Aryeh Goretsky

Hello,

Microsoft ended support for Windows XP eight years ago in 2014 and Microsoft Windows 7 two years ago in 2020.  Historically, ESET has historically provided support for operating systems for some time after their developer has ceased to support them, but keep in mind this has been to allow customers time to finalize replacement with a supported operating system. 
ESET cannot support EOL operating systems indefinitely; it gets harder and harder each year to maintain supplies of obsolete hardware and software from multiple parties needed to develop and test under those old operating system versions.  Even virtualized machines are not a forever solution, as they can run into compatibility issues when that vendor ends support for the versions being used.  One can also run into issues when trying to maintain long-since-deprecated APIs, code around limitations in memory structures and processes across so many different versions of Windows.

Back in 2018, I wrote a paper and accompanying blog post, The Last Windows XP Security White Paper, which contained something along the lines of 48 pages of information on how to reduce risk if you had systems still running Windows XP.  Since then, some of the resources I mentioned, both from Microsoft and third-parties, are no longer around.  If there's one key takeaway I had from the experience of crafting that, it was that computers running EOL operating systems should not be connected to a network, let alone the internet.  Despite what security software companies like ESET can do to protect against malware, any underlying vulnerabilities are not going to be patched by Microsoft, and that means there's a finite amount of protection which can be done.

ESET has offered paid post-EOL custom support packages for various versions of its software in the past, but that's more geared towards our business programs where someone needed to protect equipment  like gas pumps, printing presses, CNC machinery, sheet metal presses, scientific equipment like centrifuges, electron microscopes and so forth.  When the cost of replacing equipment like that runs into the hundreds of thousands to millions of dollars, customers with that kind of investment sometimes need extra time to replace it and get employees trained on the new technology.  It's not the kind of service that can be made available outside the enterprise because of the costs involved.  I'm not even sure if we still offer those types of custom support packages—the last time I was involved with one was for a pharmaceutical company that was running NOD32 v2.70 on Windows NT 4.0, and that was over a decade ago.

I know a lot of people don't like upgrading to new versions of Windows because it changes the UI they are comfortable with, but there are all sorts of third-party skinning apps and start menu replacements that make newer versions of Windows look like older versions, so that's one way to get around having to learn a new UI.

Microsoft has announced they will be supporting Windows 10 until at least October 2025, and no EOL has yet been announced for Windows 11, so either of these would be good versions of Windows to look at upgrading to from no longer unsupported versions of Windows.

Regards,

Aryeh Goretsky
 

Please follow the instructions at https://support.eset.com/en/kb3509.
If you are using a modern system with UEFI, boot to legacy BIOS first as per https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode?view=windows-11 as suggested by the KB.

Back to the original topic.
We've had a discussion with Microsoft regarding this. They believe that the memory and CPU usage reported here is adequate to the size of the revocation list that is being processed. There are no plans to implement any changes in this part of Windows unless they are required for security. In their words it's not possible to avoid this behavior except disabling the cache which is not recommended.
I've identified some circumstances that were contributed to this problem. This will be solved in protoscan 1439. Unfortunately the problem might come back anyway since it's considered a normal behavior of Windows, although now it will be less likely.
It's possible to apply this workaround manually. To do that create a DWORD registry value called CryptnetCachedOcspSwitchToCrlCount under HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\ChainEngine\Config (you may need to create several missing path components) and set it to 1047 (the special meaning of this value is that it will be reverted to default when the product is uninstalled). Then run the following commands elevated and reboot:
certutil.exe -urlcache http://crl3.digicert.com/ssca-sha2-g6.crl delete
certutil.exe -urlcache http://crl4.digicert.com/ssca-sha2-g6.crl delete
This needs to be done for each user separately.
It is also possible to completely disable the cache that is causing these problems. Doing it means that verifying certificates after reboot will be as slow as it is the first time they are encountered ever. This is not a recommended solution:
certutil -setreg chain\ChainCacheResyncFiletime @now+10000:0
To revert this use
certutil -delreg chain\ChainCacheResyncFiletime

I don't use XP since ages , but thanks for the read mate.

