Jump to content

Nightowl

Most Valued Members
  • Posts

    1,350
  • Joined

  • Days Won

    15

Nightowl last won the day on June 10

Nightowl had the most liked content!

1 Follower

About Nightowl

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Western Sahara

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This is File Security , Server Security , it doesn't offer a Firewall at all
  2. Attacks shouldn't reach ESET as they were stopped by the Firewall in first place , how could they reach if the Firewall blocked them in first place? Something is weird or I just don't understand it. If ESET is still showing things in Network Troubleshooting area and Blocked IP Addresses List area , then the Windows Firewall is not blocking properly. When Windows Firewall is blocking properly , then ESET shouldn't see anything because it's already stopped before it can even see them by the Firewall.
  3. Just to note , Checkpoint uses Kaspersky engine hence why they both detect it.
  4. This is more active topic about it , but I believe you have been already there :
  5. Check if you can make connections to these ports and IPs , see if your firewall is blocking connections to these
  6. Most router brands will have a sticker on them that will tell you user/pass and login link In CMD/Command Prompt as ITMAN said , type ipconfig /all , you should see a part that says Default Gateway.
  7. If you feel that your router has been compromised it's better to reset it and change the Wireless password and if there is a firmware update , update it to the latest version As for the unknown devices one seems to be a Windows computer that is trying to communicate with your PC and the other I can't know because the title is blurred Normally Windows systems communicate with eachother like for Update sharing from PC to PC Port 137 looks like to be used by NETBIOS I wonder if the other PC is infected and is trying to spread again through Port 137 , Port 445 , to infect you again with some ransomware again as you've said For MalwareBytes if it's running in realtime it's better to disable the real-time scanning as it would conflict with ESET real-time scanning as they would fight eachother to claim files , then they will start bringing up false positives and then protection would be useless from both , as both cannot do what they are designed to do. ---- As for the Ransomware you should have taken it from some place , whether it was downloaded from the internet , or the PC was exploited through another PC from the LAN It's better to clean off unknown devices from the network by securing your router again, then you will be sure only your devices remaining in the LAN, and then you can start by working to isolate and fix the troubled computer
  8. If I am not mistaken , the v4 version will be replaced by a version that is based on the ESET Endpoint Linux 8
  9. You can upload your version to virustotal for more checking by AV engines to be more sure It seems that this WaasMedic is related to Windows Update.
  10. 1 year before I had a similiar attack to a Windows Server that was being constantly attacked in Port 445 Once that port was closed in Windows Firewall , ESET stopped showing any signs of attacks , If I would enable the port again in Firewall , ESET will start showing attacks again as the scripts didn't stop , they will just attack all the time.
  11. I doubt so , once Windows Firewall is blocking properly , ESET should not be able to receive these attacks , because they were stopped in first place by the Firewall
  12. @kamiran.asia, Check in your Firewall rules if you have this enabled File and Printer Sharing (SMB-In)- TCP 445 Deny this rule or filter it by IP And does this server have HTTP opened? And they also try to come by HTTPS. About HTTP/HTTPS , if it's a server that serves websites , then you cannot filter them unfortunately if I am not mistaken. If Windows Firewall is properly configured then ESET should stop showing you alerts about attacks , because the Firewall would render them useless(Ports blocked).
  13. Mostly Cloud Servers/services , will start to get attacked as the first moment they are deployed online , doesn't matter which company you rent from them , seems that lot of hackers have scripts on their IPs ready all the time I would still try to get something from OVH for a Firewall plus the Windows Firewall solution, it's not safe at all to stay under attack , even if it was ESET usage very low under these attacks , still the server is constantly being attacked and one day they might be able to exploit or penetrate the server , then it will go bad. I read that you can enable this : https://docs.ovh.com/gb/en/dedicated/firewall-network/
  14. Glad to hear it's working , it seems that they supported newer kernels somehow.
×
×
  • Create New...