Nightowl
-
Posts
1,848 -
Joined
-
Days Won
17
Posts posted by Nightowl
-
-
22 hours ago, hesamasghari said:
Hi
Within the network infrastructure, we use both LAN and Wi-Fi to connect systems to the network, but we have created restrictions on Internet access.
Now we have noticed that a number of users use mobile hotspot and connect to the Internet illegally.
We want to use ESET Endpoint Security to create a restriction so that the systems can use the WIFI of the network, but it is not possible to use the Hotspot, and in case of connection, all traffic will be blocked.
Please guide us in this regardI don't know if this helps , but could help , https://answers.microsoft.com/en-us/windows/forum/all/how-do-i-restrict-the-wireless-connections-to-just/da39ebf3-c88e-4e8a-be23-7a2a5c1fd78e
But I don't know how safe it is , I could because bring a SIM internet receiver , and put an ethernet to the PC directly and work , then the WIFI preventions won't help that much , unless also blocking the ethernet from taking from other places is a possible option but I have never done that or seen that.
-
On 4/20/2024 at 4:35 PM, MrCyubik said:
Hello everyone. I started to notice strange youtube videos at my phone (mostly streams in youtube shorts) which i didn't watch. That happens when I watch some other videos in shorts, and in that time they appear in my history. All this videos are often about games(I think because I watch this topic a lot), but sometimes i got something like lottery and other stuff that never interested me. I deleted all my cache in browsers and youtube, I also scanned my phone with eset mobile security, malwarebytes and dr.web mobile and they didnt find any viruses. I just really want to know if this is just a bug or something dangerous.
All password were changed and I have double authentification.
In Google settings , Security settings , you can find and check which devices are logged in into your YouTube account
YouTube will save your history of shorts also , whatever you watch will be saved in History , do you mean that you are finding things that you didn't watch?
-
ESET Endpoint Linux 10.2.2.0
EICAR.COM - COM FILE
EICAR.TXT - TXT FILE
Both undetected in Chromium , in Firefox detected
EICAR.COM-ZIP - DETECTED Chromium
EICAR.COM2-ZIP - DETECTED Chromium
https://www.eicar.org/download-anti-malware-testfile/
Chromium Version 123.0.6312.105 (Official Build) snap (64-bit)Firefox 125.0 (64-bit)Ubuntu Mate 22.04 LTS -
On 4/17/2024 at 1:37 PM, Lionking said:
BTW, what is the function of HTTP/3 ??
HTTP/3, based on QUIC, is the third major version of the Hypertext Transfer Protocol (HTTP) and was adopted as an IETF standard in 2022. QUIC+HTTP/3 were created to solve inherent limitations with TCP that constrain performance and user experience. - From NGINX website
-
10 hours ago, Tetranitrocubane said:
I'll put it out of my mind in that case, and thank you for the explanation! I'm surprised that ESET would label these files as malicious after nearly 10 years - but I suppose stranger things have happened.
Thank you once again
Most likely due to a vulnerability found in that file.
ESET designates them as unsafe because a malicious actor can exploit them depending how vulnerable they are.
-
It's the BIOS package or the updater which is vulnerable , updating to more recent BIOS version will make ESET go quiet
It's just mad about the BIOS/driver whatever this is , because it's vulnerable , you can exclude the detection so ESET can be quiet about it , or just update the BIOS/drivers(more recommended) which will fix the vulnerability and make ESET go quiet.
But I think ESET is mad about the downloaded files of the BIOS , removing them will get rid of the detection, if the detection was from the BIOS itself , we will see another location in the message.
-
On 4/11/2024 at 4:15 AM, Guillermo Mariel said:
Thanks for the prompt response, something important to add is that it is a Windows Server and domain controller role.
Better to keep it behind a Firewall protected and allow only specific IP addresses to be able to connect to the domain controller , this is more secure approach.
