Aryeh Goretsky

It is perfectly ok that the file in question is being exclusively used by the OS and is inaccessible to other applications and possible malware. Please ignore it. There are typically many other files that cannot be scanned for the very same reason even when the scan is run under an elevated administrator account.

Hi @MartinM,
Changing Hardware shouldn't be an issue unless you are using the TPM for Encryption and are changing the Motherboard, as the TPM is tied to the Motherboard it is simply not possible to change it without there being issues and you will need to decrypt the disk using the ESET Recovery Utility and the 'efderecovery.dat' file, which it sounds like you have already been using for decryption.
If you are planning on changing the Motherboard for reasons outside of a failure of the Motherboard, I would suggest decryption using the normal means instead and then changing the Motherboard for the new one. This is instead of changing it and then using the ESET Recovery Utility to decrypt.
As for Windows being stuck in a loop, where Windows is attempting to perform a 'Check Disk', would you mind submitting a support case to your local ESET Technical Support office: https://www.eset.com/int/support/contact/ I would be interested to get more details about this issue.
Thank you,
Kieran

Hello,

Here's how to turn off the green border in the web-browser, step-by-step:
Open the ESET user interface from the system tray notification area. Press the F5 key to open the Advanced setup view. In the left navigation pane, select the Web and email option.  The option will expand. Below Web and email, select the Banking & Payment protection.  The right pane will show the Basic view of its settings. In the right panel, scroll down (if needed) until you see the option named Browser's green frame and toggle it. Click on the 🛡OK button at the bottom of the window At that point, browser windows should no longer open with the green border.  Depending upon your version of Microsoft Windows and of the web browser(s), it is possible the web browser(s) may need to be restarted.

Regards,

Aryeh Goretsky
 

Thank you very much, I received the verification email and successfully added the license to my ESET HOME.

Sysinspector is very useful for me as it provide the risk levels which help me filter out trustworthy processes and find processes with high risks. However, compared with the TCPView from sysinternals suite, the network connections tab does not provide sufficient information to conduct further analysis. At least, there should be a column showing the process ID. It would be better that we can jump to running processes tab in the right click menu, as there are a lot of svchost.exes and we need the command line to figure out what are using the network connections.

Please kindly do not deactivate the notifications or you won't probably reactivate them later and missing some important notifications in the future may lead to issues if our message cannot be delivered. We are working on a solution when managed Endpoint won't display the notification in gui. It may take a couple of days and we expect it to be released next week.

ESET doesn't offer a patch management solution yet. However, something is brewing so please stay tuned.

Hello,

Here's how to turn off the green border in the web-browser, step-by-step:
Open the ESET user interface from the system tray notification area. Press the F5 key to open the Advanced setup view. In the left navigation pane, select the Web and email option.  The option will expand. Below Web and email, select the Banking & Payment protection.  The right pane will show the Basic view of its settings. In the right panel, scroll down (if needed) until you see the option named Browser's green frame and toggle it. Click on the 🛡OK button at the bottom of the window At that point, browser windows should no longer open with the green border.  Depending upon your version of Microsoft Windows and of the web browser(s), it is possible the web browser(s) may need to be restarted.

Regards,

Aryeh Goretsky
 

In Windows Security Center -> Threat & Protection setting, verify that you have not enabled Periodic scanning per below screen shot. If Period scanning is enabled, the Windows Defender engine will load at system startup and remaining running regardless of if a scan is being performed.

If you are using Windows 11, Microsoft has added "Smart App Control" which is enabled by default and leverages the Defender service.

Since the OP questions were answered more than once, we'll draw this topic to a close.

Since everything has been said and explained about this topic's subject and we're just moving in circles which annoys other users, we'll draw it to a close.

One way Eset can detect BIOS/UEFI/MBR malware is that it conducts on going research activities in this area.
A recent example is how it discovered multiple vulnerabilities in select Lenovo new laptop/notebook models: https://www.neowin.net/news/eset-found-lenovo-windows-11-and-10-laptops-have-secure-boot-vulnerability-bios-update-out/ . This discovery enabled Lenovo to patch and issue firmware updates prior to these vulnerabilities being exploited en mass.

A topic on the same subject has been discussed here recently, please refer to https://forum.eset.com/topic/34312-can-eset-smart-security-premium-access-the-bios-chip

Hello,

Here's how to turn off the green border in the web-browser, step-by-step:
Open the ESET user interface from the system tray notification area. Press the F5 key to open the Advanced setup view. In the left navigation pane, select the Web and email option.  The option will expand. Below Web and email, select the Banking & Payment protection.  The right pane will show the Basic view of its settings. In the right panel, scroll down (if needed) until you see the option named Browser's green frame and toggle it. Click on the 🛡OK button at the bottom of the window At that point, browser windows should no longer open with the green border.  Depending upon your version of Microsoft Windows and of the web browser(s), it is possible the web browser(s) may need to be restarted.