Hello,

Microsoft ended support for Windows XP eight years ago in 2014 and Microsoft Windows 7 two years ago in 2020.  Historically, ESET has historically provided support for operating systems for some time after their developer has ceased to support them, but keep in mind this has been to allow customers time to finalize replacement with a supported operating system. 
ESET cannot support EOL operating systems indefinitely; it gets harder and harder each year to maintain supplies of obsolete hardware and software from multiple parties needed to develop and test under those old operating system versions.  Even virtualized machines are not a forever solution, as they can run into compatibility issues when that vendor ends support for the versions being used.  One can also run into issues when trying to maintain long-since-deprecated APIs, code around limitations in memory structures and processes across so many different versions of Windows.

Back in 2018, I wrote a paper and accompanying blog post, The Last Windows XP Security White Paper, which contained something along the lines of 48 pages of information on how to reduce risk if you had systems still running Windows XP.  Since then, some of the resources I mentioned, both from Microsoft and third-parties, are no longer around.  If there's one key takeaway I had from the experience of crafting that, it was that computers running EOL operating systems should not be connected to a network, let alone the internet.  Despite what security software companies like ESET can do to protect against malware, any underlying vulnerabilities are not going to be patched by Microsoft, and that means there's a finite amount of protection which can be done.

ESET has offered paid post-EOL custom support packages for various versions of its software in the past, but that's more geared towards our business programs where someone needed to protect equipment  like gas pumps, printing presses, CNC machinery, sheet metal presses, scientific equipment like centrifuges, electron microscopes and so forth.  When the cost of replacing equipment like that runs into the hundreds of thousands to millions of dollars, customers with that kind of investment sometimes need extra time to replace it and get employees trained on the new technology.  It's not the kind of service that can be made available outside the enterprise because of the costs involved.  I'm not even sure if we still offer those types of custom support packages—the last time I was involved with one was for a pharmaceutical company that was running NOD32 v2.70 on Windows NT 4.0, and that was over a decade ago.

I know a lot of people don't like upgrading to new versions of Windows because it changes the UI they are comfortable with, but there are all sorts of third-party skinning apps and start menu replacements that make newer versions of Windows look like older versions, so that's one way to get around having to learn a new UI.

Microsoft has announced they will be supporting Windows 10 until at least October 2025, and no EOL has yet been announced for Windows 11, so either of these would be good versions of Windows to look at upgrading to from no longer unsupported versions of Windows.

Regards,

Aryeh Goretsky
 

It seems the problem was due to "Deep Behavioral Inspection" in HIPS
I added the "portable" folder into the Exclusions and it seems to work regularly now
I'll come back if some other problems arise
 

We have reviewed the communication and didn't find any issues. Most of the tickets were about the status of sample submission which was replied by the UA partner in a polite manner. Moreover, our partner could have suggest the OP to contact samples[at]eset.com which is the only channel for communicating submissions, otherwise the ESET partner must work as a mediator who contacts the research and malware lab and passes the information further to the user which is a redundant step that just hinders the response and creates unnecessary load. Also the partner was correct that he sent the OP to the US support since user's trial license was generated for a US user (by default, the country is determined and pre-selected by user's IP address which he or she can change manually).
Since everything has been said and explained and the communication has gone too personal, we'll draw this topic to a close.

Hello,

As @cyberhash and @itman noted, there are already a variety of ad blocking extensions out there for web browser which are (1) quite good; and (2) free.  From my point of view, it would not make sense for ESET to compete against those unless there was something markedly different and better than what is already available at no charge.

I saw that you mentioned you were receiving pop-up advertisements.  Are those actually advertisements popping up in a separate window, or are you receiving unwanted popup toast notifications from the system tray notification area?  If the latter, here are some instructions I wrote elsewhere on how to disable those:
 
Unwanted notifications (popups) from web browser
Notifications that pop up on your screen can be distracting and annoying. Here's how to disable them in the various web browsers:

Google Chrome (Version 105+)
Enter chrome://settings/content/notifications into the address bar to open the Notifications settings page in Google Chrome.  In the Default behavior section, select (check) the Don't allow sites to send notifications option.  In the Customized behaviors section, go to the Allowed to send notifications section, click on the ⋮ (more actions) object, and select Remove from the context menu.  Repeat until there are no further entries listed in this section.

