Aryeh Goretsky

If possible, please switch to the pre-release update channel some non-critical Windows Server 2012 R2 systems and check if the modules load alright. Then you can switch back to the regular update channel.
We have adjusted the signing process to make work also on Windows 8.1 systems and have tested module updates on our Windows Server 2012 R2 without issues. We're going to use it for signing modules on the regular update channel as of the next week so we would appreciate feedback from you.

This should not be necessary, as MarcFL wrote, clicking Dismiss in the warning should suffice and the protection status will be green. The eicar test file is detected then so protection seems to work fine. We'll make some further tests to make sure. So far it appears to be a glitch with the notification during modules reload after update.

Honestly had you fast startup enabled and chose to shut down the system, I would understand why a restart was needed after turning on the machine. However, if you really chose to restart the system from the power menu, I have no clue why a true restart was not performed. Fast startup should affect only shutdown, not restart.

Those are not actually identical. Firewall rules are created for a specific file, however, the firewall internally works with aliases / hard links which are different in this case. According to the output of fstuil shown above, there can be 8 rules for 1 file that appear identical but they are not identical in fact because each is created for a different alias of the file.
If you notice this behavior also for other than the Lenovo app, let us know so that we can investigate if it uses hard links / aliases as well.

Lenovo seems to have started using hard links, each pointing to the same physical file.
C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0>fsutil hardlink list "LenovoVantage-(SmartPrivacyAddin).exe" \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(MultimediaAddin).exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(SmartPrivacyAddin).exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\Lenovo.Vantage.AddinHost.exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericTelemetryAddin).exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoCompanionAppAddin).exe \Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoProductivitySystemAddin).exe  
I've tried to duplicate it now with Lenovo Vantage and v17 to no avail. Please let us know if switching to the pre-release update channel and upgrading to v17.0.10 makes a difference.

Hello,

I do not have any information about EOL dates to share (that sort of information can be found on the https://support-eol.eset.com/ web site), but I did want to share a resource with you.  About five years ago I wrote a paper on how to securely maintain computers running Microsoft Windows XP after Microsoft had ended support for it.  You can find the blog post about it here (the paper itself is linked to at the end of second paragraph). 

While the paper itself focuses on securing Windows XP, a lot of the advice, concepts, suggestions, and recommendations are applicable to other obsolete operating systems like Windows Vista, Windows 7, and so forth.  It has been five years since Microsoft ended support for the latter, and hardware manufacturers have not been making compatible devices for a while, etc.  I would presume at some point Microsoft's activation servers will go offline as well.  The paper outlines some strategies about maintaining parts surpluses, rotating working hardware, maintaining proper network segmentation, all of which can help ensure that old computers remain running until they can be replaced by modern hardware and operating systems. 

As someone who personally loves playing with all sorts of vintage and retro computers and archaic operating systems, writing it was a way for me to help out other hobbyists with similar interests.

Regards,

Aryeh Goretsky
 

Please refer to https://support.eset.com/en/kb6567 for more information and instructions how to create a detection exclusion if upgrading the motherboard firmware doesn't help or it's not an option.
Also if you search for CompuTrace in this forum you'll find many topics on the subject.

Support for Thunderbird was discontinued years ago. However, email received via IMAP(S) or POP3(S) in Thunderbird is scanned by ESET. It's just that you can't scan already received messsages on demand or that received messages are not scanned by ESET antispam. Otherwise malware should be normally detected in received email.

Make it orange. 

Thanks for pointing it out.

ESET does not filter political messages unless they come with a malicious or scam / phishing content. If a legitimate email was detected as phishing, it was most likely a false positive, however, we'd need to get the email to find out and tell for sure.

Hello,
I solved my problem; the trick is I had not created my password account on "myESET".

You can delete the vulnerable Avast driver. Should you install a current version at a later time, it should no longer install the vulnerable driver.
As for the Asus vulnerable drivers, they are from 2015. Try to find newer drivers and install them or create detection exclusion based on the detection name and path.

The issue will be fixed in the ESSW v10 hotfix which is being prepared and will be available soon.

Yes, it's detected:
06cf8ad0dfc079bede63dbb6a190da885953e1f209e781baf088f015d474fa61.jar » ZIP » xyz/immortius/museumcurator/fabric/MuseumCuratorMod.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
1d1aaccdc13244e980c0c024610ecc77ea2674a33a52129edf1bb4ce3b2cc2fc.zip » ZIP » net/serahill/floatdamage/FloatDamagePlugin.class - a variant of Java/Agent.QF trojan
511418fde9900f917055cf854c9a16078700a4031d746d151a5cdeda10c07b86.jar » ZIP » net/dungeonz/DungeonzMain.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
8915683dd6adc5e871806ff9b79015183f95c6c7311ecb0f3714b2b8de17ce48.jar » ZIP » valorless/havenelytra/HavenElytra.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
8d00bb6e058390a2843a9236d31c6d0aa9a7966c4adf71689599a9b7a0c6ae19.jar » ZIP » com/bmc/coremod/BMCSkyblockCore.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
98b96e06b34560a957e86bcf5b5e4ac0a1254c5e8911e19d22bbae91accc208b.jar » ZIP » net/ggwpgaming/automessage/AutoMessage.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
d79874c1a0040cb29418343c766d2f6c69cf8fa5ecd0629cac7cc60d69c4f107.jar » ZIP » goldenshadow/displayentityeditor/DisplayEntityEditor.class - a variant of Java/TrojanDownloader.Agent.NWO trojan

Before creating a HIPS rule to block Adobe Reader from starting child processes, realize that it does spawn legit child processes including itself per the below Process Explorer screenshot:

I rechecked now, I was able to remove the old PC device and use my license on the newly formatted PC. Thanks a lot for providing a prompt resolution. Kudos to Eset service. 

All ESET products are Windows 10 compatible. We'd recommend purchasing ESET Smart Security Premium which contains also ESET LiveGuard for analyzing new files in a cloud sandbox before they are executed.

That's embarrassing...
Well take care and I will post this in the correct forum.

For MITM attack to happen , you need to be on the same network with the attacker , for example the attacker would be sitting in your WIFI or LAN network
Prevent access to your router from Internet side, update it to latest version or ask your Internet Service Provider to do so
Change your WIFI password if you feel someone is there , and I don't think that person would be connected to you through LAN(cables) , since he have to go inside your home and to your router physically

Actually, this topic is out of scope for the forum since it doesn't directly relate to Eset products.
There is plenty of into on the web on man-in-the-middle attacks. Below are two such references:
https://cheapsslsecurity.com/blog/types-of-man-in-the-middle-attacks/
https://beaglesecurity.com/blog/article/man-in-the-middle-attack.html

Yep it was the ISP. All working now.
 
Thanks again!
D

I haven't touched the router - except to turn it off and on again since I installed it some years ago. If it has a firewall I haven't done anything to change the settings. So I guess the ISP.
I'm a journalist.. in Turkey.. using state owned Turk Telekom ISP. I shouldn't be surprised at this !
Anyway thanks for your help !
D
 
 

Both licenses leaked. One is heavily overused, both are now canceled.

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall

Hello Marcos,
Happy New Year to You!
To update, the error seems to be resolved today! I had changed the mirror directory to new one last time while troubleshooting to see if the files are being created, but it was failing then. When i checked today, the new mirror directory is updated with files of 1.54GB size. Also when i click on Check for updates, it does not get any error and is updating.
I am not sure how it got resolved all by itself! (Could be 2023 is lucky for us!)
Thanks for all your support.
Regards,
K