stackz
-
Posts
408 -
Joined
-
Last visited
-
Days Won
19
Posts posted by stackz
-
-
-
blocking the read attribute of those files will prevent even the most critical functions of Windows OS
This is about being able to block selected applications reading data from folders that I select.
i.e. being able to prevent batch file, js, vbs execution from typical malware user space folders.
-
In HIPS File Operations - the ability to Block file read for specific applications like cmd.exe, rundll32.exe, regsvr32.exe etc
-
Windows 7 64 Bit, and the Internet Protection Modue I have is 1238 dated 11-24-2015.
OK, so you're on Pre-release updates.
If you decide to revert to Regular update, you'll have Internet protection module: 1226.2 (20151127) which seems stable and works fine.
-
What operating system are you using and which version of the Internet Protection module do you have (right click EAV's tray icon and select About)?
Is it only Firefox that has the problem with SSL?
-
Where did you enable the prerelease updates for ESET ? I don't see that setting.
Go into Advanced setup -> Update -> Basic and toggle the Update type.
-
Does it now work with 1226.2 and switching to pre-release updates re-introduces the issue?
Yes, 1226.2 works just fine.
Updating to 1238 reintroduced the SSL problems.
- Reboot, run browser - SSL problems. Toggle SSL settings - still SSL problems.
- Reboot, Toggle SSL settings, run browsers - SSL working fine.
Finally reverted back to 1226.2 and SSL is still fully functional.
-
Well that was short lived. lol
Boot up this morning and SSL scanning is fubarred even on pre-release updates.Reverted to regular update channel, but still not functioning.
Attached is requested pcap logs.
-
I switched to pre-release updates and SSL scanning is working fine.
Virus signature database: 12628P (20151126)
Rapid Response module: 7079 (20151126)
Update module: 1060 (20150617)
Antivirus and antispyware scanner module: 1474 (20151111)
Advanced heuristics module: 1162 (20150923)
Archive support module: 1240 (20151109)
Cleaner module: 1116 (20151113)
Anti-Stealth support module: 1091 (20151117)
Personal firewall module: 1292 (20151111)
ESET SysInspector module: 1257 (20151113)
Real-time file system protection module: 1011 (20151112)
Translation support module: 1429 (20151119)
HIPS support module: 1206 (20151117)
Internet protection module: 1238 (20151124)
Web content filter module: 1046 (20150925)
Advanced antispam module: 2846P (20151126)
Database module: 1072 (20150831)
Configuration module (33): 1213B.8 (20151124)
LiveGrid communication module: 1020 (20150807)
Specialized cleaner module: 1010 (20141118)
Banking & payment protection module: 1055 (20151117)
-
Windows 7x64 Pro
Modules:
Virus signature database: 12627 (20151126)
Rapid Response module: 7077 (20151126)
Update module: 1060 (20150617)
Antivirus and antispyware scanner module: 1474 (20151111)
Advanced heuristics module: 1162 (20150923)
Archive support module: 1239 (20150929)
Cleaner module: 1114 (20151004)
Anti-Stealth support module: 1091 (20151117)
Personal firewall module: 1289 (20151019)
ESET SysInspector module: 1254 (20150924)
Real-time file system protection module: 1010 (20150806)
Translation support module: 1411.3 (20151009)
HIPS support module: 1206 (20151117)
Internet protection module: 1236 (20151116)
Web content filter module: 1046 (20150925)
Advanced antispam module: 2845 (20151126)
Database module: 1072 (20150831)
Configuration module (33): 1191B.3 (20151009)
LiveGrid communication module: 1020 (20150807)
Specialized cleaner module: 1010 (20141118)
Banking & payment protection module: 1055 (20151117)
ESS updated Internet protection module to 1236 and ever since then I cannot connect with SSL scanning enabled to any https URL (including this forum). At present I've had to disable SSL scanning for all browsers and Windows Live Mail.
Scanning was fine with the previous module, IIRC v1226.1
-
Just click on ändern, follow the prompts and you'll have the option to repair or uninstall.
There should also be an uninstall entry in the start menu.
-
Why are you disabling the Windows Firewall service?
Even if you aren't using Windows firewall, the service needs to be enabled and running.
-
If you have 'Allow modification of signed (trusted) applications' checked, then you won't receive any notification provided that the application can be verified.
-
Open Command Prompt and enter:
"The full\Path to ecls\ecls.exe" --help
e.g "C:\Program Files\ESET\ESET Smart Security\ecls.exe" --help
That will give you the list of switches to use, which I've copied below.
