Stuff You Should Exclude From Your Anti-Virus

It should be perfectly safe to exclude some folders from your anti-virus processing.
Have a look below, my notes/comments should help you understand the generic state-of mind and then you can apply the same reasoning to modify or add other items.

Continue reading

Removing ESET Products – Additional Notes

  1. First open up your ESET product, go to “quarantine” and either restore or “copy to” every file you would not want to see ‘go away’. You’ll be surprised how many users forget about *this thing* until they uninstall the software, and cleaning up all of the ESET related folder, effectively loosing missed-identified files *along the way*.
  2. Download the official uninstallereither #1, #2 or this local-mirror[208KB] to your desktop, extract the file from the archive, shutdown your computer, rebooting it into safe mode, right click the file ESETUninstaller.exe on your desktop and run it as administrator. follow the instructions removing every product, follow with next step to remove some registry leftovers.
  3. Extra registry keys/values/etc.. leftovers you can safely delete. Copy&Paste into a file named cleanup.reg. Additional notes included in the body of the file (may be ignored).

    run the file once after the previous step still in safe-mode, and once after you’ve rebooted your computer back to normal operation-system.

    Windows Registry Editor Version 5.00
    
    [-HKEY_CURRENT_USER\Software\ESET]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\ESET]
    [-HKEY_USERS\.DEFAULT\Software\ESET]
    [-HKEY_USERS\S-1-5-18\Software\ESET]
    [-HKEY_USERS\S-1-5-19\Software\ESET]
    [-HKEY_USERS\S-1-5-20\Software\ESET]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EAMONM]
    
    
    ;drivers:  "eamonm", "edevmon", "ehdrv", "epfwwfpr"
    
    ;needs taking-ownership and full-permission (not parent-inherited). might not work.
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EAMONM]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eamonm]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EAMONM]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\edevmon]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EHDRV]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ehdrv]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EPFWWFPR]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\epfwwfpr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ekrn_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ekrn_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ekrn]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ekrn_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ekrn.exe]
    
    
    ;remove access execute-permission of Eset-exe files
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\callmsi.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ecls.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ecmd.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\eeclnt.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\eh64.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\SysInspector.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\SysRescue.exe"=-
    "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\callmsi.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\ecls.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\ecmd.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\eeclnt.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\egui.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\eh64.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\SysInspector.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\SysRescue.exe"=-
    "C:\\Program Files (x86)\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe"=-
    
    ;C:\Users\Elad\Desktop\ESETUninstaller.exe
    ;[-HKEY_CLASSES_ROOT\TypeLib\{C9E0F815-DD95-11DD-A6A2-000FFE7FA963}]
    ;[-HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{C9E0F815-DD95-11DD-A6A2-000FFE7FA963}\1.0\0\win32]
    ;[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F85E2D65-207D-48DB-84B1-915E1735DB17}]
    
    
    
    
    ;C:\Windows\System32\drivers\eamonm.sys
    ;C:\Windows\System32\DriverStore\FileRepository\eamonm.inf_amd64_neutral_2b9b28a2f23da3d2
    ;C:\Windows\System32\DriverStore\FileRepository\eamonm.inf_amd64_neutral_2b9b28a2f23da3d2\eamonm.cat
    ;C:\Users\Elad\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_ekrn.exe_9e282afd4c553fda81672596d78a29ecb189c0f9_cab_09498087
    
  4. Consider cleaning up using CCleaner (file-system and registry) and maybe reset your network adapters:
    (copy to a cmd or bat file run as admin and reboot when done)

    @echo on
    ::-------------------------------------------------------------------Firewall Reset (firewall works on XP,7,8+, advfirewall work on 7,8+)
    netsh firewall reset
    netsh advfirewall reset
    
    ::-------------------------------------------------------------------Disable Firewall (firewall works on XP,7,8+, advfirewall work on 7,8+)
    netsh firewall set opmode mode=DISABLE profile=ALL
    netsh advfirewall set allprofiles state off
    
    ::-------------------------------------------------------------------delete http cache
    netsh nap reset
    netsh rpc reset
    netsh winhttp reset
    netsh http flush
    netsh http delete timeout timeouttype=idleconnectiontimeout
    netsh http delete timeout timeouttype=headerwaittimeout
    
    ::-------------------------------------------------------------------make connection direct
    netsh winhttp reset proxy
    
    ::-------------------------------------------------------------------disable tracing (default = disabled, ansi, 65535)
    netsh winhttp reset tracing
    
    ::-------------------------------------------------------------------delete http cache
    
    netsh http delete cache
    
    ::-------------------------------------------------------------------BranchCache Optimize WAN traffic (Windows Server 2008 R2 and Windows® 7)
    netsh branchcache reset
    
    ::-------------------------------------------------------------------Routing Lists Clear
    netsh routing reset
    
    ::-------------------------------------------------------------------Network-Adapter’s Software Default (Winsock Reset and Rebuild)
    netsh winsock reset
    
    ::-------------------------------------------------------------------BranchCache is a new feature of Windows Server 2008 R2 and Windows® 7. BranchCache 
    netsh interface ipv4 reset
    netsh interface ipv6 reset
    
    ::-------------------------------------------------------------------Network-Interfaces Reset
    netsh interface reset all
    
    netsh interface httpstunnel reset
    
    
    ::-------------------------------------------------------------------Hardcore TCP/IP Reset and Rebuild
    netsh int ip reset c:\temp\netsh_ip_reset_log.txt
    
    
    
    
    pause