TGW
-
Posts
50 -
Joined
-
Last visited
-
Days Won
5
Posts posted by TGW
-
-
Thanks all, appreciate the responses (and assurance that nothing was amiss).
Does anyone know why the HIPS module in version 7 has a "B" after the version number. Upon install it was 1097B (which I assumed was related to it being the first HIPS module for the RTM release, so perhaps that HIPS module was technically still in Beta?). Today it is 1099B. In earlier versions, a letter would only show up with pre-release versions of certain modules and the AV signature.
Thanks.
I can't tell for sure, but it probably is a beta version of the module since there are some on-going issues with HIPS on Windows 8.1, so maybe they're pushing the latest available versions to address those issues.
-
The issue with the Training section appearing in gui for some non-US citizens is being investigated.
This clears it up...
-
1. ESET Training is only available for USA, Canada and the Carebians residents AFAIK. But I see that you have the training section, what's the exact problem?
2. Open ESS > Advanced setup (F5) > User interface > Access setup > Uncheck the 'Require full administrator rights for limited administrator accounts' option checkbox. -
Like Avast you mean with all the shields and modules?I think it would be nice if it was modular so each user can configure it the way he/she likes.
if Yes, then I would have to disagree, I have always thought that having everything tightly integrated is one of ESET's strong parts. But that has nothing to do with the choices in the menus though
No I mean the program menu itself only, which is shown in 2nd screenshot in the OP initial post.
Something like Windows Start Menu, where you can add/remove items from the menu.
-
This isn't normal, I never seen Local Security Authority Process (lsass.exe) taking more than few MBs of memory during normal operation.
Do you any chance have Anti-Theft feature enabled? If it is, then disable it and delete the user account it created, restart the computer then check your memory usage again, and post your findings please.
If this wasn't it, then you may want to check the 'lsass.exe' process is the actual legit Windows process, it can also be a virus using the same process name.// EDIT
Just noticed your edit, I can see a suspicious process in the screenshot you posted (user.exe):
See: hxxp://www.threatexpert.com/files/user.exe.html
Please verify if it's a legit process or not, e.g. upload it to VirusTotal, check it with ESET Live Grid, digital signature validity (if any), etc.
VT: Task Manager > Right click the process > Open File Location > Copy it to desktop > Go to VirusTotal website and upload it (request re-analysis if the last analysis was long time ago).
ESET Live Grid: Task Manager > Right click the process > Open File Location > Right-click the file > Advanced options > Check file reputation using ESET Live GridI also recommend that you update ESS to latest available VSD, then run a full scan.
And post back the results.
-
After checking the email, it's 100% bogus.
-
It's hard to fulfill each user needs and still keep the program menu usable, each user can come up with a task he/she does so frequently and wants it to be right there for quick easy access. I think it would be nice if it was modular so each user can configure it the way he/she likes.
-
-
I'm not sure what's the problem here, I was able to load the website with no issues. (FF24/ESS7/Win7)
Please post the exact error you're receiving and/or a screenshot that demonstrates the issue, along with your operating system version, browser version, firewall (if any).
-
I don't think you can buy from the international website, when you attempt to buy you'll be redirected to the appropriate/local store/reseller.
But you can buy from any online retailer that offers international shipping if you wish (e.g. Amazon).
Buy from whoever offers the best prices, be it in Croatia or elsewhere (if possible).
-
On both systems, I uninstalled 6.0 first (via add/remove programs). And on both systems, version 7 installed fine ... no issues. However, I have two questions:
1) On both systems, prior to upgrading under version 6, the Real-time file system protection module had been at version 1009 (I believe with a March 2013 date). Now, on version 7 the version for the module is 1006 (dated September 2011) on both systems. All the other modules are from 2013. What version should the real-time module be?
You probably have enabled "Pre-release update" option in your previous installations, hence why that module was updated to 1009 (20130301), and as far as I remember it was released address certain issues in server products.
According to ESET, this module doesn't need any improvements/updates, but for some reason people have 1006 (regular) and some others have 1007 (regular), not yet explained.
Also, this module should not be confused with Real-time system protection functionality, which incorporates this modules and other modules to provide the protection.
-
Yes, it's alright, I see nothing unusual.
-
Although Win 7.... can someone clarify if the same/similar house cleaning is required for those that upgraded via the System Tray (New Ver is available) notification and special Upgrade Link that followed - which Uninstalled 6/ Installed 7 - Vs - manual steps by me.
I see the 1st Folder example listed but not knowing What it belongs to am reluctant to Delete it and others shown.
The above listed entries are for most part harmless leftovers, therefore it's not required to do any cleanup whether you upgraded using the in-product update or installed over the existing installation via online or offline installer.
-
-
Let's try to narrow it a little bit more, enable real-time protection and keep HIPS disabled, then try to shut down, if you experience a slow shutdown, enable HIPS then restart the computer, and once you're logged in again, disable real-time protection and try to shutdown, and post back your findings.
This and what Marcos suggested in the Wilders thread you linked to isn't intended as a permanent solution, but rather an attempt to diagnose the issue.
