Jump to content

JosephKing

Members
  • Posts

    22
  • Joined

  • Last visited

About JosephKing

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. Ah, I search for it, but didn't find. It always did in the past, so figured there was a change. Will wait it out. I wonder if importing my ESET config with all the custom remote ip rules was causing a freeze up. Thanks for the info. Eset rules.
  2. Was Smart Security Premium updated? I use the Interactive Firewall and every Rule is allowing ANY remote host. In the past, creating a rule from the pop-up added the process and destination host, but now every rule is allowing the process to any dest ip. How can I create a rule from the interactive firewall to the specific ip when I get a popup?
  3. I can't find any info about a signature that blocked a site. Nothing on just Nomani either. I found virusradar's encyclopedia, but it seems incomplete. Is there an ESET or general virus signature definition or detection reference site? HTML/Hoax.Nomani.B application
  4. I'm trying to clarify in what ways anti-virus works on the network layer of the tcp/ip stack. Search engines didn't turn up too much info. How does AV work on layer 3? Is it just connection management? Does AV check ip blacklists? Is it primarily the presentation and application layer, including dns? Is there any diagram with the tcp/ip stack next to AV protections?
  5. Is there an article about it? I'd like to better understand it; alert, category, how its detected (in browser, on file system.) I'm interested to know how they're handled. I see MS Store packages in my ESET logs, I'm gonna scan the Chrome extension directory to get a better idea. Maybe there's a YT video demo w/ extension detections.
  6. I mean, can ESET audit your extensions? I don't have something suspicious. It would be great to have a tool that could check browser add-ons.
  7. Does ESET protect against malicious browser extensions? If no, could ESET make a tool to check add-ons?
  8. I think this log file shows an example of XSS. 5/10/22: HTTP filter;file; htxxs://www.hastingstribune[.]com/tncms/access/rules; HTML/ScrInject.B trojan;connection terminated; Event occurred during an attempt to access the web by the application: C:\Users\user\AppData\Local\chrome\Application\chrome.exe (C581591A194A29CDF2EE4E3EA36B4A19DAE4C21B).;859684033D6A1B18AA9546AA93DD3DD9648EF0F7;
  9. I'm interested to know how ESET detects CSRF. Is it actively scanning for commands or just files that make up the website? If you're on a website for a while, and all is well, then an attacker starts sending commands would ESET alert? I never got a mid-session alert. Not too sure if I fully understand how its handled by AV.
  10. Windows Event Logs can be set up for Advanced Auditing. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings Start>Local Security Policy>Advanced Audit Policy Configuration. Enable anything you find interesting like Logon/Logoff, Process Creation/Termination, Credential Validation, Sensitive Privilege Use, RPC events, etc. Check out software like Event Log Explorer or NirSoft FullEventLogView.
  11. Sysmon is essential and sets up in just a minute. https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Download Sysmon and put in any directory. Open cmd and cd to the directory. Cmd> Sysmon.exe -I -h sha256 -n /accepteula Done. Open Event Viewer: Microsoft\Windows\Sysmon. Enjoy! There's a lot of different config.xml files out there to create different info in the event logs. https://www.blumira.com/enable-sysmon/
  12. I wanted to share some resources about PowerShell logs for anyone unfamiliar with enabling Scriptblock logging. Run>gpedit.msc. > User Configuration\Administrative Templates\Windows Components\Windows Powershell\Turn on Powershell Script Block Logging,Transcription https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging/#:~:text=1 EID 400: The engine status is changed,status is changed from Available to Stopped. https://adamtheautomator.com/powershell-logging-2/ https://github.com/littl3field
  13. https://arstechnica.com/information-technology/2022/02/hundreds-of-e-commerce-sites-booby-trapped-with-payment-card-skimming-malware/ The Magecart credit card stealing exploit was found on 500 websites. I'm interested to know if ESET would have detected this. I see a post from Feb 21, 2020, 'Web Site Magecart Attacks - Kudos to Eset Again!' and read the MRG report.
  14. Thank You. I've been using the Interactive function and its been the control I was looking for.
  15. I needed to use Shield's Up, so went over to Steve Gibson's GRC services. https://www.grc.com/lt/leaktest.htm Results said firewall security didn't prevent the test. I wanted to get some feedback on how ESET's firewall should handle this test. Should it be stopped? What about with changing the built in settings?
×
×
  • Create New...