On 4/11/2024 at 3:59 AM, Guillermo Mariel said:the server does not have port 135 open to the Internet, however, when executing the netstat command, it is observed that it is trying to connect to different public IPs (Several classified as malicious or malware according to Virustotal) , and the connection status is SYN_SENT.
I am also almost sure that the port is open
Otherwise the said IP won't be able to reach , or in another scenario there has to be a reverse shell for it to be open a way for bad guys to get in , but I still believe in the first scenario , port is enabled.
-
Is bing toolbar installed from Edge?
Edge tries to force Bing bar on the Desktop
-
1 hour ago, Faizan said:
Hello, We are getting below error while installing AV through live installer.
Windows version 20h2 build 19042.631
I don't know exactly why the installer cannot run , an ESET staff can help more than me
But I have a suggestion to upgrade your Windows 10 to more recent Windows 10 version because 20h2 is out of support.
QuoteCurrent status as of May 9, 2023May 9, 2023, all editions of Windows 10, version 20H2 have reached end of servicing. The May 2023 security update, released on May 9, is the last update available for this version. Devices running this version will no longer receive monthly security and preview updates containing protections from the latest security threats. -
I believe slow downloads are related to Blizzard(Battle.net) themselves
It's not only you , as Battle.net is buggy when you open Download Limit , try to go for no limit
If not limited , try to limit it to half of your internet speed or even more or even above your download connection speed. ( sounds stupid I know , but their limit is buggy or used to be buggy ).
And it can be their servers are just feeling tired and there isn't enough speed for everyone , I don't know how are their servers located , but your location can also make an affect.
I know because I experienced this with high speed connections , with ESET and without ESET with different locations.
-
-
2 hours ago, kurco said:
I see, would it be possible to share system logs? without them I'm not able to give any suggestions what could be wrong.
Run the log collector of ESET ?
-
Just now, kurco said:
econnd is responsible only for communication with other eset agents. What kind of desktop environment are you using?
Ubuntu Mate 22.04 , same as other desktops/server which are working normally.
-
4 minutes ago, kurco said:
Hi,
kernel 5.15 is not affected, because it's compiled with default version of ubuntu gcc. But 6.5 is compiled with gcc version, which is not by default present and therefore it needs to be installed, because it is dependency for kernel modules compilation.
Kurco.
I understand , thanks for the explanation , I installed the dependency
I cannot get the GUI to run , I have this error in systemctl
econnd[1774]: ESET Endpoint Antivirus Error: Invalid request: Function not implemented
I restarted eea service
eea[4375]: ESET Endpoint Antivirus error: Can't start GUI for user vm. Please log out and log in to start GUI for vm
I logged in and out
Should I try to reinstall again?
I have other machines that run same endpoint and linux server but didn't have those troubles , it's weird , and I also noticed if I open the Secure boot , the protections cannot open , am I doing something wrong?
-
1 minute ago, kurco said:
Hi,
it looks like you are encountering following issue: https://support.eset.com/en/kb8571-eset-service-fails-to-start-when-installing-eset-server-security-or-eset-endpoint-antivirus-for-linux-on-ubuntu-2204-or-mint-21
Regards,Kurco
Hello ,
I used kernel 5.15 and it worked fine , I don't know if this KB can solve it with 6.5 I didn't try because I already removed 6.5 kernel.
Thank you.
-
1 hour ago, Microbe said:Hi,The screenshot of the notification is below, followed by the information for your points below itAs you can see in the screenshot above, although camera is blocked in edge, every time I clear browser history I get the webcam access blocked notification visible on the lower right.
What happens if you block the Camera Access to Edge from Privacy Settings in Windows 10/11?
-
Hello ,
I couldn't dig much into it , I will do so soon and give logs, but I have a question , ESET Protect shows fatal error on starting the product , its installed but cannot start , but I think it could be because of kernel 6.5 of 22.04? I should downgrade to Kernel 5.15 for it to work normally
Is it true?