ESET Security on-demand scanner Usage: ecls [OPTIONS..] FILES.. Options: /base-dir=FOLDER load modules from FOLDER /quar-dir=FOLDER quarantine FOLDER /exclude=MASK exclude files matching MASK from scanning /subdir scan subfolders (default) /no-subdir do not scan subfolders /max-subdir-level=LEVEL maximum sub-level of folders within folders to scan /symlink follow symbolic links (default) /no-symlink skip symbolic links /ads scan ADS (default) /no-ads do not scan ADS /log-file=FILE log output to FILE /log-rewrite overwrite output file (default - append) /log-console log output to console (default) /no-log-console do not log output to console /log-all also log clean files /no-log-all do not log clean files (default) /aind show activity indicator /auto scan and automatically clean all local disks Scanner options: /files scan files (default) /no-files do not scan files /memory scan memory. /boots scan boot sectors /no-boots do not scan boot sectors (default) /arch scan archives (default) /no-arch do not scan archives /max-obj-size=SIZE only scan files smaller than SIZE megabytes (default 0 = unlimited) /max-arch-level=LEVEL maximum sub-level of archives within archives (nested archives) to scan /scan-timeout=LIMIT scan archives for LIMIT seconds at maximum /max-arch-size=SIZE only scan the files in an archive if they are smaller than SIZE (default 0 = unlimited) /max-sfx-size=SIZE only scan the files in a self-extracting archive if they are smaller than SIZE megabytes (default 0 = unlimited) /mail scan email files (default) /no-mail do not scan email files /mailbox scan mailboxes /no-mailbox do not scan mailboxes (default) /sfx scan self-extracting archives (default) /no-sfx do not scan self-extracting archives /rtp scan runtime packers (default) /no-rtp do not scan runtime packers /unsafe scan for potentially unsafe applications /no-unsafe do not scan for potentially unsafe applications (default) /unwanted scan for potentially unwanted applications /no-unwanted do not scan for potentially unwanted applications (default) /suspicious scan for suspicious applications (default) /no-suspicious do not scan for suspicious applications /heur enable heuristics (default) /no-heur disable heuristics /adv-heur enable Advanced heuristics (default) /no-adv-heur disable Advanced heuristics /ext=EXTENSIONS scan only EXTENSIONS delimited by colon /ext-exclude=EXTENSIONS exclude EXTENSIONS delimited by colon from scanning /clean-mode=MODE use cleaning MODE for infected objects. Available options: none, standard (default), strict, rigorous, delete /quarantine copy infected files (if cleaned) to Quarantine (supplements ACTION) /no-quarantine do not copy infected files to Quarantine General options: /help show help and quit /version show version information and quit /preserve-time preserve last access timestamp Exit codes: 0 no threat found 1 threat found and cleaned 10 some files could not be scanned (may be threats) 50 threat found 100 error
-
xxJackxx was referring to ESET's pre-release updates:
-
Try adding ing.ingdirect.es/login to the Protected websites. When you try to login, it should open in a protected browser.
-
There's really nothing listed in CCEnhancer's winapp2.ini that ESS and EAV don't already take care of. If you ever need to clear the update cache, you're better off doing it via ESET's GUI.
Personally, I'd not use CCleaner with the custom winapp2.ini to clean anything related to ESET.
-
1) I have the problem both with v8 and v9. Why should I downgrade to v8?
If you're having the issue with v8, don't worry about downgrading.
2) In your link it is described a system called "Microsoft App-V (SoftGrid) virtual environment". I don't know what it is. What should I do?Ignore all the directions regarding App-V
Re 3: Launch Process Monitor as adminstrator and 'Enable Advanced Output' as described in the microsoft link. Let Process Monitor capture every process. Start the capture when Photoshop hangs and stop the capture when Photoshop becomes responsive.
Go to File ->Save and save the log. Zip the log, then follow the rest of Marcos' directions.
-
I assume you have posted this in a vain attempt to insult people who are having problems with Version 9.
Most definitely not.
-
Judging by the number of posts on here it would seem that E-Set made a big mistake bringing out version 9,
just glad we can role back to version 8 that works with no probs.
The majority of posts in the forum is always going be people who are having problems. Flooding the forum with posts from people who don't experience any problem would be somewhat ridiculous.
-
Are the Date and Time set correctly according to the PC clock?
-
I can reproduce this by going into Internet Options and enabling
- Use SSL 3.0
and disabling
- Use TLS 1.0
- Use TLS 1.1
- Use TLS 1.2
The correct settings should be enabling all the TLS entries and disabling SSL 2.0 and SSL 3.0 as depicted.
-
Do you get the error for all of your email accounts?
I had a similar error a few weeks back but it only occurred with my outlook.com email address. After logging with Process Monitor and Wireshark it seemed that the problem was with the server. I've not had a recurrence since the following morning.
-
If you go into Advanced Setup -> Web and Email
Do you still get the error if you temporarily do either of the below instructions?
(If the first one works, don't worry about trying the second.)- Expand SSL/TLS and temporarily disable SSL/TLS protocol filtering.
- Expand Protocol Filtering and disable application protocol content filtering.
Eset Smart Security 8.0.319.0 causes downloads to fail
in ESET Internet Security & ESET Smart Security Premium
Posted
The same thing happens with 9.0.349, you click ignore and the download fails.