Marcos
-
Posts
36,872 -
Joined
-
Last visited
-
Days Won
1,464
Posts posted by Marcos
-
-
Sounds like a permission issue. Please provide a Procmon log from the time when you attempt to save settings. Are you logged in as a standard user or administrator?
-
1, The malicious communication was blocked so it's of no concern. You can block the remote IP address on a firewall to prevent future exploitation attempts. However, even if the communication was not blocked, it wouldn't pose any risk as long as you don't have a vulnerable version of Struts installed.
2, If you don't use Java intentionally, I'd rename its executables and observe if no issues occur in the next few days or weeks. If it turns out that some application requires Java, you can rename the files back. Otherwise you could uninstall it completely.
-
On Mac you define privileged users who can change settings.
-
I'd suggest temporarily removing the following apps:
Discord
Killer Ethernet Performance Driver Suite UWDThen you have also a couple of games installed, however, I assume you didn't use any cracks.
Also make sure that browser extensions are completely removed, not just disabled. According to the ELC logs you provided, access the url was blocked twice and only Chrome attempted to access it.
22. 4. 2019 16:40:53 hxxps://amanda.runtnc.net Blocked by PUA blacklist C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 18.210.42.94
22. 4. 2019 16:33:49 hxxps://amanda.runtnc.net Blocked by PUA blacklist C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 35.169.145.234
15. 4. 2019 19:58:20 hxxs://www.maxonclick.com Blocked by PUA blacklist C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 35.190.68.123You could try uninstalling Chrome, making sure that the folder "C:\Users\zeman\AppData\Local\Google\Chrome\User Data" doesn't exist and then install Chrome from scratch.
Also you could try resetting your router to factory settings and use Google DNS 8.8.8.8 and 8.8.4.4, just in case.
-
Did you get warnings like this?
Are both these eicar files detected upon download?
https://secure.eicar.org/eicar_com.zip
http://www.eicar.org/download/eicar_com.zipIf ESET's root certificate is not listed in Mozilla's trusted root CA certificate list, do the following:
- disable SSL filtering
- reboot the machine
- without launching any application, re-enable SSL filtering. -
Do you get notifications about untrusted certificate when you open https://badssl.com/dashboard/ ?
-
Please provide logs collected with ESET Log Collector.
-
It depends. When you click a link in a browser to download a malicious file, it looks like as follows:
-
7 minutes ago, 0xDEADBEEF said:
does this mean web protection may detect something that on-demand scan cannot detect?
Correct. Also web protection blocks known sites that distribute malware so even if there's a new unrecognized variant, the download would be blocked.
-
Please use this wizard for instructions: https://support.eset.com/unlockems/
-
3 minutes ago, AlessandroG said:
two big companies can't talk to each other and solve a problem that leads to both problems for their customers. In my humble opinion, it seems to me a lack of respect for customers. Surely you as Vmware have more resources than a common user, I don't think it's hard to get in touch with you.
This is untrue. We contacted VMware and provided them with details about the problem in their driver. It's their turn now.
-
Please check the website of our official Korean distributor: https://www.eset.com/kr/. Server products are more expensive, however, ESET File Security is included in the package if multiple licenses for endpoints are purchased.
-
I was talking about Smart scan which is an on-demand scan profile:
-
Yes, Endpoint is available for 5+ PCs.
-
Smart scan scans all local disks completely, not just specific folders.
-
3 minutes ago, itman said:
I assume this is because SmartScan default Is not set to scan archives? Setting SmartScan to do so I assume would then scan all archive types?
"Smart scan" is an on-demand scan profile. Real-time protection has nothing to do with it. Looking at profile settings, Smart scan has scanning of archives and SFX archives enabled by default.
-
For business users we have Endpoint Antivirus and Endpoint Security, products for file and mail servers, Sharepoint, mobile phones, etc. We also provide ESET Enterprise Inspector for monitoring networks for suspicious activities and responding (so-called EDR) as well as ESET Dynamic Threat Defense for instant analysis of potentially new malicious files in a cloud sandbox and response.
Please clarify what you are interested in and what is the problem with the Korean reseller.
-
Web protection scans archives utilizing more sensitive detections while real-time protection doesn't scan archives at all with the exception of certain sfx archives or installers. If you come across an undetected archive, send it to me via a personal message please.
-
Akykolvek podozrivy subor odporucame najskor premenovat / presunut do ineho adresara a restarnut pc, aby sa deaktivoval pripadny malware. Nasledne nam mozete dane subory poslat na analyzu, ked sa potvrdi, ze problem sa po restarte prestal prejavovat. V tomto pripade by sme privitali zaslanie update.dat, aby sme ho zanalyzovali a pripadne pridali detekciu, cim budete do buducnosti pred danym malwarom chraneni nielen vy, ale aj ostatni pouzivatelia. Ak je to mozne, skuste ho obnovit softwarom na obnovu suborov a nasledne zaslat na samples[@]eset.com v archive s heslom "infected".
-
In terminal mode gui is not running so no notifications can be displayed on the screen. It is possible that in future versions egui proxy will allow for displaying notifications and alerts to users without consuming too much memory resources.
-
Blokuju sa spojenia, aj ked pouzijete iny prehliadac ako MS Edge ? (Chrome, Firefox,...)
Alebo sa blokuju, aj ked nemate otvoreny prehliadac? V takom pripade by ste mohli vyskusat cez Spravcu uloh (Task manager) vypnut automaticky start aplikacii a po restarte overit, ci sa adresy nadalej blokuju. Ak sa nebudu blokovat, postupne by ste potom autostart pre aplikacie zapinali a zistili tak, pri ktorej sa zacnu blokovat.
V pripade pretrvavajucich problemov mozete kontaktovat slovensku technicku podporu. Kolegovia by sa v pripade potreby potom aj vzdialene pripojili na Vas pocitac a skusili by tak problem vyriesit.
-
30 minutes ago, justme12 said:
I had the same results as you yesterday when I removed FFox. HOWEVER: today I downloaded Revo uninstaller Pro and removed way more FF reg values than the normal uninstall of FF accomplishes.
So did Revo Uninstaller remove also the reference to the Comodo also from profiles.ini?
-
You can try to retrieve your license details by entering your registration email address in the form at https://www.eset.com/int/support/lost-license/or contact the seller from whom you purchased your license.
-
@Justme12: In your case the problem is most likely a non-existing Comodo profile folder C:\Users\psavi\AppData\Roaming\Comodo\CSS\User Data-firefox1 which is, however, referenced in C:\Users\psavi\AppData\Roaming\Mozilla\Firefox\profiles.ini.
Please back up profiles.ini and with Firefox closed remove the section belonging to the non-existing profile.
HIPS and Intel Chipset Drivers
in ESET Internet Security & ESET Smart Security Premium
Posted
Why do you think it's caused by HIPS? If the application is 100% safe, you can try temporarily disabling HIPS, rebooting the machine and then installing the app.