Some additional comments on what KVRT.exe does. It updates a RunOnce reg. key which I monitor via HIPS rules. I assume what it was doing in the temp directory was creating a kernel mode driver on the fly similar to that done by Process Explorer. And more what would be considered suspect activities. All this was enough for Augur to flag its activities.
Yes it performs both actions that you've mentioned. It loads driver so it can perform scan. To unload it, you have to restart your system. It also adds runonce regkey that is deleted after you close an app after the scan is finished. If scan crashes for whatever reason that regkey will instruct KVRT to delete it's data after next reboot.
Not, no and no! The solution is never the exception, as the program may be infected in the future. With exceptions, I always punch a hole in my defense system. The exception is a hole in the defense.
I found some strange thing with respect to the "Banking & Payment Protection" (BPP) and renewing your licence at ESET NL. This is on Win 7 Dutch, using IE11, and the English version of Eset Internet Security (EIS). At some moment EIS is giving a warning that the licence is going to expire in 14 days. You click on that warning from EIS to renew the licence. You get then to https://nl.store.eset.com/onepagecheckout for the renewal. If you want to go further to pay via creditcard, you get the Buckaroo site: https://checkout.buckaroo.nl/html/pay.aspx At least at that moment (if not earlier) you would expect that Eset's BPP would have jumped in. But no, nada ... In the past I had already seen that BPP would not jump in at the Buckaroo site. So I had already manually added (via advanced setup) in the BPP list: https://checkout.buckaroo.nl Whatever, it doesn't work. So, I ended it all and closed IE11. Cleaned caches, rebooted. Now added manually: https://checkout.buckaroo.nl/html/pay.aspx Rebooted. Tried the renewal again. Still no BPP. Cleaned caches again, rebooted. Now added manually (via advanced setup) in the BPP list: https://nl.store.eset.com/onepagecheckout https://nl.store.eset.com (and rebooted again). Now finally that last added site did the trick. Finally the BPP was working and also at the Buckaroo site to which you get redirected. Some final notes: I expect that, when you want to buy from ESET, Eset's own BPP is automatically working and "protecting". It didn't and I had to jump through some hoops to get it working. I had to find out those hoops myself. A support ticket with ESET NL was yesterday started (also about another wrong part in their email earlier from them, but that doesn't matter now). Initially I was told that the Buckaroo site doesn't need BPP. Well, if that is true, then for example the connection with your bank doesn't need it too. The BPP is there for a reason, isn't it? I told them what I did to get the BPP working when buying from them. They told me that they would consider whether BPP needs improvement in this respect.
Please report any issues to your local ESET distributor and ESET's official forum at https://forum.eset.com where it can get better attention by ESET staff. Regarding your question, buckaroo.nl is not known to us. To me it looks like a payment provider so automatically redirecting the communication to a secure browser could do more harm than good if the user is supposed to be redirected back to the e-shop after the payment. Therefore we do not support payment gateways in BPP and do not redirect the user in such case. What the user can do is open an e-shop website in a secure browser and the whole subsequent communication will be secured; another thing is that it would not be safe if the e-shop website was compromised or malicious intentionally.
It was reported to local ESET distributor. I did write that there was contact with ESET NL and that were was a support ticket. If Buckaroo is not known to "us" (I suppose that "us" means ESET Headquarters), then you should get in contact with ESET NL. With respect to e-shop: That's exactly what I did: making sure that https://nl.store.eset.com is in the BPP list because the program EIS itself didn't do it. The whole point is: If a person wants to buy from ESET via the renewal link in EIS itself, then ESET has to make sure that it is via secured browser (BPP !). Whether the issue is showing in other countries, I don't know. And further I would suggest that you get in contact with ESET NL.
ESET Uninstall tool v9.0.1.0 (February 2020) https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool Download: https://download.eset.com/com/eset/tools/installers/eset_apps_remover/latest/esetuninstaller.exe or via Majorgeeks
Upgraded here as well. TY for that heads up, itman . For right now I'm staying with the default 'Balanced' setting until I learn more. Hovering over the setting for more info isn't clearing up my confusion. Maybe I'll find more on the ESET site or the forum.
Looks like what I have at work. Just checked my home PC and I was not offered the update. You guys using just the AV or Internet Security?
Major issue with Eset NOD AV 13.0.24 and Chrome: Since Chrome update to 82.0.4083 (and later 82.0.4085.4 being the latest) both on Canary and Dev channels, there's a HUGE memory consumption issue in Chrome on (almost) all sites (especially gmail) that cause tabs to crash. Removing NOD resolves the issue, reinstalling it back recreates it and so forth. PS Same problem with 13.1.16
There is something similar reported here: https://forum.eset.com/topic/22902-eset-slows-down-chrome-every-time-i-start-it/