cutting_edgetech

What areas of the system is a Smart Scan suppose to scan? Does it still scan all of C drive? I conducted a Smart Scan, and it scanned my external drive as well. I'm using ESS 9.0.117.0

I allowed it a few times just to see if I could detect any application updating I went ahead, and created a permanent block rule for it. It does not make sense to allow internet access when you don't even know what is requesting it. I have not experienced any problems by blocking it.

Thank you for your clarification!

Does rundll32 really need internet access at all? It seems Microsoft keeps adding more, and more components to Windows that need internet access. It really makes me want to go to Linux for good. I don't think rundll32 should be given internet access considering how many threats use it. Does anyone know any reason why rundll32 must have internet access? Notice I said must.

I believe I have just found a bug with Eset Smart Security 8 Firewall. If the user opens configure rules, and zones then the firewall will not save application rules for applications the user is prompted for. I was prompted for outbound request for Auslogics DiskDefrag while having configure rules, and zones open. I chose to block, and save as a permanent rule. Eset did not save the rule. I assume this only occurs when the user has configure rules, and zones open. I'm using Windows 7X64 Ultimate fully patched. I'm using Eset Smart Security 8.0.312.0.

Selecting the option to fill out the survey at the end of the installation causes Eset's certificate to fail to install since the survery opens the browser. I assume the certificate is for filtering https, and the banking protection. Eset must find a better time to offer the survey. Closing the browser, and retrying successfully installed the certificate. I'm using Windows 7X64 Ultimate with all patches.

Where do I get a beta license?

I actually like to filter SSL protcol, but i'm afraid to try it now. I have had problems in the past with many pages just timming out, and it was a big headache. I disabled SSL protocol scanning, and that fixed the problem. This was like in NOD 32 version 5, or 6 though so a lot could have changed since then. I'm beta testing some other software right now so if I did run into problems it would take even more of my limited time to report it so i'm going to hold off on trying it again for now. Maybe I will try enabling SSL Protocol again once I have more time.

Did you notify your bank yet? If someone else really did take those screen shots then you should notify your bank immediately. If they were able to take the screen shots then they were definitely able to obtain that information remotely. Edited 4/28 @10:51: Are you sure they were screen shots? I don't think there is an option to save screen shots as .htm. htm is like html. I'm not sure if the browsers should be saving web images of secure logins in the cache. I think that is the question that should be asked. The other instance of explorer.exe can't be good though.

Any predefined rule including IDS.

I think you misunderstand my request. I'm requesting an option to log all dropped/blocked packets per application that violates any packet filter rule that comes preset with ESS. Many rules come by default. I don't want to just log blocked packets for a rule I have created. The only option currently is to log all traffic for an application. Logging allowed traffic consumes the log file, and makes it hard to find what I'm looking for. It probably also makes ESS a little heavier on the system.

Please give the option to log only dropped/blocked packet per application.

Thank you for your help Macros! Honestly the IDS logging is more important to me than logging dropped packets for a specific application. It was something I was wanting to enable for a long period of time, and I wanted to log all dropped packet for the application instead of for just one rule.

I did enable the logging for the HIPS recently. I just didn't expect to see anything in the log file without receiving a single prompt from the HIPS. Eset's HIPS behaves more like a policy based AE to me. Thank you!

I have all these strange entries in my HIPS log, and I have never seen these before until recently. I'm using Smart Mode, and I have not created any custom rules. I also have never received any prompts from the HIPS despite having all these entries in the log file. Should the HIPS be silently blocking all these events? Is this something I should be concerned about? I copied a few of them below. I attached the rest of the log with this post. The forum software said there were too many to paste them all below. I'm using Windows 7X64 Ultimate SP1. C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application 4/17/2015 4:24:46 PM C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:16 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:15 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:15 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:15 PM C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Modify state of another application 4/17/2015 4:23:15 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:12 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:12 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:12 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:23:11 PM C:\Windows\System32\svchost.exe Get access to another application C:\Windows\System32\winlogon.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application 4/17/2015 4:23:11 PM C:\Windows\System32\svchost.exe Get access to another application C:\Windows\System32\winlogon.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application 4/17/2015 4:23:11 PM C:\Windows\System32\svchost.exe Get access to another application C:\Windows\System32\winlogon.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:19 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:18 PM C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Modify state of another application 4/17/2015 4:20:17 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:14 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application 4/17/2015 4:20:13 PM C:\Windows\System32\csrss.exe Get access to another application C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application HIPS Log.txt

If I want to enable logging for a specific application, and only log blocked packets then is that possible? I only saw the option to log allowed, and blocked packets.

Thank you! I was hoping detected attacks would be logged. I used the trouble shooting log before, and it logs everything. It's really only good for trouble shooting to me. If I had an allow rule for an application, and the application still could not access the internet then I would turn that on if the logging for the application did not show anything blocking it. Edited 4/17 @6:41

Regardless of my router I would still like to get an answer for my last question. It is good to know if any preset rules allowing these services come by default that will allow these services in automatic mode.

I would never use Internet without at least using a router with NAT.

Are there any preset rules created by Eset which come by default that would allow any of the allowed services in automatic mode? I'm just wanting to make sure no such rules come with ESS by default. If i'm understanding you correctly then the user would have to create a filter rule in all cases to allow any of the allowed services in automatic mode.

Your first response to my question was, "ESET firewall doesn't prompt the user unless interactive mode is used or a rule asking for an action is applied." It sounded to me like you was saying that automatic mode would allow any of the enabled services in Eset's firewall without prompting the user. I still currently have no use for almost all of those services so I will leave them disabled on my machine. Also, allow incoming connections to admin shares in SMB protocol does not say it is in the trusted zone. Is this service referring to any remote connection?

I strongly disagree. There are known attack vectors for SMB protocol. Do a google search, and you will find multiple articles about SMB flaws/vulnerabilities that were published in the past 2 days. Also why on earth would a home user need to allow remote registry service? Allowing all those services without prompting the user creates a much larger attack surface. Eset should never allow all those services without prompting the user, and that is exactly what they are doing since interactive mode is not ESS's default settings. Are you saying that ESS firewall will prompt the user in interactive mode if someone attempts to access their machine using the remote registry service if that service is enabled in ESS firewall?

If something triggers Eset's intrusion Detection does Eset log it in the firewall log by default? I don't see any option to enable logging for Intrusion Detection which is listed in the IDS Advanced Settings.

Does Eset prompt the user if someone attempts to access their computer using one of the allowed services in the IDS, and advanced settings if the service is configured to allow? So if the service is configured to allow in the IDS, and advanced settings will it allow the service without prompting the user? They were all ticked by default, but I unticked almost all of them after discovering them. I think very few home users would need hardly any of them.

I just ran into the exact same problem the starter of this thread did with ESS 8 on Windows 7X64. I had just switched my Network type from Home Network to Public Network hoping it would increase my security even though I'm on a Home Network. It caused the exact same problem with the exact same entries in Eset's Log that is described in the first post of this thread. I lost complete internet connectivity. I thought I would mention that here in case it helped others that may run into the same problem. Switching the Network type back to Home Network fixed the problem. ESS will not allow my router because it is not in the trusted zone. I wonder why private network mode will work at a place like a coffee shop, and not at home. It would have to allow connections from there rounter, or internet would fail there as well. Can anyone answer this question?