Aryeh Goretsky

TPM is used by ESET Full Disk Encryption. Memory integrity protection is leveraged if Protected service is enabled in the HIPS setup (enabled by default). As for core isolation, I understand it as more of an OS feature than something that requires special support from AV vendors.

The fact is Eset has all the internal mechanisms in place to accomplish this. All they have to do is block the process until LiveGrid black list determination processing has completed. As to the false positive element, I say "to hell with that." Most home users would not be significantly impacted by such process blocking. 
This could be also further refined by adding Trusted Publisher, signing, etc. criteria to Eset Reputation scanner. Failure on reputation coupled with suspected malicious activity should be enough to block until LiveGrid initial scanning is completed.

Hi,
 
First heads up to my friend Aryeh Goretsky. He has always been a gentleman when interacting with me.
I build computers for a living. I was a 7 year MS MVP desktop support
I'm a long time supporter of Eset and I recommend the software to all my customers.
Even if I don't always agree with update releases, I've never been stifled when being vocal on this site.
 
Also, Marcos is a patient man ☺️

I was unable to find any license registered with your forum email address. Please provide your public license ID in the form XXX-XXX-XXX. If you have purchased a boxed version of ESET, follow the instructions for registration that should be printed on the box.

Hello,

A dark mode option is in consideration for a subsequent release of the software, however, there is no specific time associated with the request. 

Keep in mind that this type of change is not a matter of simply changing the background colors.  Color choices and design of icons and other imagery along UI components and even text layout (size, positioning, typeface choice, etc.).  All of these have to be carefully reviewed and, if needed, adjusted for compatibility as well as for any impact to the supportability of  the programs (for example, what happens when a blurry or low-res screenshot is sent in with a ticket).

Regards,

Aryeh Goretsky
 

Yes I agree. I have no issue with eset implanting a dark mode if they decide to. However I presume it wouldn't be as simple as it sounds. If it's something that would take a while I'd rather they used that time on the product itself rather than how it looked 

This is common when If Controlled Folder Access of Windows Defender was enabled prior to ESET installation.
Now if ESET has been installed then Windows Defender and it's Controlled Folder Access module should be disabled by now. Restart the system to be sure and everything should be alright now.

After I did manually updated and then reboot the machine. the problem is fixed.
Thanks!

I agree with Marcos, this looks like a WMI persistent threat.  Manually telling ESET to update its detection engine, should correct the issue of the threat continually being detected.  Although, there is a good chance you may already have the update (ESET checks for these updates once per hour).
If this does not fix the issue, definitely generate an Autoruns log.
Lastly, its not uncommon for Servers to have been infected due to unexpected ports being exposed to the internet.  I highly recommend you audit your public IP Addresses with some simple nmap scans to verify what ports are exposed to the internet.
nmap -sV -Pn -F %PublicIPAddress%

Same problem here (Dropbox v111 - the lastest stable to the date). On the second computer, no problem with Dropbox v112 (early updates enabled).
It's apparently a problem on Dropbox side since they have release the version 112 fixing this issue:
https://www.dropboxforum.com/t5/Dropbox-desktop-client-builds/Beta-Build-112-3-254/td-p/476277
If you cannot update to Dropbox version 112, you can temporarily set Dropbox client to ignore in SSL/TLS filter.

This is a wrong assumption. We clean malware from the system completely, including unregistering possibly malicious tasks from the system, WMI or autostart locations.

We are aware of the problem with Windows applications and the changing path with each update. There is a plan to come with up a solution to this in long term. Also I can assure you that we value any constructive feedback or suggestion and it's discussed with product managers and developers.

Yes.
Here's a Microsoft article detailing Windows versions vulnerable to EternalBlue: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
Also I realized why srv.sys no longer exists on my device. Windows will auto remove SMBv1 10 days after installation if it is not used. Additionally if srv.sys exists on later Win 10 installations, you are not vulnerable since this driver has been patched against this exploit.

Reputation has no effect on protection and showing for instance Windows or other popular applications as red after an update would not be good.