-
More info about the IP : https://app.crowdsec.net/cti/80.66.88.215
I think what is ESET blocking is the brute force attempts or scanning , I believe you have ports opened on the internet , 135 is one of them , svchost.exe answers on that port.
-
Hello brother
May I ask you if there is an open RDP/SMB/HTTP port enabled to the WAN ?
As for port 135 it's related to RDP , is it open to the internet?
I ask because in VirusTotal analysis it shows that this IP tries to brute force SMB RDP , DDOS HTTP.
-
7 hours ago, PassingBy said:
Hi Nightowl,
Thanks for the insights. Actually, Vantage was just updated and now the Energy/Battery section offers a lot more of data. The configuration on this Yoga does in such a way that Windows power management doesn't offer the same functions so i need to keep Vantage. I guess my next machine won't be a Lenovo.
You are welcome
There is a topic about it here also :
-
1 hour ago, PassingBy said:
As per headline.
I ran a scan, which is still ongoing and instantly these two files popped up.
C:\Drivers\OneKey Optimizer\setup.exe » INSTALLSHIELD » OneKey Optimizer.msi » MSI » ISSetupFile.SetupFile42 » INNO » {app}\bin\reaper_u.dll - a variant of Win32/Lenovo.G potentially unsafe application - action selection postponed until scan completion
C:\Drivers\OneKey Optimizer\setup.exe » INSTALLSHIELD » OneKey Optimizer.msi » MSI » ISSetupFile.SetupFile42 » INNO » {app}\bin\reaper.dll - a variant of Win32/Lenovo.G potentially unsafe application - action selection postponed until scan completion
Sole difference between the two seems the name "dll" and "u.dll"I think they're part of Lenovo Vantage, which i only use for power management but has lots of exe tasks ongoing on my machine, including some i never liked too much but keep going.
Any advice?
Thanks
E.
Try to update the Lenovo tools to a more recent version if that doesn't fix the ESET detections then you can ignore it or proceed to remove the Lenovo tools
Unsafe detection with Lenovo probably means what has been detected is vulnerable therefore ESET doesn't like it because it can be exploited to infect the machine.
I've googled about the OneKey Optimzer , It's related to the battery management in the Laptop, if there is no recent version with the vulnerability that ESET is mad about fixed , then I would ditch that and use Windows internal power management.
-
On 4/2/2024 at 5:50 PM, itman said:
Eset firewall use has no bearing on if a port is open or closed. The router controls this.
True and shouldn't be open as your home network doesn't serve DNS to people outside.
-
7 hours ago, Laplacian said:
I now scanned the external IP from LTE/4G device and it didn't show no ports or even any host up. Then I also scanned my LAN again using NMAP and the device inside my network seems to have the port 53 open indeed, but it is TCPwrapped. I do not know why does show that one port. But I trust ESET so its all good thanks for the help
You are welcome
About port 53 , try to check that device and see the firewall rules for port 53 TCP , it shouldn't be open for DNS unless that device serves something or it's open by mistake.
-
1 minute ago, Laplacian said:
I scanned the machine inside my LAN with another LAN device. As for the public IP, I will try to scan outside my LAN. I will post when I have done that thanks.
Yes while connected from LAN , see your IP from whatismyip websites , then disconnect from your WIFI home , and then scan the WAN IP that you got from the website , it should how you the results from Outside > to your side
I think inside the LAN , since it's trusted , ports can communicate with eachother unless it's instructed by the personal firewall on the devices (like ESET or windows firewall) to disable certain ports from communicating.
strange videos in youtube history
in Malware Finding and Cleaning
Posted
If you only see your device logged in , I doubt there would be some kind of hacker watching Shorts from your account , because he can do it without hacking someone.
Also you check login history also if I am not mistaken , which shows you which devices logged into the account
Maybe also someone takes the phone physically like children in house and watch YouTube Shorts?
If you scan and it shows that it's clean , most likely it's clean
Make sure you are always up-to-date with iOS/Android updates and always update the Apps