Regards,

Aryeh Goretsky
 

Hello,

Quick update:  I spoke with one of the researchers involved with ESP (EFI System Partition) malware analysis, and he recommended removal and replacement of the entire partition to ensure the integrity of the computer.

Regards,

Aryeh Goretsky
 

Hello,

Let me see if I can provide some clarification here:
Since the DOS-era, ESET's software has detected and removed threats from the Master Boot Record (MBR), which is the first sector on a hard disk drive (or SSD, these days) that contains some bootstrapping code, plus the partition table of data that tells the computer how the hard disk is formatted.  This works for both older MBR and newer GPT partitioned disks.  ESET's software also detects and removes threats from the boot sector (volume boot record) of each partition on a drive. 

Coincidentally, the very first computer virus I ever dealt with on my very first day in the antivirus industry back in 1989 was a boot sector infector.  You can read about how I nearly bungled that here.
  ESET does detect threats in firmware.  The two types of firmware encountered are BIOS (Basic Input Output System) firmware, introduced with the IBM PC's Industry Standard Architecture in 1982, and UEFI (Universal Extensible Firmware Interface), which was introduced in 2005 by Intel to replace the older standard.

Removing a threat from firmware requires rewriting it.  In the case of BIOS-based firmware, that is usually going to require going to the computer or systemboard manufacturer, getting a clean copy of the BIOS firmware image, and reflashing the BIOS.  For UEFI firmware, the process would be similar.
  A UEFI-based system often has an ESP (EFI System Partition) associated with it, sometimes just referred to as a system partition.  The ESP is a special partition that can contain boot loaders (handy if you have a drive partitioned to multiboot different operating systems) as well as additional device drivers needed by the firmware to initialize the computer's hardware that are too big to reside in the firmware itself.

As far as removing a threat from the ESP goes, that is a little harder to say because we have seen so few of these types of malware.  Depending upon the infection we may be able to remove it, but it could require working with one of our specialists.  It might be quicker to delete the EFI System Partition and replace it with a new, uninfected one. As far as preventing threats to these areas of system goes, ESET can indeed block them.  The proviso here is that the operating system would already need to be loaded and ESET's software running when the attack occurred.  The scenario for this kind of attack would be a dropper trying to write to to the MBR, VBR or ESP, or be trying to flash the BIOS or UEFI firmware with its malicious payload.

For more information about these types of threats and how ESET combats them, I would suggest becoming a regular reader of our blog, WeLiveSecurity.

Regards,

Aryeh Goretsky

 

For those managing multiple computers via ESET Protect, and would like a more streamline way of removing this software from all computers, this can be done for the installed software, but not for the browser plugins.  Browser plugins are managed by the individual browsers, and not directly by the OS.
 
These steps are not working 100% for the Bing Software mentioned in this thread.  If I can improve upon this, I will post later.
 
