itman

I would say its paranoid, The only memory attack I know of is row hammer and it applies to ECC memory which most users don't purchase due to its higher cost: https://www.wired.com/story/rowhammer-ecc-memory-data-hack/ . As far as a nVidia firmware hack, I never have heard of one.

If I am interpreting this right, you're trying to login to Office 365 through this internal application? If this is the case and alternatively, you can just exclude this internal app from Protocol filtering. This is much safer than totally disabling SSL protocol filtering. See the below screen shot:

I will also add, what Filtering mode do you have the HIPS set at? If its set to Auto(default) or Smart mode, what @Marcos posted is applicable; the HIPS should not be blocking anything in the directory you posted. If on the other hand the HIPS Filtering mode is set to Policy or Interactive mode, that's an entirely different issue.

Let's back up to this posting. I don't know how good McAfee is at detecting UEFI/BIOS malware. However, I do know Eset's AV scanner can detect the same. I suggest you uninstall McAfee. Reboot and install either NOD32 or Eset Internet Security in 30 day trial mode. Either one as part of the installation process with run an in-depth scan on all connected SDDs/HDDs; see below screen shot. This in-depth scan will include an UEFI/BIOS scan. Ref.: https://www.eset.com/int/home/free-trial/

Again if Sakri is not responding to your inquiries about this, you need to contact Technobind about the issue. As I posted above, it appears Technobind is Eset's authorized distributor for India. If Technobind informs you that Sakri is not affiliated with them in any way, then Sakri is the only source that can resolve this issue. If Sakri refuses to resolve the issue directly or indirectly by not responding to your inquires, it appears you have been a victim of a fraudulent purchase.

Are you referring to the EsetUninstaller utility? If so, did you run in Windows Safe Mode? Do you have any other third party AV software installed; Avast, AVG, etc..? If so those should be uninstalled and their respective clean up utility run.

BTW - I forgot to mention this possibility since you have an ASUS motherboard: https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/

Is this a pre-release install? 1903 hasn't been officially released yet.

A couple of points here to clarify. On Win 7, Windows Defender only provides spyware protection; ref.: https://support.microsoft.com/en-us/help/14210/security-essentials-download .The default AV on Win 7 is Microsoft Security Essentials (MSE). MSE is disabled by default when Eset installs. There is no way to run MSE in on-demand mode once it has been disabled. The reference to using WD as an on-demand scanner only applies to Win 8.1 & 10.

Since it appears you ignored my suggestion to reinstall Eset, do a repair install and see if that resolves your LiveGrid issue.

Do the following which will validate that a LiveGrid connection is being made: https://help.eset.com/eis/12/en-US/idh_page_cloud.html

It was installed on my Win 10 x(64) 1809 build w/o issue. Appears you are the only one having issues using Eset. Check you default Eset firewall and ensure ekrn.exe rule shows Direction as "Both."

The ideal solution for Eset Home product users would be for Eset to interface with Windows Defender in regards to its block-at-first-sight and cloud scanning technology. When I researched it a while back, it appears to be a separate interface in Windows Defender. Doubt this will ever happen. Which means Eset needs to incorporate like technology for Home product versions.

Instructions for creating an Eset SysRescue USB or DVD media here: https://www.eset.com/int/support/sysrescue/ You can create Win 8.1 bootable DVD or USB media from here: https://www.microsoft.com/en-us/software-download/windows8ISO . Note: this web page took a while to render on my PC, so give it sometime to do so.

As @Marcos mentioned previously, it could be a firewall issue. Make sure the default Eset firewall for ekrn.exe is enabled that allows all inbound and outbound traffic for the process. Also ensure the Win firewall is disabled and that its outbound protection was not somehow inadvertently enabled. The Win firewall should have been auto disabled at EIS installation time. Short of the above, you might just want to export existing Eset settings if custom modifications were made; uninstall EIS; and then reinstall EIS and import Eset settings if so previously saved.

Suspected as much. Thanks for the clarification. Any plans on Eset developing a version of EDTD for its Home version products?

Which gets into the "which is first, the chicken or the egg" analysis. Are indeed "unknown" files per se being sent to EDTD, or in fact only those deemed in the suspicious category by local heuristic scanning?

Also no problem with LiveGrid rep scanning with EIS 12.1.34 on Win 10 x(64) 1809. What ver. of Windows yoou running?

This .pdf has a few more details. Of note: https://cdn1.esetstatic.com/ESET/US/docs/business/ESET-Solution-Overview-Dynamic-Threat-Defense.pdf My understanding is the executable is in a suspended sandbox state until EDTD responds back with a verdict; usually within 5 mins. or less. Without EDTD unknown processes are examined using local heuristics with sandboxing and if nothing malicious is found, the process is allowed to execute. The process will be submitted via LiveGrid for further server analysis. So if this is indeed 0-day malware, it stands a higher chance of being detected via EDTD.

To my best knowledge, Eset doesn't use the Win hosts file for anything. I know my hosts file hasn't been updated since Win 10 was installed. However, Eset does mention this as a possibility: https://support.eset.com/kb2434/ in reference to a DNS poisoning event.

I can connect to the site using EIS 12.1.34 and IE11 w/o any issues:

I will say this about AV-C's online protection testing. If there is only a .14% deviation between the top and lowest scoring product, does comparative score ranking make any sense? What AV-C needs to do is either go with a pass-fail ranking or do a better job at harvesting their malware samples. Also of note is two previous test participants, Emsisoft and Bullguard, have dropped out of testing at AV-C. So it is evident, the outfit is having some issues.

I really think you're being a bit "paranoid" on this issue. If you really believe you have firmware related malware and you have shown no proof of this, you should have you device checked out by a competent security professional.

Someone over at wilderssecurity.com commented likewise. Appears Eset issued a patched ver. to the firewall module dated 4/18/2019.

Obviously nothing can infect you if your PC is powered off. My reference and AV-C testing is for this instance. Any decent malware is going to try to tamper with your network connection online status for a brief instance while installing itself; more so today in the age of "cloud" detection by some AV products. It will then fully reestablish the network connectivity since it will in all likehood need it to connect to its C&C server.