Jump to content

Enrico

Members
  • Content Count

    27
  • Joined

  • Last visited

Profile Information

  • Gender
    Male
  • Location
    Italy
  1. Disable "Preload pages for faster browsing and searching" and see if it happens again. (in order to reduce attack surface never use prefetch/predict browser features) It seems to me that Google Safebrowsing (aka censorship) is failing again to detect malicious websites.
  2. First suggestion is to use GPO ( https://github.com/mozilla/policy-templates/releases ) or Enterprise Policy Generator add-on by Sören Hentzschel for manage security settings (so Mozz can't override user preferences), the second is to use ESR releases to avoid this kind of issues. Try disable/re-enable the preference "Add the root certificate to known browsers" under "web and mail"-"ssl-tls" and check if Eset cert has been added to the browser. (just tested with ESR and it works) Check also for "security.certerrors.mitm.auto_enable_enterprise_roots" (true) https://support.mozilla.org/en-US
  3. @Marcos: did you had some time to analyze the logs? At the moment I'm using process exclusions in order to reduce complex apps/programs startup time, but it's not the most secure thing to do, also I suspect that all the 0xc0000005 CTD's I've had on both W7 and W10 are due to process scanning.
  4. @Marcos: you have a PM. I've uploaded W10 logs with/without protection enabled, let me know if you need W7 logs. @itman: what I can tell you is that it's a really complex SW written in C++, it uses Sentinel HASP for licensing and Apache FOP for documentation, it constantly write to disk and with the latest version I see a lot of Buffer Overflow in file activity entries (procmon).
  5. Smart optimization is enabled on both W7 and W10 machines, no threatsense options have been modified and folders containing relative executables and files are set in "performance exclusions". But this does not explain why with protection paused I have to add an exeption in real-time scanning and why under W10 1909 (Ryzen 7 3800X, 32GB, NVMe) real-time scanning cause program startup to become three times slower than on W7 (i7-6700, 16GB, RAID 0 7.2k RPM).
  6. It's a program related issue, not system startup (boot time). The process added to exclusions in "real-time file system protection" is "C:\Program Files\Tebis_AG\Tebis V4.0 R8\program\tebis.exe". Usually when I encounter slow program loading first I scan for malware then pause protection to exclude Eset detection engine from the possible causes, but even if the popup says that real-time protection will be deactivated this time I needed to add the executable to exclusions in order to totally exclude Eset process scanning. The strange thing is that this behaviour doesn't ha
  7. I've installed the latest version of my professional SW in both W7 and W10, but under W10 I've had long startup times (old version 6.5sec, new version 17sec) while under W7 they were almost the same (old 8sec, new 7.5sec), then under W10 I've paused protection to exclude Eset from the possible causes of the long startup, but startup times remained unchanged, clean-reinstalled the SW and nothing changed, so I've added a new process exclusion entry in real-time file sys protection and bam... New version started in 4.5sec! Is it possible that under W10 the "pause protection" doesn't disable som
  8. As anticipated in another topic EIS is stealing focus from active applications when updating database or starting scheduled scans, this behaviour is back with versions 13.0.22.0 and 12.2.30.0 (see this old topic with similar issue https://forum.eset.com/topic/19194-eset-keeps-stealing-focus-from-firefox/?tab=comments#comment-93512 ). Best regards.
  9. Here they come. Win 10 Audit Failure events started after 12.2.30 was installed, they're still happening with the latest version. Note: during boot and shutdown the access point is kept offline. Also the "stealing focus" problem was back with 12.2.30 (had no time to check if persist in 13.0, eventually I will open a new topic). sec_log.zip Bootlog-2.zip Bootlog-1.zip Bootlog.zip eis_logs.zip
  10. I have the same log entries, but no malware was found, ESET events log show a "Registration to windows center was not succesful" created at the same time (boot), suggestions? Best regards.
  11. @ Pete : you can rename rules and change column size. I think that EIS firewall UI is perfect as it is, clear, simple and fast. Add sorting by name and date can cause only confusion and problems when using the arrows for assign priority, which is essential to allow/block only some domains for an application or a set of applications.
  12. @ Pete12 : Lets hope MS will be very carefull with next updates in the future! Other AV's are having similar issues caused by W10 WSC (monthly change for the sake of change helps none).
  13. Problem solved: went to KB2885 and downloaded 12.2.29.0 Best regards.
  14. legacy_eis_nt64 installer don't ask for installation language as per KB3552 hxxp://support.eset.com/kb3552/?viewlocale=en_US , once run the installer uses sys locale, there's a way to force english language?
  15. That rules were set with the only purpose of identify the "offender", they were not present before finding "4.4.8.8" in tcplogview, now I'm back to the previous configuration "block untrusted IP ranges"->"ESET default rules"->"custom rules". Anyway, custom rules with the wrong priority still were uncapable of explaining the presence of 8.8.8.8 and 4.4.8.8 in the logs. In the last 24 hours the logs had no presence of strange DNS queries, so probably I will never be able to identify what happened last month... (yesterday) ...Until this morning! I left the pc unattended for some time,
×
×
  • Create New...