Jump to content

TzonZ

Members
  • Posts

    6
  • Joined

  • Last visited

About TzonZ

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Greece
  1. Hi Marcos Yes, I did get this email. I get quite a few similar phishing emails. I didn't know though that the detection of a phishing email looked like this, so I thought it was a file of the application itself being detected. Thank you, John
  2. Hello, About once a month for the last 3 months I get a detection that seems to me as a false positive, since I cannot explain in any other way how it happens. It occurs either during system scan or when opening the Windows Mail app in Windows 10. The log file from one of this cases is shown bellow. What should I do about it? How can I submit the suspicious file for further analysis? Thank you, John <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">13/6/2018 5:33:46 μμ</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\johnz\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\LoginEmail[4690].pdf</COLUMN> <COLUMN NAME="Threat">PDF/Phishing.A.Gen trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">JOHN-TURBOX\johnz</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe (2BB0982898E59FE501C7EF2D85872FF2EFC16F2D).</COLUMN> <COLUMN NAME="Hash">2E70DF5E3D428D710C13738F494E32159E4C53F6</COLUMN> <COLUMN NAME="First seen here">13/6/2018 5:33:30 μμ</COLUMN> </RECORD> </LOG> </ESET>
  3. Description: Firewall Outbound ProtectionDetail: I think it would be better if ESET scanned by default in "automatic" mode the outbound traffic as well, and create rules based on the application's credibility. The default "allow all outbound" is what Windows offers already. "Interactive" mode can serve that purpose but it creates dozens of popups and, same as "learning" mode, does not provide the user the necessary information to make the decision. Rules should be created either Automatically (both inbound and outbound) based on application reputation / trustworthiness, or manually with "interactive" mode. "Learning" mode also reduces security. Outbound filtering can be the last defense resort against a security threat that has not been detected by AV and tries to call-home.
  4. To continue this post here https://forum.eset.com/topic/12117-ess-advance-settings/ I am also confused about the numbers next to advanced settings. Even when reverting to all default, there are numbers next to Antivirus > HIPS > Advanced Setup > Drivers always load... and Tools > Email Notifications > Message format. Furthermore, enabling or disabling detection of Potentially Unwanted Applications does nothing, while Potentially Unsafe Applications adds or subtracts a number. Then, if HIPS is under Antivirus and there are changes in HIPS and other subcategories, shouldn't ANTIVIRUS display a greater number than one? Also, under Web & Email > Email Client Protection > Disable checking about inbox content change, enabling this option adds a 4 while disabling it keeps a 3 (removes one). Finally, the blue mark left of each category (which is displayed when settings are modified under the category) causes confusion in terms of which is the currently selected (expanded) category, as it pops to the eye more than the bold letters.
  5. Hello again, 1. All I am saying is that the specific green pie chart will always remain green, because the number of infected files on any system is going to be extremely smaller than the legit files. At least that's what I understand. I don't know if it is possible on a system to have, lets say, 10% of the total files malware - unless done on purpose. 3. Did not know that 5. System Cleaner must be very useful but it doesn't sound like it is meant to "be run when instructed so by ESET staff". I still believe it should be more informative on the settings it has found to be altered. Update: I just found out that it separately informs you about "system restore" with a red (!) mark. 7. Ok, I understand. Another thing I want to know about the firewall is where can I find rules created in "Automatic mode"? I don't want to switch to "interactive" and have dozens of popups, but I want to be able to review what is allowed and what not and modify on those rules. BR, John
  6. Hello, I was an ESET user a long time ago and recently I bought again a new multi-device license from ESET. I really like the product, its cleanness, simplicity and very low impact on system resources, however I have made a small list of things that I think should be improved: 1) Statistics: What is the purpose of the pie chart in statistics? Even in the most heavily infected systems, the percentage of infected (from the total of files) would still be a very small fraction, un-viewable on a pie chart. The only pie charts that would serve a purpose would be compering only infected files in categories (eg. 50% worms, 50% trojans), or results (eg. 33% cleaned, 33% deleted, 33% quarantined). 2) Scans: There is one general "scan" and then the "advanced" but it is not clear what the general computer scan does. Is it in-depth or a smart-scan? It would be better if there were a few more available default options, such as "quick scan" that scans the most commonly infected areas, "normal scan" that performs a full smart scan, and "deep scan" that performs a full in-depth scan. 3) Scheduler: a) There is an "update after dial-up connection" task. We are entering 2018 in a few days, who is still using a dial-up connection? b) There is no scheduled virus scan by default, although ESET recommends it. Why is so? Does ESET Security perform scheduled scans that are hardcoded in the product but do not appear in the scheduler? 4) Running processes: It would be nice if the user could add his own rating to some files. 5) System Cleaner: It detects altered settings but does not provide details on its detections. I have 6 settings changed from default in "system settings" category, but I don't know exactly which and I don't want to revert to default (or "clean") because it might be something I wanted to stay this way. For example, is "system restore" such a setting? I want it intentionally turned off because it takes upo space, it slows down the system occasionally and it hasn't worked in the past when I actually needed it. 6) Update-show all modules: Modules that are not active in NOD32 should not appear there, or they should be marked as disabled for the user's accurate information. 7) Firewall: I have read (and partially confirmed with a leak test) that ESET's firewall does not scan outbound traffic. Then what is the extra layer of protection that is provides to the user? Interactive mode, on the other hand, creates too many alerts and requires every time an extra UAC confirmation. A good idea would be (other vendors do that already) if ESET would use Window's own firewall and managed/protected its settings and enabled the outbound protection creating rules based on the reputation of each application. Thanks, John
×
×
  • Create New...