Jump to content

Enrico

Members
  • Content Count

    41
  • Joined

  • Last visited

Everything posted by Enrico

  1. Akamaiedge is a CDN used by multiple websites and programs, blocking that global domain can cause issues, it's better to block only some of the subdomains used for analytics or tracking (like *g.akamaiedge.*). You can use Wireshark with the filter "dns" to log all the connection requests made by the app.
  2. @itman : if I create a new zone with some IP ranges (goog), then create a deny rule for Firefox, the firewall behaves correctly. So we have two options: something's wrong in the op rule or something was fixed with the last module update.
  3. That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ).
  4. Since the last modules update the target column is empty. Best regards.
  5. The same was happening on my Dell laptop and the two workstations upgraded to 20H2. I was unable to collect logs on the workstations since I immediately rolled back to 1909 (mainly for performance reasons) and permanently disabled win updates. I will do some more testing on the laptop next weekend.
  6. I know, but tell it to the bank (that was naggin' me with "install the app from gooogle play because it's more secure" blah blah), to the insurance or to the biggest ISP here, today their are facing serious issues because of this procrastination.
  7. Update: I've started having issues with FF on some websites, the solution was set "security.tls.version.min" to 1 .
  8. I can confirm that disabling filtering the cert goes away... In the 20H2 machine I've resolved with Eset reinstallation/reconfiguration, root certificates cleanup/rebuild and restoring some old firefox profiles, now everything seems ok, so probably it was a corruption or a misconfiguration due to November patches. In the 1909 machine a newer Eset certificate was installed and after reboot no browsing issues. Thanks
  9. After the last updates I started having the certificates issue with firefox https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/page/6/ On W10 20H2 FF 78.4.1 ESR has credential issues that lead to secure connection errors and data loss, Ungoogled Chromium seems not affected. On W10 1909 FF displays invalid cert on every website, the same with Ungoogled. Pref "security.enterprise_roots.enabled" is "true" and locked (by Eset or by group policy) I see no errors in browsers console. On the third PC with 20H2 and without Eset SSP I have no issues.
  10. BTW: because of professional needs I've had to disable firewall rules, hosts and reconfigure FF in order to purchase the renewal. Now EvilCorp is blocked again.
  11. Google reCaptcha is a data stealer tool https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side https://www.termsfeed.com/blog/privacy-policy-recaptcha/ . The ITA website is hosted on Google servers (first connection is made to 35.201.113.0/24).
  12. This "google is everywhere" thing is getting ridiculous, I cannot even open a support request because of goolag recaptcha. Somebody can help me finding a license renewal process that not involves giving personal data to google?
  13. UUID was removed from the link, that's why you see a blank page. You can visit this page https://eshop.eset.com/it/eset/renewal/ and see dns logs. Strangest thing is that I load the international page But clicking "renew" leads to eshop.eset.com/it/eset/renewal/ and relative connections to google servers. Another strange thing: different languages=different third parties involved in user tracking (some localizations like french and dutch are more privacy friendly). Funny that to purchase the license of a software that I use to protect me from Google (& frien
  14. Yesterday I've recived a license renewal e-mail from licenze'at'enjoy.eset.com (ITA), in the recipient there was a hyperlink (renew now) to https://enjoy.eset.com/pub/cc?_ri_= ...(tracking UUID)... , the link resolves to a Google server IP (109.113.201.35.bc.googleusercontent.com ). For privacy and security reasons I'm blocking all Google Ip ranges and domains, so no connection was made. My question is: why license renewal process must pass trough Google data gathering?
  15. Disable "Preload pages for faster browsing and searching" and see if it happens again. (in order to reduce attack surface never use prefetch/predict browser features) It seems to me that Google Safebrowsing (aka censorship) is failing again to detect malicious websites.
  16. First suggestion is to use GPO ( https://github.com/mozilla/policy-templates/releases ) or Enterprise Policy Generator add-on by Sören Hentzschel for manage security settings (so Mozz can't override user preferences), the second is to use ESR releases to avoid this kind of issues. Try disable/re-enable the preference "Add the root certificate to known browsers" under "web and mail"-"ssl-tls" and check if Eset cert has been added to the browser. (just tested with ESR and it works) Check also for "security.certerrors.mitm.auto_enable_enterprise_roots" (true) https://support.mozilla.org/en-US
  17. @Marcos: did you had some time to analyze the logs? At the moment I'm using process exclusions in order to reduce complex apps/programs startup time, but it's not the most secure thing to do, also I suspect that all the 0xc0000005 CTD's I've had on both W7 and W10 are due to process scanning.
  18. @Marcos: you have a PM. I've uploaded W10 logs with/without protection enabled, let me know if you need W7 logs. @itman: what I can tell you is that it's a really complex SW written in C++, it uses Sentinel HASP for licensing and Apache FOP for documentation, it constantly write to disk and with the latest version I see a lot of Buffer Overflow in file activity entries (procmon).
  19. Smart optimization is enabled on both W7 and W10 machines, no threatsense options have been modified and folders containing relative executables and files are set in "performance exclusions". But this does not explain why with protection paused I have to add an exeption in real-time scanning and why under W10 1909 (Ryzen 7 3800X, 32GB, NVMe) real-time scanning cause program startup to become three times slower than on W7 (i7-6700, 16GB, RAID 0 7.2k RPM).
  20. It's a program related issue, not system startup (boot time). The process added to exclusions in "real-time file system protection" is "C:\Program Files\Tebis_AG\Tebis V4.0 R8\program\tebis.exe". Usually when I encounter slow program loading first I scan for malware then pause protection to exclude Eset detection engine from the possible causes, but even if the popup says that real-time protection will be deactivated this time I needed to add the executable to exclusions in order to totally exclude Eset process scanning. The strange thing is that this behaviour doesn't ha
  21. I've installed the latest version of my professional SW in both W7 and W10, but under W10 I've had long startup times (old version 6.5sec, new version 17sec) while under W7 they were almost the same (old 8sec, new 7.5sec), then under W10 I've paused protection to exclude Eset from the possible causes of the long startup, but startup times remained unchanged, clean-reinstalled the SW and nothing changed, so I've added a new process exclusion entry in real-time file sys protection and bam... New version started in 4.5sec! Is it possible that under W10 the "pause protection" doesn't disable som
  22. As anticipated in another topic EIS is stealing focus from active applications when updating database or starting scheduled scans, this behaviour is back with versions 13.0.22.0 and 12.2.30.0 (see this old topic with similar issue https://forum.eset.com/topic/19194-eset-keeps-stealing-focus-from-firefox/?tab=comments#comment-93512 ). Best regards.
  23. Here they come. Win 10 Audit Failure events started after 12.2.30 was installed, they're still happening with the latest version. Note: during boot and shutdown the access point is kept offline. Also the "stealing focus" problem was back with 12.2.30 (had no time to check if persist in 13.0, eventually I will open a new topic). sec_log.zip Bootlog-2.zip Bootlog-1.zip Bootlog.zip eis_logs.zip
  24. I have the same log entries, but no malware was found, ESET events log show a "Registration to windows center was not succesful" created at the same time (boot), suggestions? Best regards.
  25. @ Pete : you can rename rules and change column size. I think that EIS firewall UI is perfect as it is, clear, simple and fast. Add sorting by name and date can cause only confusion and problems when using the arrows for assign priority, which is essential to allow/block only some domains for an application or a set of applications.
×
×
  • Create New...