-
I'm glad to hear that it's a known issue, wondering if a fix is expected soon? And would it be pushed as a module or a version update?
-
If "Anti-Phishing protection" is enabled, and the user disables protection temporarily and then re-enables it, all modules are re-enabled correctly except "Anti-Phishing protection" remains disabled and has to be re-enabled manually every time.
Steps to reproduce:
1. Enable Anti-Phishing protection if it's not already.
2. Temporarily disable protection from the program menu.
3. Set any time interval.
4. Re-enable protection or wait until the time is up.
5. Open ESS > SetupNotice that the "Anti-Phishing protection" indicator is still red indicating that it's still disabled, see the screenshot below:
ESS 7.0.302 - Windows 7 (32-bit)Virus signature database: 8931 (20131017) Update module: 1044 (20130708) Antivirus and antispyware scanner module: 1411 (20131004) Advanced heuristics module: 1143 (20130909) Archive support module: 1180 (20130930) Cleaner module: 1078 (20131003) Anti-Stealth support module: 1053 (20130906) Personal firewall module: 1151 (20131016) Antispam module: 1026 (20130715) ESET SysInspector module: 1237 (20130701) Real-time file system protection module: 1007 (20111129) Translation support module: 1122 (20130911) HIPS support module: 1097B (20130927) Internet protection module: 1085 (20131011) Web content filter module: 1028 (20121113) Advanced antispam module: 1495 (20131017) Database module: 1040 (20130822)
-
I'm unable to reproduce the issue.
I scanned ProgramData, the scan was fast (18 seconds) and finished successfully.
ESS 7.0.302 on Windows 7 (32-bit)
-
Do you by any chance have any other resident anti-malware or any security software? Disk encryption?
This might be a bug in ESS, and the file is already corrupted, but since I'm unable to reproduce the issue on any of my machines I can't think of much, anyway, try the following:
1. Disable any other resident security software (if any) > Restart the computer.
2. Scan the disk for errors.
3. Repeat the steps from above again.
If all fails, send the files to ESET as per Marcos instructions, they probably can decrypt them and send them back to you, unless they're severely corrupted (probably not the case).
Good luck.
-
What's the exact error you're receiving?
Try to disable protection temporarily then try to restore the file(s) again: Right-click on the file(s) > Restore and exclude from scanning.
Hope this helps.
-
Ekrn and egui cannot be killed by task manager.
I think its a self defense design or programming module.
I may be corrected on this but i dont have any reason to decompile or parse out Esets software.....
Through taking ownership of ekrn or egui, i still receive access denied errors....
This may be because their software is not a stand alone exe, but a package of files.
You would need to take ownership of every single file to kill through taskmgr and i wouldnt even begin to know how many and which ones.
I seem to recall ownership giving an error as well.....
This isnt a topic i would like to continue though as it would help malware creators....
You're correct, it's been long since I had to kill any of the two processes, and maybe I used Process Hacker for the job back then.
I don't think you need to take ownership of the files, disabling "Self-defense" in ESS advanced setup followed by a restart should do the trick I guess.
And you still can kill 'egui.exe' using Process Hacker without disabling "Self-defense".
There is no splash screen on boot up or the tray icon when this happens. I have all icons showing on task bar option enabled, so no it is not hidden. I will check for ekrn.exe and egui.exe next time this happens.If this happens again, also check if the following registry string at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run exists:
Name: egui - Value: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
And if ESS service is running.
Cheers.
-
Do you see ESS icon in the system tray? Or is it that when you click on it the GUI doesn't show up? In case you don't see the icon, there is a slim chance that it might be hidden by Windows, click the small arrow next to the system tray icons and check there.
If that's not the case, open Windows Task Manager, and look for the two processes that belong to ESS: ekrn.exe and egui.exe, if you can't see one or both of them, please post back.If both ekrn.exe and egui.exe are there but you're still unable to see the GUI, try to start ESS from the start menu, if the GUI didn't open, kill egui.exe process via Task Manager (admin elevation might be needed) and then try to start ESS from the Start Menu again. Post back your findings.
-
You guys are welcome
-
When you see that error hit the Update button again right after it, sometimes it works.
If that didn't help, clear the update cache, to do so: Open ESS > Press F5 to access the Advanced Setup > Update > Update > Clear update cache > Hit clear button. Now, try to update again.
Your Security Setup with Eset.
in General Discussion
Posted
Real-time : ESS, Zemana AntiLogger.
On-demand : MBAM, HMP.
Browser : FF24 + ABP, WOT, QuickJS.
Virtualization : Sandboxie, ShadowDefender, VMWare.
Encryption : TrueCrypt.
Backup : Macrium Reflect.
Rescue CD : ESET SysRescue, Kaspersky Rescue Disk, Avira Rescue System.
Boot CD : Hiren's BootCD, Microsoft DaRT.
Secure DNS : Comodo.
Other : EMET, GMER, Panada USB Vaccine, AppLocker, Process Hacker, HMP.Alert.
Notes: All programs are up-to-date and heavily optimized to ensure high security while maintaining usability and flexibility. There is also a long list of other programs and services I use occasionally as needed.