Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by Patch

  1. On 2/16/2020 at 5:00 AM, tommy456 said:

    I restored mine by  using the about:profiles and then selecting my older profile  that was in use prior to downgrading , and then reverting to 73 again, 

    Doesn't work for me.

    I can readily restore my normal profile and that works fine but ESET appears to create another shadow profile which it uses for secure banking, indexed from the normal profile.  Without updating restoring that to the pre Firefox upgrade version, Firefox objects each time I run secure banking and insists on creating a new profile

    Firefox error.jpg

  2. Same with Firefox 73.0 and ESET Internet security

    Downgraded Firefox to 72.0.2 64b

    Firefox detects downgrade and forces creation on a new profile, (loosing all my bookmarks)

    Restored from backup



    Which mostly fixed the normal version of Firefox but not the profile for ESET Banking protection. Where is that stored?

  3. 17 hours ago, Arakasi said:

    As a work around, you could try launching command prompt as administrator, then running the msi using the elevated CMD, if that is your goal to launch the msi as admin.

    I'm upgrading a Windows sever 2012 64-bit Essentials (6.2.9200)  domain controller virtual machine from a full installation of ESET file server v6.5.12007 -> v6.5.12017

    Enabling program upgrades doesn't work as it reports v6.5.12007 is current.

    Running efsw_nt64_ENU.msi from the graphical user interface when logged on as a domain administrator doesn't work with this version due to the problem described above.

    Logging in as a domain administrator, opening a command prompt as an administrator, cd to the directory with the program update, and running msiexec appears to  work, however I'm unsure what are the recommended parameters for this command. The following command appears to not uninstall the old version first, instead giving prompts expected for a first install.

    msiexec /qf /i efsw_nt64_ENU.msi


    Just typing the file name at the command prompt works ie


    Which in hind sight this is probably the same as

    msiexec  /i efsw_nt64_ENU.msi
    On 8/5/2018 at 1:40 AM, Marcos said:

    Did you right-click the msi installer and select Run as administrator?

    That requires a registry hack

    However elevation to administrator should normally happen automatically with msi files, and it worked in the past. Not sure if it isn't now due to a change in this installation file or my server

  4. 12 hours ago, StanleyES said:

    ... the 1st number typed would be correct then the 2nd number would appear as "." and from that point on the number appearing on screen was the previous key pressed ... What's the story with this issue as it appears to be occurring more often? Why is it happening? Is there a proper fix coming ...

    Same here on some computers running windows 7 professional 64 bit and ESET Smart security 9.0.402.0

    I suppose it comes down to: how long is ESET software maintenance for each software version?

  5. After further testing, it seams zones with IP addresses outside of the local network maybe the problem. ESET created local zones appear to function as expected. I didn't have any user created local zones so I haven't tested that functionality.


    The ESET setting migration code also converts IP ranges to subnets eg is converted to (or something similar, I forget the exact notation). Unfortunately the converted notation results in a non functional rule. Fortunately they can be edited back to the original notation which does work as expected.

  6. I recently upgraded several computers from ESET Smart Security v8 to v9. I use the firewall in interactive mode and have developed a reasonable number of specific rules so rather than a clean install and manual recreation of all the rules, I installed the newer version over the older, thus achieving migration of my v8 setting to v9 (as otherwise v8 configuration files are not compatible with v9). The procedure went well mostly. The problems I had were:


    1) Firewall rules which use manually created zones in v8 are not functional or editable in v9. They are displayed in

    ESET SS v9 -> Setup -> Network protection -> Personal firewall -> Configure -> Rules edit

    Rule information appears correct except the zone label is not displayed.

    But if one of these rules is selected on this screen and the "Edit" button clicked, a blank pop up windows frame is displayed.

    The rule also does not function despite being displayed.

    I believe this is a program bug in the v8 to v9 settings migration code.


    2) ESET Smart Security v9 enables adding new rules manually but does not have an add similar rule or duplicate rule which v8 supported (a useful feature in my opinion).