Eset scans the boot sectors; e.g. MBR, for malware on BIOS based devices. It does not scan the BIOS since those settings are firmware related and are retained in chip memory on the motherboard. There is no way Eset can physically access that area.
BIOS based malware is very rare and usually is a result of a hacked BIOS firmware update. If you have reason to believe you have BIOS based malware, you should download the latest BIOS firmware update from your device manufacturer's web site and re-flash the BIOS.
Note that BIOS setting corruption is often caused by a dead battery attached physically to the motherboard. This battery supplies power to the chip memory when the device is A/C powered off to retain existing BIOS settings in the chip memory.
UEFI based systems also deploy a BIOS like component but add an interface component to the OS stored in a hidden partition on the drive Windows is installed on. Ref.: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions . Eset scans this UEFI partition for malware. It again has no way to physically access settings stored in firmware.
Also note that the source of the Lojax UEFI malware was a firmware setting built in by the device's manufacture. As far as the second known UEFI malware, it requires physical access to the device;
https://arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-found-lurking-in-the-wild/
Here's a good article on the difference between BIOS and UEFI based systems: https://www.howtogeek.com/56958/HTG-EXPLAINS-HOW-UEFI-WILL-REPLACE-THE-BIOS/
Finally note that although Eset can detect known UEFI based malware, it cannot remove them. Again, the only way to do so is to re-flash the UEFI with the original or latest device manufacture's update. Ditto for BIOS based boot sector malware. The MBR needs to be restored with a backup of it. If no backup exists, then by rebuilding the individual boot sector components via Win 10 recovery environment.

If the Chinese wanted to embed something on the drive, they would do so in the drive firmware at manufacturing time. Ref.: https://lifehacker.com/how-to-check-your-usb-devices-for-unsafe-firmware-1841773522
As a rule, I reformat new USB drives primarily to get rid of any crud utilities the manufacture's love to load on these drives. Also, to set the drive to NTFS format which is more secure than the default FAT32 format.

Eset scans files using normal and advanced heuristics at file creation time.
However, some malware may have obfuscated or encrypted code that will not reveal itself until process execution time. As @Marcosnoted, Eset has additional mitigations to scan for malware after it has uncloaked in memory. However, these are post-execution mitigations. 
Eset also has a subscription option named Dynamic Threat Defense: https://help.eset.com/edtd/en-US/overview.html that will perform a full cloud sandbox analysis on executable's prior to their actual execution. It can be optionally set to block process execution until full sandbox analysis verdict is rendered.
It also needs to be explored in more detail just how this "solution" is creating these malware samples in this special folder. For example, what makes this folder/directory "special' from any other folder created on the device? If this folder is locked by the OS for some reason, Eset can't access what is being created in it.

FYI
https://www.reddit.com/r/msp/comments/b660m8/blue_screen_of_death/
Also there have been reports that BSOD's were caused by existing driver issues after installing these updates. So all drivers; especially video drivers, should be updated to latest versions prior to installing these updates:
https://answers.microsoft.com/en-us/windows/forum/all/security-update-2019-03-windows-7-causing-blue/6398adc5-d14f-4409-8277-6e8b46181fa2
https://www.sevenforums.com/bsod-help-support/419195-i-need-help-bsod-start-up-unless-f8-last-known-good-configuration.html
Again this is not an Eset issue. Eset is only responding to what Microsoft has dictated.
Also anyone currently on Win 7 needs to upgrade their OS. Win 7 is no longer supported by Microsoft and even third party support of Win 7 is becoming non-existent.
 

They don't have real-time protection nor on-demand scanner as far as I can see.

Unfortunately even our developers have not received a final version of Big Sur yet so we can't have a version fully compatible with it. It would be great if we got RTM versions of Mac OS in advance which is unfortunately not the case.

ESET will not affect your router in any way. While you can check the router for weaknesses via the Connected home feature, ESET will protect only the machine where it is installed.

Please contact ESET Portugal: https://www.eset.com/pt/. They should be able to tell if it's an authorized reseller or not.
As for the licenses that don't work, please provide the public license IDs.

Hi Jorge Melo. Thanks for your feedback and contacting us at ESET Portugal, Unfortunately we have in fact identified similar situations from other purchases of ESET licenses sold by Blitzhandel24 e-commerce sites.
The situation is under investigation and we advise our customers and potential customers to buy only from ESET official websites or official e-stores - in Portugal that will be https://www.eset.com/pt, as Marcos wrote.
It's likely that one can find other e-commerce websites in Portugal selling ESET solutions (home products) but please be aware if the seller is registered in Portugal and not only using a .PT domain (while having commercial registration in any other country).
* Customer advisory *
Please consider that buying a cheaper ESET license from anywhere else from official websites or partners can result on:
Product activation failure; Lack of official customer support; Unnecessary additional cyber-security risk; Be safe and protected!

Firewalls in general work with IP addresses, not with hostnames. Since IP addresses may change in time, I would not recommend creating firewall rules to restrict communication of the OS with Microsoft's servers.

The firewall logic has not changed over years. We assume that Teams has been updated and now works in the way that a connection is initialized by the server. In automatic mode, all outbound communication is allowed and all non-initiated inbound communication blocked, hence a rule for Teams may need to be created. It is beyond us to have a list of all 3rd party applications where the communication is initiated from outside and maintain the rules for them.