[Eset blocking vpn]

1 hour ago, SlashRose said:

Eset has never recognized a VPN connection with me, no matter what VPN software.

 

Have you tried complete uninstall/reinstall Eset (with uninstall tool)? Sometimes that helps.

I am using another vpn & that works most of the time, so I thought maybe Eset is not the problem. The only thing that was suspicious to me, was the three blockings (first post) immediately after hotspotshield run.

Also check that you have tap-windows adapter v9 in your device manager, since many VPNs use it to connect.

[Eset blocking vpn]

I would like to add here that after uninstalling Eset, I still have this vpn problem. So Eset "may not" be the cause of this problem.

Thanks

[Eset blocking vpn]

15 hours ago, itman said:

I went through all the troubleshooting listed here

Thanks alot itman, I went through step 9 & also afew steps more, but it seems a long story, since when executing "netsh int ip reset logfile.txt" got "failed to reset" message & have to go through that too. Meanwhile I want you to know that this problem goes & comes, maybe for 1-2 weeks I have this vpn problem & it solves itself & again. Regarding Upnp, I noticed that "Enable UPnP protocol" is unchecked in my router settings, & I remember that ISP suggested to disable it to increase security(?).

Thanks again

15 hours ago, itman said:

Note the above is not without security risk since the VPN connection is being treated as a local subnet trusted connection.

Since you say its risky, & also abit confusing for me, I decided not to go for it.

[Eset blocking vpn]

2 minutes ago, itman said:

What VPN are you using?

HotspotShield

[Eset blocking vpn]

4 minutes ago, itman said:

Does the VPN connection show there?

Yes, it's there.

[Eset blocking vpn]

4 minutes ago, itman said:

One possibility for blockage is the following.

I went to "Known Networks" and there was no entry for the vpn, neither eset asks me about it when I turn the vpn on. What is wrong here do you think?

[Eset blocking vpn]

 

9 minutes ago, Marcos said:

Does temporarily pausing the firewall allow you to connect via VPN?

Hi Marcos, I dont want to disable the firewall because I blocked 1-2 programs in the firewall, and dont want them to access the internet.

Are these blockings normally set by default in Eset, or they are uncommon?

[Eset blocking vpn]

2 minutes ago, itman said:

Anything you posted that is being blocked by the Eset firewall should not affect your VPN connectivity.

Hi itman, so why they appeared immediatley after turning vpn on?

[Eset blocking vpn]

Hi, after a long time having problems with my vpn connection, today I found out that Eset was blocking it all the time. I turned the vpn on then I went to troubleshooting wizard & saw 3 entries showed up there:

Nt Kernel & System (Block incoming NetBios request)

SSDP Discovery (svchost.exe) (Block incoming SSDP(UPNP) requests for svchost.exe)

DNS client (svchost.exe) (Block incoming multicast DNS requests)

Are these blockings set by default? I want to unblock them to allow my vpn, but not losing security. What should I do?

Thanks

[kms connection broker]

20 hours ago, itman said:

I would then uninstall KMSAuto

There is no uninstall for it, It should be done with virus scan (if it detects it).

Thanks

[kms connection broker]

Thank you.

[kms connection broker]

Is there a way to remove the local proxy server myself if it didn't remove it, or to check if it exists?

[kms connection broker]

Thanks itman,

Many years ago I purchased the brand new pc with windows 7 pre-installed, then upgraded to windows 10 (for free), so windows is original. The only thing I doubt is that l borrowed it to my friend for a week, & he might have installed something like Office on it, & must have been uninstalled after, because now there is no office on it.

I will scan it as you suggested, meanwhile I can disallow any suspicious request like kms connection broker in the firewall. Isn't it effective? or it's possible it can do its activity without my notice?

1 hour ago, itman said:

enable Eset potentially unwanted and unsafe application plus suspicious settings

Please let me know what is suspicious settings.

Thanks

[kms connection broker]

11 hours ago, itman said:

I also again ask if KMSpico: hxxp://www.kmsauto.info/kmspico or like hacktool is installed on your device. The behavior described is indicative that it is indeed installed.

Quote

I went to the adlice site and installed its RogueKiller scanner, it found afew things, including Hotspot Shield (really a virus?), babylon and a Autokms folder containing 2 ini and log files. What should I do now? I think Eset itslef didn't detect these because I disabled "potentially unwanted applications".

[kms connection broker]

No its not in that range.

I don't understand your 2 last lines completely, but maybe I can find it out by going to router's settings?

A few weeks ago I assigned a static ip address to one of my devices on my router network to control its bandwidth using.

All other devices I think are dynamic ip.

[kms connection broker]

None of the items in the list I got mentions ipv4, except last one which is my wifi ip address. The only address I see are physical addresses. What i did wrong?

[kms connection broker]

When I get this outbound request my vpn is off. It tells the reputation is ok & discovered 2 weeks ago. But does that mean it confirms 10.3.0.20 (remote computer) is ok too?

[kms connection broker]

Thanks itman, I don't think so, my windows 10 is original. Does existence of this process point out to crack software on system, or its request to connect to internet?

[kms connection broker]

Hi, 

Kms connection broker (which appears to be safe file) wants to connect with ip 10.3.0.20 (which is a private ip).

Generally I want to know if a legitimate program wants to connect to internet, should we check the site or ip it wants to connect to? Or since its legitimate program, we can trust it freely?

Thanks

 

[Scan Password Protected Files]

11 minutes ago, Marcos said:

Not without another malicious component that would extract file(s) from the archive using a valid password.

If all else on the pc is clean, so there should be no outside malicious component I assume?

15 minutes ago, Marcos said:

Maybe the archive was previously attached to an email and the password was listed in the email body.

No it wasn't an attachment. But I think you are correct and it was detected for some text in its file name or something similar, I don't know.

[Scan Password Protected Files]

This was also my question, anyway I ordered to remove it. My question is: If a antivirus can not see & detect inside a password protected file, if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm? As long as it exists but has no way to come out and be effective, we can let it be there.

[Scan Password Protected Files]

Sometimes I turn on Microsoft Defender for an on-demand scan, today it marked a password protected archive as infected with trojan. How it could see and scan its content?

Thanks for the link to command line scan.

[Scan Password Protected Files]

It seems that Internet Security can't scan password protected files (archives) when you do a on-demand scan. So what is the best way if you want to scan its content:

1) Extracting it to a folder on your hard disk. This is could be dangerous because if its content is infected, the virus can execute immediately. (Correct me if I am wrong)

2) Open it with Winrar and scan with a command there. For Eset, what command you should enter in Winrar?

Thanks

[Periodically Live Grid Error]

Its been 2 days that error hasn't happened. I'm eager to know, is Eset able to send specific update to a specific pc, or all Eset users receive all updates without any exception?

[Periodically Live Grid Error]

1 hour ago, Marcos said:

Advanced antispam logging should not generate huge logs.

Here is the file: (fortunately error happened just minutes after enabling logging)eis_logs.zip