Mozilla Firefox (Version 104+)
Enter about:preferences#privacy into the address bar, then scroll down to the Permissions section.  Go to the Notifications option and click on the Settings… button.  In the Settings - Notifications Permissions window, click on the Remove All Websites button, then check (select) the "Block new requests asking to allow notifications" option and click on the Save Changes button.

Microsoft Edge (Chrome-based, Version 105+)
Go to edge://settings/content/notifications in the address bar and disable Ask before sending (recommended). If there are any entries in the Allow section, click on the ⋯ (more actions) object and select Remove for each entry.  Repeat until there are no further entries listed in this section.

Instructions for Microsoft Edge (legacy version): Open Windows Settings app (not Edge's) and go to System → Notifications & Actions, scroll down to Notifications, and set "Get notifications from apps and other senders" to Off.

Microsoft Internet Explorer
(does not support notifications)
 
Hope that helps.

Regards,

Aryeh Goretsky
 

Hello,

As @cyberhash and @itman noted, there are already a variety of ad blocking extensions out there for web browser which are (1) quite good; and (2) free.  From my point of view, it would not make sense for ESET to compete against those unless there was something markedly different and better than what is already available at no charge.

I saw that you mentioned you were receiving pop-up advertisements.  Are those actually advertisements popping up in a separate window, or are you receiving unwanted popup toast notifications from the system tray notification area?  If the latter, here are some instructions I wrote elsewhere on how to disable those:
 
Unwanted notifications (popups) from web browser
Notifications that pop up on your screen can be distracting and annoying. Here's how to disable them in the various web browsers:

Google Chrome (Version 105+)
Enter chrome://settings/content/notifications into the address bar to open the Notifications settings page in Google Chrome.  In the Default behavior section, select (check) the Don't allow sites to send notifications option.  In the Customized behaviors section, go to the Allowed to send notifications section, click on the ⋮ (more actions) object, and select Remove from the context menu.  Repeat until there are no further entries listed in this section.

Mozilla Firefox (Version 104+)
Enter about:preferences#privacy into the address bar, then scroll down to the Permissions section.  Go to the Notifications option and click on the Settings… button.  In the Settings - Notifications Permissions window, click on the Remove All Websites button, then check (select) the "Block new requests asking to allow notifications" option and click on the Save Changes button.

Microsoft Edge (Chrome-based, Version 105+)
Go to edge://settings/content/notifications in the address bar and disable Ask before sending (recommended). If there are any entries in the Allow section, click on the ⋯ (more actions) object and select Remove for each entry.  Repeat until there are no further entries listed in this section.

Instructions for Microsoft Edge (legacy version): Open Windows Settings app (not Edge's) and go to System → Notifications & Actions, scroll down to Notifications, and set "Get notifications from apps and other senders" to Off.

Microsoft Internet Explorer
(does not support notifications)
 
Hope that helps.

Regards,

Aryeh Goretsky
 

By the way I think I solved it with reinstalling Eset PROTECT. Some apache http proxy firewall rules did not generate the first time I Installed it.

Hello,

ESET is currently looking to speak with existing customers of its ESET PROTECT Cloud, ESET PROTECT on-prem, and ESET Enterprise Inspector solutions in order to conduct some qualitative research interviews.  These interviews will allow ESET to better define the future of these flagship products.

Your use should fall into one of the following usage categories for any of the above-mentioned products:
10-25 seats 25-100 seats 100-500 seats 500-999 seats 1,000-4,999 seats 5,000+ seats Geographic location:
anywhere For more information, including time commitment and compensation, please fill out this form:  https://surveys.hotjar.com/a7ed6b76-6848-45aa-bdd2-73bf7343872e.
ESET is currently looking to speak only to direct customers using one (or more) of the above products.  If you are a managed service provider (MSP) or managed security service provider (MSSP), please stay tuned for a separate announcement.

If you have any questions, I will try to answer them, but it would probably be best to fill out the survey form and hear back from one of my colleagues in product development.