    3) ESET Smart Security v9 explicitly shows firewall rule evaluation order, a feature I like. It enables promoting or demoting a rule by one place or to the end of table. Multiple rules can be selected but not moved as a group, which would be a useful enhancement.


    4) Column widths can be changed and need to be to see the typical rule name and Application path, but aren't saved. Another potential useful enhancement.


    5) I would also like to group rules together which apply to the same application. I'm not sure the best way to achieve this, perhaps add a button or pop up menu to "Group Application's rules". They can manually be grouped at the moment but program support would be a nice enhancement.


    Hello everyone, like many of you I recently installed the Windows 10 system and it is then that I learned that there were a number of privacy concerns for users.



    The issue is actually Windows 10 licence has some significant restriction

    • Updates received without notice (Term 6)
    • Diagnostic and usage data. Cannot be disabled (Group policy 0 setting ignored except on Enterprise versions)
    • Disabling Windows 10 "Features" is also against the licence you agreement.

    Together with their privacy policy


    we may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary


    The Windows 10 licence also has some significant restriction for small business and Unix / Mac sites

    • Cannot install software on a device for use only by remote users (Term 2. c. (v))
    • Can only remotely access from device running same or higher versions of windows (or one other user every 90 days) (Term 2. d. (v))

    Your attempt to stop windows calling home is actually not allowed according to Microsoft's Windows 10 licence. In addition they are under no compulsion to honour software "Privacy" options you select during installation.


    So while windows 10 code has some useful feature, the commercial arrangement results in it being an inferior product.

    There may well be a profit to be made stock piling licences for older versions of windows.

  8. I think you will need to provide more information to have any chance of a specific reply.


    What is the IP address / device from which the ARP cache attack comes? Is it always your router? What router do you use?

    Are you getting ARP attacks from another PC? Is that PC running AV software? How long have the attacks been occurring?

    What's your network topography, about how many and what sort of devices are connected, what software (OS and AV) is used thoughout?


    Or to answer your question in another way, ESET is designed to protect you from and report possible malware attacks however false positives can occur. Not easy to say what is causing your notification with the available information

  9. Interestingly ESET rated behind Norton, Avast! and Trend despite being less compromised and having a lower false positive rate. The reason for this is blocking a web site was rated above detection of malicious code and neutralising it. I'm not sure I agree with this rating philosophy.


    Kaspersky did however perform well on the test set used.

  10. The forum software defaults to quoting a selected post and all of the included post quotes.

    When selective deleting unnecessary text, it is easy to break the message structure (very annoying before I found the message undo vs browser go back).

    The combined effect is to encourages large quotes.


    Modifying the forum software quoting, so only the new text is included by default would minimise large quotes. For cases where the earlier quoted text is actually needed, users could still use the multi quote function.


    @edit: maybe create a fresh windows, custom rule all the request of those files (that fresh windows will be without malware) and then we know how those files communicate?

    If you really want this rules why don't make it yourself? Make it like you said, create a fresh VM, install a fresh copy of windows (and do not install any "integration components" or something like this), install ESS, do not install any other software at all and then you can create all the rules while using the VM.


    Before creating the rules I would suggest you to export the configuration, so you can compare it to the configuration later.


    After this you can export the configuration and compare the configuration files, so that you can "extract" only the created rules. Here is how you can do this: https://forum.eset.com/topic/3512-eset-passive-quiet-install-to-include-pua-detection/?p=20461

    Okay if you don't want to do the last step you can also send me the XML files and I do this for you.


    Then you finally will have a configuration file which everyone can import who wants to have the pre-defined system rules you talk about here.

    Okay there would be one exception: The users would have to use exact the same OS (e.g. Windows 8.1 Pro, 64bit) otherwise there could be rules which are not needed or some rules are missing.

    ESS has the capability to import/add to a users current configuration. Multiple configuration XML files can be sequentially added to build up a desired configuration.

    Creating and sharing firewall configurations for standard applications is an interesting concept.

    By grouping sets of rules for a particular functions we may achieve an efficient way to customise the firewall configuration.

    Using/editing the rule names so their source is readily identifiable would further facilitate subsequent customisation/selective deletion.

