JosephKing
Members-
Posts
22 -
Joined
-
Last visited
-
Was Smart Security Premium updated? I use the Interactive Firewall and every Rule is allowing ANY remote host. In the past, creating a rule from the pop-up added the process and destination host, but now every rule is allowing the process to any dest ip. How can I create a rule from the interactive firewall to the specific ip when I get a popup?
-
I'm trying to clarify in what ways anti-virus works on the network layer of the tcp/ip stack. Search engines didn't turn up too much info. How does AV work on layer 3? Is it just connection management? Does AV check ip blacklists? Is it primarily the presentation and application layer, including dns? Is there any diagram with the tcp/ip stack next to AV protections?
-
New_Style_xd reacted to a post in a topic: Does ESET Scan Browser Add-Ons?
-
Is there an article about it? I'd like to better understand it; alert, category, how its detected (in browser, on file system.) I'm interested to know how they're handled. I see MS Store packages in my ESET logs, I'm gonna scan the Chrome extension directory to get a better idea. Maybe there's a YT video demo w/ extension detections.
-
New_Style_xd reacted to a post in a topic: Does ESET Scan Browser Add-Ons?
-
JosephKing started following GRC's Firewall LeakTeset , Does ESET Scan Browser Add-Ons? and Magecart Found Again on 500 Sites
-
Cross-site request forgery
JosephKing replied to JosephKing's topic in ESET Internet Security & ESET Smart Security Premium
I think this log file shows an example of XSS. 5/10/22: HTTP filter;file; htxxs://www.hastingstribune[.]com/tncms/access/rules; HTML/ScrInject.B trojan;connection terminated; Event occurred during an attempt to access the web by the application: C:\Users\user\AppData\Local\chrome\Application\chrome.exe (C581591A194A29CDF2EE4E3EA36B4A19DAE4C21B).;859684033D6A1B18AA9546AA93DD3DD9648EF0F7; -
New_Style_xd reacted to a post in a topic: Cross-site request forgery
-
I'm interested to know how ESET detects CSRF. Is it actively scanning for commands or just files that make up the website? If you're on a website for a while, and all is well, then an attacker starts sending commands would ESET alert? I never got a mid-session alert. Not too sure if I fully understand how its handled by AV.
-
Windows Event Logs can be set up for Advanced Auditing. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings Start>Local Security Policy>Advanced Audit Policy Configuration. Enable anything you find interesting like Logon/Logoff, Process Creation/Termination, Credential Validation, Sensitive Privilege Use, RPC events, etc. Check out software like Event Log Explorer or NirSoft FullEventLogView.
-
Sysmon is essential and sets up in just a minute. https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Download Sysmon and put in any directory. Open cmd and cd to the directory. Cmd> Sysmon.exe -I -h sha256 -n /accepteula Done. Open Event Viewer: Microsoft\Windows\Sysmon. Enjoy! There's a lot of different config.xml files out there to create different info in the event logs. https://www.blumira.com/enable-sysmon/
-
I wanted to share some resources about PowerShell logs for anyone unfamiliar with enabling Scriptblock logging. Run>gpedit.msc. > User Configuration\Administrative Templates\Windows Components\Windows Powershell\Turn on Powershell Script Block Logging,Transcription https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging/#:~:text=1 EID 400: The engine status is changed,status is changed from Available to Stopped. https://adamtheautomator.com/powershell-logging-2/ https://github.com/littl3field
-
JosephKing reacted to a post in a topic: Magecart Found Again on 500 Sites
-
https://arstechnica.com/information-technology/2022/02/hundreds-of-e-commerce-sites-booby-trapped-with-payment-card-skimming-malware/ The Magecart credit card stealing exploit was found on 500 websites. I'm interested to know if ESET would have detected this. I see a post from Feb 21, 2020, 'Web Site Magecart Attacks - Kudos to Eset Again!' and read the MRG report.
-
GRC's Firewall LeakTeset
JosephKing replied to JosephKing's topic in ESET Internet Security & ESET Smart Security Premium
Thank You. I've been using the Interactive function and its been the control I was looking for. -
I needed to use Shield's Up, so went over to Steve Gibson's GRC services. https://www.grc.com/lt/leaktest.htm Results said firewall security didn't prevent the test. I wanted to get some feedback on how ESET's firewall should handle this test. Should it be stopped? What about with changing the built in settings?