-
Posts
336 -
Joined
-
Last visited
-
Days Won
3
Everything posted by cutting_edgetech
-
Does rundll32 really need internet access at all? It seems Microsoft keeps adding more, and more components to Windows that need internet access. It really makes me want to go to Linux for good. I don't think rundll32 should be given internet access considering how many threats use it. Does anyone know any reason why rundll32 must have internet access? Notice I said must.
-
I believe I have just found a bug with Eset Smart Security 8 Firewall. If the user opens configure rules, and zones then the firewall will not save application rules for applications the user is prompted for. I was prompted for outbound request for Auslogics DiskDefrag while having configure rules, and zones open. I chose to block, and save as a permanent rule. Eset did not save the rule. I assume this only occurs when the user has configure rules, and zones open. I'm using Windows 7X64 Ultimate fully patched. I'm using Eset Smart Security 8.0.312.0.
-
Selecting the option to fill out the survey at the end of the installation causes Eset's certificate to fail to install since the survery opens the browser. I assume the certificate is for filtering https, and the banking protection. Eset must find a better time to offer the survey. Closing the browser, and retrying successfully installed the certificate. I'm using Windows 7X64 Ultimate with all patches.
-
Another SSL Protocol Issue
cutting_edgetech replied to itman's topic in ESET Internet Security & ESET Smart Security Premium
I actually like to filter SSL protcol, but i'm afraid to try it now. I have had problems in the past with many pages just timming out, and it was a big headache. I disabled SSL protocol scanning, and that fixed the problem. This was like in NOD 32 version 5, or 6 though so a lot could have changed since then. I'm beta testing some other software right now so if I did run into problems it would take even more of my limited time to report it so i'm going to hold off on trying it again for now. Maybe I will try enabling SSL Protocol again once I have more time. -
Another SSL Protocol Issue
cutting_edgetech replied to itman's topic in ESET Internet Security & ESET Smart Security Premium
Did you notify your bank yet? If someone else really did take those screen shots then you should notify your bank immediately. If they were able to take the screen shots then they were definitely able to obtain that information remotely. Edited 4/28 @10:51: Are you sure they were screen shots? I don't think there is an option to save screen shots as .htm. htm is like html. I'm not sure if the browsers should be saving web images of secure logins in the cache. I think that is the question that should be asked. The other instance of explorer.exe can't be good though. -
Scheduled Scans
cutting_edgetech replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Any predefined rule including IDS. -
Scheduled Scans
cutting_edgetech replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
I think you misunderstand my request. I'm requesting an option to log all dropped/blocked packets per application that violates any packet filter rule that comes preset with ESS. Many rules come by default. I don't want to just log blocked packets for a rule I have created. The only option currently is to log all traffic for an application. Logging allowed traffic consumes the log file, and makes it hard to find what I'm looking for. It probably also makes ESS a little heavier on the system. -
Scheduled Scans
cutting_edgetech replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Please give the option to log only dropped/blocked packet per application. -
I have all these strange entries in my HIPS log, and I have never seen these before until recently. I'm using Smart Mode, and I have not created any custom rules. I also have never received any prompts from the HIPS despite having all these entries in the log file. Should the HIPS be silently blocking all these events? Is this something I should be concerned about? I copied a few of them below. I attached the rest of the log with this post. The forum software said there were too many to paste them all below. I'm using Windows 7X64 Ultimate SP1. C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application 4/17/2015 4:24:46 PM C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:15 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:15 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:15 PM C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Modify state of another application 4/17/2015 4:23:15 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:12 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:12 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:12 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\svchost.exe Get access to another application C:\Windows\System32\winlogon.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application 4/17/2015 4:23:11 PM C:\Windows\System32\svchost.exe Get access to another application C:\Windows\System32\winlogon.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application 4/17/2015 4:23:11 PM C:\Windows\System32\svchost.exe Get access to another application C:\Windows\System32\winlogon.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Modify state of another application 4/17/2015 4:20:17 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application HIPS Log.txt
-
Thank you! I was hoping detected attacks would be logged. I used the trouble shooting log before, and it logs everything. It's really only good for trouble shooting to me. If I had an allow rule for an application, and the application still could not access the internet then I would turn that on if the logging for the application did not show anything blocking it. Edited 4/17 @6:41
-
Are there any preset rules created by Eset which come by default that would allow any of the allowed services in automatic mode? I'm just wanting to make sure no such rules come with ESS by default. If i'm understanding you correctly then the user would have to create a filter rule in all cases to allow any of the allowed services in automatic mode.
-
Your first response to my question was, "ESET firewall doesn't prompt the user unless interactive mode is used or a rule asking for an action is applied." It sounded to me like you was saying that automatic mode would allow any of the enabled services in Eset's firewall without prompting the user. I still currently have no use for almost all of those services so I will leave them disabled on my machine. Also, allow incoming connections to admin shares in SMB protocol does not say it is in the trusted zone. Is this service referring to any remote connection?
-
I strongly disagree. There are known attack vectors for SMB protocol. Do a google search, and you will find multiple articles about SMB flaws/vulnerabilities that were published in the past 2 days. Also why on earth would a home user need to allow remote registry service? Allowing all those services without prompting the user creates a much larger attack surface. Eset should never allow all those services without prompting the user, and that is exactly what they are doing since interactive mode is not ESS's default settings. Are you saying that ESS firewall will prompt the user in interactive mode if someone attempts to access their machine using the remote registry service if that service is enabled in ESS firewall?
-
Does Eset prompt the user if someone attempts to access their computer using one of the allowed services in the IDS, and advanced settings if the service is configured to allow? So if the service is configured to allow in the IDS, and advanced settings will it allow the service without prompting the user? They were all ticked by default, but I unticked almost all of them after discovering them. I think very few home users would need hardly any of them.
-
I just ran into the exact same problem the starter of this thread did with ESS 8 on Windows 7X64. I had just switched my Network type from Home Network to Public Network hoping it would increase my security even though I'm on a Home Network. It caused the exact same problem with the exact same entries in Eset's Log that is described in the first post of this thread. I lost complete internet connectivity. I thought I would mention that here in case it helped others that may run into the same problem. Switching the Network type back to Home Network fixed the problem. ESS will not allow my router because it is not in the trusted zone. I wonder why private network mode will work at a place like a coffee shop, and not at home. It would have to allow connections from there rounter, or internet would fail there as well. Can anyone answer this question?