;2800:68:0:bebe::3;C443C68B39CB7F9A524075015D74D1BCCA690DDF -EDIT- To make things even weirder, I can manually download the above site list w/o a beep from Eset. So the issue must lie in how uBlock accesses this domain.

Personally, I believe something else is involved in these instances when Win 10 displays this Windows event notification. The way it is supposed to work is at boot time, the following two events are logged in the Security Center event log: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore. The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore. Assumed is Eset is the cause of the above event log activity. However the Security Center is still in the process of initializing itself. As such, the Windows event notification should not appear. While this initialization activity is ongoing, Eset briefly allows Windows Defender to start and then terminates it. Security Center initialization completes with the result being Eset is registered as both the firewall and anti-virus provider.

https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/ Additional reference: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ Bottom line: 1. If you use cracked software, you do so at your own peril. 2. If Eset displays a PUA alert on something you want to install and you choose to install it anyway, you do so at you own peril. 3. If Eset alerts about a web site you wish to access and you choose to ignore it, you do so at your own peril.

Did you reboot after running Eset's Online Scanner? If not, do so and then try to install NOD32 again.

No. Ref.: https://support.eset.com/kb37/

Since no one has answered this, I will give it a shot. I assume you have already mapped this network share to an available drive letter; let's say it's "K." Also assumed is you have saved this mapping so you don't have to reenter it each connection attempt. Did you try to add the exclusion as K:\myfolder\myprogram.exe?

Elaborating, Eset switched the GUI to the Win Metro interface on vers. 9+. As such, all ver. 8 custom rules and the like will have to be re-entered from scratch. This does bring back painful memories ..........................

This is a gambling web site. My best guess is whatever intermediate DNS/ISP servers you are interfacing with in your current European local are blocking it. If Eset was blocking the site, you would be receiving an Eset alert. If whatever browser you are using is showing its respective block alert, then what I mentioned previously is most likely the cause.

Mozilla has an article about system clock error messages here: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites . As noted in the article, this error is most likely due to the fact the system clock time is incorrectly set. Again verify your Windows time settings and for example, ensure that your time zone is correctly set. Also while there, re-sync your system clock using the Windows time servers. Now test to see if the FireFox system clock error no longer presents. If the above doesn't help, note the section in the Mozilla article in regards to the BIOS clock and backup CMOS battery that is installed on your motherboard. Best way to check if the CMOS battery is still functioning is to boot to the Dell BIOS settings after the PC has been idle for a while. Then verify that the time shown in the BIOS is the correct clock time. Diagnosing this one is tricky since the PC must be fully powered off for a while. Win 10 fast startup option for example does not fully power down the PC. Power is still being applied to retain memory backup data. I can't explain why this issue doesn't occur with Avast except perhaps the version you are using is not performing SSL/TLS protocol scanning. The clock issue in FireFox is because it needs correct system clock settings to validate HTTPS web site certificates.

Via Options -> Security Settings, open the Certificate store and verify if Eset's certificate is present under the Authorities store.

I have seen quick response via product submission. What gets their attention is supporting verbiage provided plus references to authoritative sources detection such as VT. Better yet, a Hybrid-Analysis scan and Dr. Web detailed analysis if provided there.

Yes. Refer to my previous thread on RanSim here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/

For anyone interested, there is a video on this ransomware here: https://app.any.run/tasks/707d4e41-ff12-4179-85dc-1f41d6f85531/

Next time, post in the appropriate forum topic area; Eset Products for Mobile Devices, for better exposure. Sorry, I can't help you since I know nothing about the mobile product.

To begin with, Eset is never shown in Windows device manager since it is not a hardware device. Eset is security software. Certain Eset drivers are registered in regards to select hardware devices. However you would have to perform a detailed search to know this. Please clarify in further detail what your problem with your current Eset installation is. If possible, show a screen shot or other supporting information.

Since I have no way to dispute this, the statement is taken at face value. For testers, I advise you test your sample hourly and maintain a log of test times till Eset blacklist detection. This evidence can be then used to dispute any Eset claims otherwise. Per VirusRadar database, this was added to the 20053 sig. update I received at 3:37 PM EST. This is approx. 11 hours after @SeriousHoax made his initial posting in this thread and submitted the sample to Eset for analysis. .

VT update - Kaspersky and even MalwareBytes detects, but still not Eset ..............................

The issue had nothing to do with an untrusted certificate in my instance. Eset Web Access protection was blocking the domain under blacklist criteria. And it was not easy to find out as I recollect. Don't believe any alerts were being generated with default Web Access settings.

This is far from a new issue. Here's a posting from from 2018 in regards to the same domain: https://forum.eset.com/topic/14563-fixed-solution-certificate-pop-ups-an-application-on-this-computer-is-trying-to-communicate-over-a-channel-encrypted-with-an-untrusted-certificate/?do=findComment&comment=72949 . I became aware of it when I noticed that UBlock's Malware Domains extension database wasn't being updated. The workaround I posted above works for me. And again, I believe this in an Eset FP detection.

As far as "educational" ransomware being used maliciously is the infamous Hidden Tear incident aptly documented by Trend Micro here: https://blog.trendmicro.com/trendlabs-security-intelligence/a-case-of-too-much-information-ransomware-code-shared-publicly-for-educational-purposes-used-maliciously-anyway/