Here are the steps to use ESET Protect to uninstall 3rd party software which can be seen by ESET:
This will guide you through the following:
Ensure ESET Protect can see installed non-ESET Applications Create a dynamic group to group all computers with unwanted applications Create tasks that will run... ...anytime a computer has the undesired software installed and shows up in the dynamic group (thus uninstalling the unwanted software anytime a new computer joins this group) ...one time run of the tasks on computers that already joined the group while you created the tasks (to uninstall the unwanted software from computers that had already joined this group)  
I. Setup ESET Management Agent to report non-ESET Applications (only needed if not already configured)
In ESET Protect, navigate to "Policies > New Policy" Name the policy "Report Non-ESET Applications" In "Settings" ensure you select "ESET Management Agent" from the drop-down at the top Expand "Advanced Settings" and locate and turn on "Report non-ESET-installed applications" Assign to either the "All" group, or to specific groups/computers of desire. Continue and finish creating the policy At this point, it may take a bit for the non-ESET software to be reported to ESET Protect.  Your endpoints will need to check in once to get the policy, then check in again to supply the new info, then ESET Protect will need to parse and put the info into the database.  Default check in times are 10 minutes.  So you should start seeing the non-ESET applications in about 30 minutes in the following area:
II. Check to see if ESET Protect sees the 3rd party applications:
In ESET Protect, open the details of an individual computer, then click on "Installed Applications" If you can see Non-ESET applications, your settings are applied and working. You can also check to see if you see your undesired software is visible and has a "Yes" in the column "Agent supports uninstall" which means ESET can attempt to uninstall this software III. Create a dynamic group to group all computers with undesired software (this will help you see how many computers you have with the unwanted software, and allow for a quick way to uninstall the software)
In ESET Protect, click on Computers on the left, locate "Windows Computers" in the list of Groups. Click on the gear to the right of this, and select "New Dynamic Group" Name the group "Has Unwanted Software" in the "Template" section, choose "New" and set the following: Name: Unwanted Software Expression: Operation: AND (All conditions have to be true) Click Add Rule and choose: "Installed Software > Application Name", and click OK Click Add Rule and choose: "Installed Software > Application Vendor", and click OK For Application Name, set to "is one of" and fill in the name "Microsoft Bing Service" In the Application Name section, click "Add" and then fill in the name "Bing Wallpaper" For Application Vendor, set to "is one of" , and fill in "Microsoft Corporation" Should look like this: Click Finish Over a short time, you will see computers start to appear here.  Next we will make a task to remove the undesired software. IV. Create a task to start uninstalling unwanted software
In ESET Protect, click on Computers on the left, then locate your newly made dynamic group named "Has Unwanted Software" Click the gear next to the group name and click "Tasks > New Task..." Name the task "Uninstall unwanted software - Microsoft Bing Service" and in the "Task" drop down, select "Software Uninstall" and click "Continue" In this Settings section, click on "<Select package to uninstall>" and select the first piece of software to uninstall "Microsoft Bing Service" You may desire to click on "Uninstall all versions of package" to ensure any version gets removed. Click "Continue" to get to the targets and ensure your desired target group "Has Unwanted Software" is showing in the list and then click "Continue" In the "Trigger section" set the trigger type to "Joined Dynamic Group Trigger" (this will run this task on any computer as it gets added to our dynamic group, but not on computers already in this group.  We will remedy this shortly.) Continue and finish. On your group "Has Unwanted Software" click the gear and choose "Tasks > Run Tasks" Click on "Add Tasks" and find and checkmark your "Uninstall unwanted software - Microsoft Bing Service" and click OK For the "Trigger" section, ensure trigger type is "As Soon As Possible" and click finish. Repeat steps 1 through 11 but: in step 4 select "Bing Wallpaper" in step 3 and 10 use the task name "Uninstall unwanted software - Bing Wallpaper"

For those looking for assistance in removing this software, here are some steps to remove this from individual computers:
Windows + R type "Appwiz.cpl" and press enter Find and uninstall/remove (at the end of the uninstall, you may be directed to a Microsoft web page asking if you meant to uninstall and asked if you want to reinstall.  Just close this): Microsoft Bing Service Bing Wallpaper After that, start opening each web browser and checking for Bing Homepage/Search extensions/plugins and remove them (the prior uninstall leaves these in place and does not remove them). Chrome: In the address bar, navigate to "chrome://extensions/" and click "remove" to any thing like: "Microsoft Bing Homepage & Search for Chrome" After removal, you may be taken to a web page asking if you want to reinstall the extension.

This is normal on every computer:

Even if you scan files or other objects as an administrator, not all of them can be accessed, e.g. because the OS is exclusively using them. If they are locked for an antivirus, they are locked also for malware.

Release Date: November 2, 2022
ESET Endpoint Antivirus for Linux version 9.1.4 has been released and is available to download.
Changelog:
Version 9.1.4
Added: Auto-updates & New EULA
Added: Support of Ubuntu 22.04 LTS
Added: Support of Linux Mint 20
Improved: On-Access scan stability improvement
Improved: Sample delete settings for ESET LiveGuard Advanced
Improved: Severity marks in GUI notification icons
Fixed: Performance exclusion issues in case of large number of paths
Fixed: On-demand scan for root user only
Fixed: Multiple GUI visual fixes
Removed: ESET Shared Local Cache due to EOL status
Removed "follow mode" parameter from quar utility
Upgrade to Latest Version
Upgrade my ESET Endpoint products for Linux to the latest version
Support Resources ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support.
Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

I assume it's DrWatson reporting data about a crash to Microsoft after a crash of an application.

Hello, many thanks for this idea.
Actually we have something like you mentioned in our EDR layer (ESET Inspect), which provides better visibility in your network and helps you identify suspicious behavior.
For example, these rules related to this MITRE ATT&CK Technique: https://attack.mitre.org/techniques/T1219/ can be helpful.

However, including other conditions in such rules is a quite interesting idea.

You can't. Endpoint v5 went EOL a long time ago and latest operating systems are supported only by products with full support. We strongly recommend using the latest version, ie. 9.1.2060.

Yes, v16 will support dark mode.