Is there any way to reliably get windows system restore working with eset installed?

[TTOZ 2]

With mawarebytes it was so easy, cause malwarebytes has an exit mode and a disable startup with windows mode which completely disables it and actually refers protection back to windows defender. In this mode it's as if MWB is not installed at all and not interfering with the system in any way, i.e. there are no MWB processes running, the app is completely and truly closed.

Do the restore, re enable start with windows for MWB. That's it.

I tend to need system restore as I beta test a lot of products for the audio community and I also muck about with certain registry tweaks and like to be able to go back to the system as it was if I need to.

How can I do it with Eset installed?

Thanks in advance!!

 

[Marcos 4,551]

Please try temporarily disabling Self-defense in the advanced setup -> HIPS and reboot the machine prior to performing a system restore.

[TTOZ 2]

Ok I will try, do I need to use the windows recovery tools or safe mode or can I just do it from the system restore panel in normal boot mode?

Also, I presume I should disable my wireless connection when I do this so nothing malicious can download to my PC?

When you say pause, do you just mean to right click on the icon in the system tray and choose "pause protection" then choose pause until reboot?

Also whilst I have got your attention I would really like a simple gamer mode toggle in the system tray icon options.. to have to open the program and navigate to it every time is really annoying if I am to be honest!

Thanks!

Edited July 29, 2022 by TTOZ
spelling

[Marcos 4,551]

I mean to temporarily disable Self-defense and reboot the machine:

The machine will continue to be protected from threats.

[TTOZ 2]

Lucky LOL!

I have to be honest, I am really confused, as I went to disable  protection and a red thing came up and said "a threat was found and blocked a short time ago, disabling protection now will damage your computer"

Where can I see what Eset blocked or quarantined.. I am finding this part (very) unintuitive

The only block I remember it doing was when I was browsing in google and Eset said it blocked threats from one of the search result links.. thing is, I had not clicked on ANY search result link yet.. so I presumed Eset was that proactive it was blocking it before I could even go there LOL.. seriously it was bizarre.

I'll do a scan and wait for the reply on how to view threat history and quarantine, then I have to do a restore for the first time in a few days....

Thanks as always for excellent fast support replies. Colour me impressed!

[Marcos 4,551]

You can access logs via a right-click on the ESET icon:

Or via Tools -> More tools -> Log files in the main gui.

[TTOZ 2]

Thanks but I just wanted a nice simple history somewhere in the main display like say BitDefender that just tells you "threats caught" kind of thing. Not a complex log.

That said, system restore worked perfectly and I am in shock, as I have NEVER been able to do a successful restore with any other AV running, ever. Only with MWB when it was closed completely. It always failed with BD and Kaspersky, so I am really happy it worked with ESET.

Anyway, I found the quarantine folder and I still don't understand what it quarantined when all I did was a google search and it quarantined something from the search result on the google page, it was the top result, but I never clicked on it, not even close! I mean I can not understand how it is removing files from links in search results that are never even pressed. I submitted it in case it was a false positive.

I highlighted all files in quarantine and right clicked and removed them, and I hope that means I permanently deleted them (they were all just web links).

According to Emsisoft emergency kit scanner (full scan) and ESET (full scan done after restore) my computer is clean so that's good enough for me. The only other thing I changed was to update every 30 minutes instead of hourly. I was somehow abkle to find that setting LOL.

The GUI of ESET is really good, colours wise, and it's very pleasant to look at all in all. However it's a very, very complex piece of software with endless sub menus, so even that great GUI can't organise it to be really comfortable for anyone but the AV power user.

So I am just going to leave everything at 99.5% default settings as I have been, and it has not changed performance in my games (in fact my timespy score for this legion 7i/3070 was 100 points higher with ESET instead of defender, 11,200 vs 11,100), so everything is basically working fine.. I tried some triple A gaming finally today, using a lot of CPU and 100% of the GPU at 140w, and there were no stutters, everything performed great. That was the final big test for me.

I have decided to definitely keep it as I don't have to worry about AV for 3 years now and it has been mostly unobtrusive.

