Jump to content

Corso

Members
  • Posts

    62
  • Joined

  • Last visited

Posts posted by Corso

  1.  

    Just did a clean reinstall of windows 10 pro x64

    and now security center says both windows firewall and esets firewall are both running at the same time.

     

     

    It's a general problem of version 9 that some users have and it still has not been fixed by ESET,

    see this thread

     

     

    Ok i reinstalled and it's the same again. Hope ESET or MS can fix this.

    Thanks for the info!

  2.  

    We're not suppose to turn off windows firewall then apps won't update.

    ??? The Win firewall plus Eset firewall with default settings do not block outbound connections. Therefore, neither will have any impact on your applications being able to update.

     

    The problem with running two firewalls is a possible conflict with inbound connections. Only one firewall that monitors network connections should be active at any time.   

     

    ????? You said turn off the windows firewall. Then apps won't update so that's not a solution.

    That's the whole problem with running both firewalls at the same time.

    Windows firewall do say that the settings are handled by ESET. So maybe security center theres something wrong with.

    Well i'll try to reinstall ESS once again.

  3. Just did a clean reinstall of windows 10 pro x64

    and now security center says both windows firewall and esets firewall are both running at the same time.

    It also say it can cause conflict running them at the same time.

     

    This have happened before as well.

    What's happening, why does this occur and how to fix this?

     

    Haven't changed anything in the registry since this is a Clean install.

     

    Eset Smart Security v.9.0.375

    Windows 10 511.164 Pro x64

    all updates to date.

  4. Secured browser doesn't work for my bank anymore now with win 10 586.

    It did work with RTM 10240. Only works in firefox 42.0

    Have uninstaled and reinstalled ESS 9.318.

     

    https://internetbank.swedbank.se/bviPrivat/privat?ns=1

     

    Nothing happens at all. Bank url is in the settings.

     

    IE11 not working.

    Edge not working.

    Pale Moon 25.7.3 (x64) not working.

    Firefox 42.0 working.

  5.  

    I would recommend that you purchase a router with a good built-in firewall. Just ensure it has IDS protection; most do. This way any IDS attacks are stopped at the router before they even reach your PC. Also, hardware firewalls are much harder to hack and bypass.

    Repeated port scanning like you are experiencing is usually a prelude to a major attack on your system.

     

    -EDIT-

     

    From a posting over at www.bleepingcomputer.com, Didier Stevens who is a security guru confirms what I previously posted:

     

    If your machine was the target of a port scan, I guess your machine has a public IP address.

    Is this your choice, or is it the default way of working of your ISP?

    If you don't need a public IP address for your machine, I recommend you use a NAT-router. This way, your machine will have a private IP address in stead of a public IP address, and it won't be the target of port scans anymore. Your NAT-router will have a public IP address, and it will issue a private IP address to your machine.

    Of course, your NAT-router will be port scanned, but it has a much smaller attack surface than your Windows machine.

     

    Didier Stevens

    hxxp://blog.DidierStevens.com

    hxxp://DidierStevensLabs.com

     

    SANS ISC Handler

    Microsoft MVP 2011-2015 Consumer Security

    MVP_Horizontal_BlueOnly.png

     

     

    Like you said in first post it's a known spamming source. Been googling some more.

    ESS9 blocks it so theres no need for a router with firewall.

     

    It's just annoying seeing same IP port scanning.

    but I've blocked it now in ESS9. That's what the ESS9 firewall is for.

  6.  

     

     

    Thanks for the reply!

     

    How do i do to block this IP in ESS9?

    You should first try to determine why you're getting port scanned in the first place.

     

    Do you connect to the Internet using a router or a router/modem combo with an integrated firewall? That device should prevent any kind of port scanning activity.  

     

    Do you use a third party DNS provider like VeriSign, Norton, Google, etc.?

     

    How could i do that?

    I'm just using internet as usual. Not using anything special. just a browser.

    Not using any third party DNS provider.

     

    Just like you said it seems like a known spamming source.

    I just have to figure out how to block that IP in ESS9.

     

    Next time you receive the alert, click on "Change handling of this threat."

     

    It should open up an "IDS Exception" screen as shown below - not sure on this since I never have received an IDS alert from Eset Smart Security. Also note that the screen shown is for ver. 8. I believe ver. 9 options are the same but formatted differently due to the new ver. 9 GUI.

     

    If some reason the "IDS Exception" screen is not displayed, then cancel out of whatever is displayed. You will have to then manually create the IDS Exception using the rule details I have shown. This will prevent the alert from being displayed but still block the activity. I also checked to "log" the action so you have a record of the activity in your Eset log file. You can also use this rule to add other IP addresses for like alerts.

     

    Note: you still should try to determine why your PC is being port scanned. 

     

    attachicon.gifEset IDS Exception.png

     

    How would i know why beeing port scanned. There's no particularly reason.

    It must be a idiot who tries to hack in.

     

    Thanks for the reply and help!

  7.  

    Thanks for the reply!

     

    How do i do to block this IP in ESS9?

    You should first try to determine why you're getting port scanned in the first place.

     

    Do you connect to the Internet using a router or a router/modem combo with an integrated firewall? That device should prevent any kind of port scanning activity.  

     

    Do you use a third party DNS provider like VeriSign, Norton, Google, etc.?

     

    How could i do that?

    I'm just using internet as usual. Not using anything special. just a browser.

    Not using any third party DNS provider.

     

    Just like you said it seems like a known spamming source.

    I just have to figure out how to block that IP in ESS9.

  8. I get this Network threat blocked pop-up every day almost once in a day, sometimes several times a day, or sometimes once every second day
    for like months now from usually same IP 80.82.70.24.

    Googling this IP to Netherlands. I have no idea what this is?
    and i wonder why this is? Is it some hacker or something else?

    I guess ESS9 blocks it and protects but i wanna make sure it does that?

    post-2173-0-00996400-1446573916_thumb.jpg

  9. marcos says to press the edit at the right and post an image of the window that will open.

    for example look mine.

     

    and then post an image the next time you see the warning when the scan completes.

     

    search the start menu for the snipping tool, it's easier to make screenshots of a specified area.

    I don't know what you mean?

    My setup looks just like yours in the pic you posted.

     

    I guess i just have to uninstall and reinstall and see if that fix it.

  10. Please post screen shots of:

    - the alert you're getting

    - your exclusion setup

    The setup is just as in pavilion_alex Picture.

    I've added the paths to the folders there.

     

    This is all weird. The first scan it detects them all as virus. I choose "no action" so they dont get deleted.

    Scan again a second time, does not detect them.

     

    Scan a third time again..detect them again, and also different folders some it detect virus in and the others not.

    All are excluded.

    Something is not right with SS.

  11. i just tested the eicar file in a folder in my desktop, and it wasn't even in the log. SS completely ignored it.

    plus i have the winzip msi file in the exclusion list because it's detected and i never saw any warning in the logs.

     

    maybe you didn't setup the exclusions correctly.

    Thats exactly as i have it setup. I've put the folders, in the Paths to be ecluded from scanning.

    Doing manual scanning, it detected the files in those folders and deleted them.

    I select "no action" from the scan result.

     

    Trying again....doing manual scan. It detect them again.

    ESS just ignored the paths to be excluded.

     

    Don't know how to fix that.

     

    This never happened in v8.

×
×
  • Create New...