toxinon12345

On your taskbar tray, right click the ESET icon and click the Log option, from the dropdown select Websites filtered and copy it here in the forum. Do the same with the parental log

Ok, another plus would make a Directory tree Read-only. For example, I designed my HD partition 'F:' as Read only by creating this rule: Blocked file writes for: This source app ----> [userFolder]\appData\Local\temp\svchost.exe These file path ---> F:\*.* So F: and any subfolder would be protected against Locky

We even could block application execution from %temp% folder. Create a rule blocking application start for : ---> [userFolder]\appData\Local\Temp\svchost.exe as far as I know, Locky writes to this path as part of its install

HIPS is for geek users. I created a HIPS rule as a mitigation for the LOCKY threat (Filecoder): ---> Log enabled, notification enabled ---> Registry keys [blocked] for √[Renaming] √[Modify] operations HKEY_USERS\*\software\LOCKY\* Then make sure to remove any existing LOCKY regkey at that location

The only requirement is the 'drive:\' prefix Anyway I'm not sure if that is recursive for all nested directory levels

Esto es similar a un problema con ekrn.exe o con los módulos del programa... Realizó una nueva/fresca instalación?

HIPS is for geek users. It seems you must use the notation HKEY_USERS rather than HKEY_CURRENT_USER.

Should the AMS submit suspected fileless threats for analysis?

not a malware, but a greyware . Anyway you should be prompted for action after end of the scan.

afaik, The only way to achieve that is to enable presentation/gamer mode for all your clients in combination with Standard cleaning

Description: counting of "OFF/stopped" items Detail: I would like to see counting of "Permanently disabled" items at "Setup Pane". Also with no-color always. (Black and white) something similar to this, but in that case would be a '3' in Black/white https://forum.eset.com/uploads/post-6339-0-20654900-1457971762.png

Merely just by info, could you tell us what options has you disabled in Application Statuses, since that is a setting you afirmatively mentioned?

I am running version 9.0.375 in Windows 7, but noticed some problems when using the User Interface in Windows 10

sounds like you have the protocol filtering chain interrupted at some place: maybe the HTTP scanner or the protocol filtering itself. If I am correct, you should already know, no?

That program is very suspicious xD

I remembered back this page from ~7 years ago https://www.facebook.com/lostclusters

@Swex: This incident could be just an "annoying" FP, but this ocurred over what threat name? As far as I know (and ironically), ScrInject and Phishing could be as simple as Autorun INF plain text? Incidents like this makes me wonder if specific features like Exploit Blocker local mechanisms are enhanced with LiveGrid requests? . . .should enhance that precision and reduce any significant amount of affected users?

I cant see all the log... why dont you copy/paste the text instead?

actually the logic is the opposite: show ALL presumably potential problems only when they ocurrs in that screen. This a good kept behavior from previous release. I understand The contrast of the GUI, but you could combine the actual grey + cyan Hue to lower the excessive brightness. also the switch buttons could have rounded corners

All the system, with Smart Optimization Enabled (aka fingerprinting and LiveGrid whitelisting)

I think these modules are more frequent in Beta testing of new releases, example: right now it would be the internet protection module (1203b), HIPS module (1186b), the new config module (1134b) and translation support module (1363b) i suppose precedence of module download would be beta channel first, then your prefered update channel (usually regular) and then your not prefered channel (usually pre-release)

it seems you like underground tests https://www.shadowserver.org/wiki/pmwiki.php/AV/VirusWeeklyStats

maybe is toó late but I would see the Idle scanner evolve into some type of regularly scheduled "extended startup scan" and monthly "full scan", also by default auto scan USB storage in smart mode (no archives)

Add to wishlist: Performance enhancements to Emulation I noticed when scanning an UPX packed Icon Resource Library, it needs to unpack that section too....... but when removed the icons/bitmaps from the DLL, then UPXed and scanned all is OK back again

Descr:experimental auto-whitelist in Filesystem protectin Details:limited to write-execute events & UPX bigger than ~3MB