Cheers and please consider that game mode toggle in taskbar menu when right clicking on ESET icon:)

I very rarely game in full screen so it would be extremely handy.

 

 

 

[Marcos 4,551]

You don't have to delete quarantined files unless you want to free a little space on the disk. In quarantine files are stored in an encrypted form so they don't pose any risk. In case of a false positive, it enables you to restore the affected files.

ESET products are install and forget. You don't have to open the advanced setup and go through all the options that are there mainly for advanced users.

If you want to get a quick overview / stats, go to Tools -> More tools -> Security report.

As for the Gaming mode, do you see any difference while playing games when active and inactive?

[TTOZ 2]

Hi I haven't seen a difference because there have been no infections. I presume gaming mode just supresses notifications and intrusion if something attempts to infect the system? (I mean no infections whilst gaming thus far).

 

Edited July 31, 2022 by TTOZ
added final sentence about game mode

[TTOZ 2]

Hi, I just tried System Restore 3 times and it failed with disabling only the self defence slider.

On the third time I disabled both the self defence slider and file protection and it still failed.

On the 4th time I took a punt and disables HIPS completely, and thank goodness, restore was successful.

I mean I had to disable the entire HIPS that requires a system restart to even disable!

I was a bit concerned, but I disconnected from my network AND disabled Wi-Fi on my laptop before doing so.

So there was no internet at all during this. Hence no chance of online infection.

So first question, if I need to do this to ensure a successful restore in future, is that OK as long as I am offline when I do so?

Interestingly, once the restore was completed, HIPS was completely reenabled and Wi-Fi on, so the exact state I created the restore in.. which is how it should work.

I am letting you know in case something has changed in ESET where just disabling the one component of HIPS that I was originally told, doesn't work anymore.

I must admit this is all getting a bit too much for me now....

When I used to exit Malwarebytes, which would exit all MWB processes completely, Defender came back on as a backup. Always, 100% of the time. When I disable things in ESET, security center instead shows only warnings, and it doesn't fall back to defender.  The system can be in a naked state so to speak but with my previous setup it never was (and no matter what, Defender is better than nothing).

An oddity was that when I opened Edge after the successful restore just now, it said that it closed unexpectedly and asked me to restore the last session, which did load OK. I have no idea why as Edge was closed when I did the restore and I had had no crashes.. But I digress...

I was fooling around with HPET functions and other CPU stuff to test DPC latency and gaming performance and some stuff related to my audio production interface, and I would have been distressed had restore not worked as not everything was easy to undo, hence the restore point being made. SR has never failed me a single time, from  Windows 7 days to now, when only Microsoft AV is active.

I am starting to be concerned and don't know what to do.

I purchased on the 25th July so I presume I am just in time to return if I decide that ESET isn't for me?

Look, ESET is the closest I have come to AV happiness as an "all in one do everything package, firewall, the lot"

I detest almost all the others, I did love Bitdefender total, but after the massive false positive detection loop I had that it got stuck in about 8 months back , thinking every single thing on my system was infected, and I had to force shut down to get out of it (after the screen had gone grey, with *only* BD infection popups showing, after 2 hours and clicking ok 300 times for 300 different files, I realised it was never going to end, and I decided I'd rather install the whole system again than go through any more of that, and I forced shut down with the power button)

Of course, on reboot it found zero infections with a deep scan, as did defender offline and Malwarebytes full scan. Heck I even threw in Norton Power Erase. Nothing. But BD had done it's damage and deleted half the essential files on my system. A story for another time but since the first AV I used, VET, decades ago, I have never seen such a thing and it really got to me. I was devastated as I was doing nothing at the time when it went berserk. I was offline and just changing folder view options in explorer! They must have realised it was a nasty bug as they took a week to get back to me and just sidestepped everything in their reply.

I loved Malwarebytes because it can truly be exited and generally is also very fast (though it needs certain game folder exceptions added unlike ESET), but I lamented the lack of integrated firewall which is why I went to ESET, to have everything in one app like BD used to be. And I researched which AV had lowest false positives, as after the BD incident that was essential LOL and ESET came out clearly on top for that, with 0 false positives in some recent tests! 