    As well as OS firewall configuration, the same concept could be applied to application suites.


    Sharing configurations would also facilitate discussion on configuration options and their merits.

    The difficulty in sharing firewall rules is application path varies (drive letter, 32 vs 64 bit etc.). We may need multiple versions of configurations. Alternatively search and replacing the application path in a word processor prior to using the configuration snippet maybe optimal if a different installation directory is used.

  12. I ask for pre-defined rules for system files (that every user has on his system). And pre-defines rules mean that what ever setup you use (automatic or interactive), you will never have to care about those files because the best rules already exist for them. The same already happend for svchot, winlogon and a few others.


    If ESET add a predefined rule it must be broad enough to cover the requirements for all users. It also announces to malware writers that all ESET installation are open to communication along that path.


    If all users need to create such a rule then it is sensible for ESET to add it to their predefined rules, as doing so simplifies set up with no change in the resultant firewall users actually use.


    If many users will not use or need communication along a particular path, or they will only use a subset of a general rule, then users wanting a tight firewall are are best served by not having unnecessary broad predefined rules. The learning mode can then be used to create the specific rules each individual actually needs.


    For most users, who want ease of use and a strong AV suite of defences, the default automatic mode is appropriate.


    So in summary, if ALL users actually need the SAME rule then I agree it should be added to the predefined set. If not, then I would prefer to build my own rule.

    I hope this clarifies the contention.

  13. Who cares :) HIPS, Advanced memory scanner (AMS) or Exploit blocker (EB) are not behavior monitors that would spring into action when a suspicious behavior is detected. Unless the code in memory is indeed malicious and resembles known malware, it will be detected and suspended by AMS which cannot be the case of a simulator. Likewise EB is triggered when malware attempts to exploit a known vulnerability which is again not the case of the simulator used in this case.


    They do state that they have actually set up a malicious network and record fails when they can get a password from the system under test to their servers. An impressive test setup, and to fail it I would care.


    I may have missinterpreted their description though, as you are implying that test protocol did not apply to the API testing, perhaps only applying to the Botnet test.

  14. I think there SHOULD BE default rules for all this system files.Users worry about them, so give them default rules?


    Right now I am also asked about WSHost.exe.. but I don't even use the windows store. So why would it need an internet connection or send data to microsoft? 

    If you are confident your system is clean you can stop worrying and create rules for all communication which occures with normal activity.

    ESS will conveniently tell you when each application tries to call out and if you can see no reason how the communication will help you, then block it.


    As for why does Microsoft store call home when you do not intend to use it, the answer is no doubt it helps Microsoft. Either it simplfies their code by not worrying about network traffic for non paying customers, or potentially increases their sales by data mining. Microsoft are trying to move all their software to an online rental model. No doubt they do not like customers using their software for an extended period without paying more.


    Either way your decision process it the same. ESS alerts you to the activity:-

    • allow it, if it is OK (system clean and comfortable with that company having free access)
    • block it, if you can't see how that communication helps you (you can always change it later if it breaks something)
    • investigate what is being sent and why if you are curious

    Worrying about it is not a recommended option. Having everything allowed also does not make any sense as an option. If that is what you want use the automatic or learning modes.


    Those are original windows files, they are on the system out of the box and there for need configuration out of the box. So if you ask me, it is necessary for them to have pre-defined rules. I am not talking about rules for office or firefox or whatever. Simply what is running in the backround of every windows user out of the box and tries to open connections / communicates with other.

    I beleive the communication these processes use varies with system configuration. How much is actually needed depends on what you are doing. Interactive mode encouges each user to make their system as tight or as loose as they want. However for users who want an easy setup, which allows normal traffic, and is reasonably safe, then automatic or learning modes are more appropriate

  15. Still I get asked about an UDP 161 connection to (which is a local adress and within my home network = trusted zone) ?


    Any suggestions?


    I also find "Trusted Zone" doesn't work that reliably.

    I guess the problem is it is defined dynamically so may not be set up properly when it is initially used. As my computers are mostly on a network with a static IP range, adding this range appears to fix it for me.

  • Create New...