Regards,

Aryeh Goretsky

Hello, when you navigate to "installers" and attempt to generate a new installer, you need to click on "customize installer" and in "product setup" click on the blue line under "security product" and in the popup choose the "ESET Server Security for Microsoft Windows Server" as seen on the screenshot below. 
 

It's just Chrome preloading links from the search results. I get the same thing happen when Google searching the same address with MS Edge.

The issue was confirmed to be a bug in Windows 11 that Microsoft fixed in the mean time.

I have an idea for potentially thwarting phishing type emails to a degree with Eset endpoint email plugin. What if Eset looked at the originating email address of an inbound email and compared it to previous source emails an individual had received. If it was a new email address never seen before the user would be alerted via tag on the subject line something to degree of  "beware: unknown email address". 
This conceivably could be expanded to look other factors within the email header (location of source email, etc) as well to provide some level of warning to the user. we are seeing a lot more attempted attacks on clients these days and I think anything that provides some level of alerting would help.
Just a thought.
Thanks,

I see AV tests as great for marketing purposes but for little else. Many of the highest scoring AV vendors have dedicated test departments to ensure they get great test scores. I'm yet to read a sponsored AV report in which the sponsor fared badly.
I've been around long enough to when Wilder's Security Forum was the go-to site; developers and researchers would post in threads about test results, security news, AV trends etc.
Eset Nod32 was the first test darling, then Kaspersky, then Avira, then Bit Defender and so on.
People would swap their AV based on test results which I never understood. Has a product failed you in the real world? If not, why change? Has the AV product caused issues with your PC? If not, why change?
It's like changing cars because one car is faster to 100 km/h (or 60 MPH) or quarter mile in a group test. What about all the other aspects?
I use Eset because its never failed me, never perceptively slowed my PC down, never deleted key files due to a virus definition update error and never blue-screened my PC.
I'll take zero false positives, low system impact, little to no feature bloat (an area some AV suites go overboard with 'extra' features) and zero real world issues vs a high test score with FP's, system drag and whatever else it takes to be #1.

On Windows Server 2008 R2 you must install ESET Server Security in custom mode and select the network protection component to install.
Before you do that, make sure that the update 266488 is installed:
https://support.microsoft.com/en-us/topic/computer-stops-responding-when-you-run-an-application-that-uses-the-windows-filtering-platform-api-in-windows-7-windows-server-2008-r2-windows-server-2008-or-windows-vista-7e37fbbb-7fc8-a41e-6fd1-75f554501992

Hello,

You are aware that ESET is one of the leading researchers into Brazilian banking trojans?  Articles on them can be found on our research blog at https://www.welivesecurity.com/br/ (note: site is in Portuguese, you can change language to English in upper-right corner).

Regards,

Aryeh Goretsky
 
 

 
 

I am sorry but ESET, the maker of the software, is not going to provide instructions how to bypass regional license restrictions. If you live outside of Afghanistan, I'd recommend purchasing a license from an authorized ESET partner in your current country.

Please refer to https://support.eset.com/en/kb6567 for instructions how to create an exclusion from the console.

You can disable CompuTrace inside the BIOS but that won't prevent ESET from detecting it further unless you exclude it from detection as Marcos advised.
Or if you check the PC model name in manufacturer website and maybe there might be a BIOS update that would get rid of CompuTrace

Activation is performed by the client, not by the ESET PROTECT server so it should not matter if you activate a product manually or via an activation task.
Error 20032 means a bad HTTP gateway. Please open a support ticket for further troubleshooting. Does the endpoint connect through a proxy server to the Internet?

Hi Marcos,
Thanks for your reply. It appears the problem was linked to the proxy setting in ESET. Initially I set the proxy via server policy under the UPDATE menu. After setting the proxy under the TOOLS menu it seems to work fine now.
After running Wireshark I picked up an error regarding the proxy which pointed me in the right direction.
Thank you

You can disable the messages here:

Should they still be displayed, please contact your local ESET distributor who manages the messages.

Good afternoon Thomas, 
Automatic updates will be available tomorrow.

Kind Regards
Jozef Cheben, Product management