The legions of menus and complexity are the one thing I don't like, but if you tell me this restore thing will be looked at and attended to if needed, then that is enough for me.

Also, with ESET I have had no computer performance loss, all games behave and the system is super snappy. With Kaspersky for example, it made everything lag by 2 seconds when clicking links online. There's always something. But I'll learn the functions and get used the the firewall and menus over time with ESET, as long as I can be assured I will be able to do restores.

If not, can ESET be safely removed without a trace? This one was a new system, it never had MWB or others on it. ESET was the original AV install. But I still have a seat of MWB I could go back to if needed and I guess use their companion app, windows firewall control. Just a thought.

Sorry for the long post!

 

 

 

[Marcos 4,551]

After disabling self-defense or HIPS, it's necessary reboot the system for the change to take effect. Did you reboot it?

The thing it that Self-defense prevents System restore from tampering with ESET's files so it must be temporarily disabled.

[TTOZ 2]

Yes I rebooted but the self defense setting would auto reenable so I had to disable the whole thing.

Anyway, I am out, I have just been through 5 hours of hell.

I am certain, certain that disabling hips completely, then rebooting, then doing a system restore hosed my windows boot area....

It was working fine when I typed my post, then 5 minutes later, I got a BSOD from the pit below when simply plugging in a brand new, empty SanDisk 32GB flash drive. I thought no big deal, I will just turn off and turn on. Windows would no longer boot even in safe mode! I tried 20 times and all it did was say your computer has encountered a problem. In all my life such a thing has never happened. Not even a repair worked from emergency menu. Nothing. It just said failed after failed.

I didn't have a Win 11 USB installer and after an hour of troubleshooting to no avail, I had to wipe the drive and do a fresh install of Win 10 of which I have a retail copy. Then I downloaded the Win 11 Media creation tool and now have my win 11 installer and formatted again and did a clean Win 11 install with drivers.

Computer is fine, it was just a severe boot sector corruption obviously, and the timing is too suspicious to me. Literally I had just done the restore, typed my post and the computer died.

I have done hardware tests and it's all fine, and in fact now with the fresh install it is running better than ever (touch wood).

I swear this is the last time I will EVER use any third party security tool. They just interject with the system at such a low level.

I am thankful in a way as it happened before my 30 days, so I can refund and not be stuck with a 3 year 2 seat licenses. I won't even use Malwarebytes anymore. I am over it. Windows defender and firewall. That's it! I am done!

Bitdefender  hosed my system, Kaspersky slows internet on two previous computers to the point I never tried it on this one and yes I have a year license for that remaining (with this new PC), Malwarebytes was the least intrusive but also the only one to make certain games lower to 5 FPS, literally, even some old ones that are 500+ FPS otherwise, and now ESET has hosed my system. Every AV has acted like a virus for me ever since after Vet AV which was the best thing ever made.

Every single person.. every single one in my audio production and gaming circles tells me to use only Defender as everything else causes issues. I finally believe it.  They say, you have zero to worry about if you don't visit dodgy sites.

ESET, you are fine people and I have 100% certainty, that if indeed ESET was the cause as I feel it really was, then there is no chance you'd want to do anything other than attend to it. Your support is outstanding, your product is fast and unintrusive, and I DO respect you so please don't be angry. However,  I have come to the end of the road for third party AV. Currently this re install is using defender only and everything is fine.

I already did an overnight DOS based memory test , extensive, last week for my 2x32GB Kingston fury impact. No issues there. I have done all the legion long tests for all components, they took HOURS, no issues there. That was after the BSOD I had last week.

So I guess the proof will be in the pudding.. Will my system crash like that again? A BSOD is not supposed to destroy your entire system... and it should let you try to go to another restore point if that happens....

If my system does crash like that again, not only will I come back and apologise profusely, but I will make a donation to ESET as that would be the least I could do.

Good luck to you all, best wishes, 

Sincerely,

T

PS The delay in my reply is because now that everything is finally up and running, this is the first time I am seeing it. I am  just glad I use secondary drives for all game installs and stuff.