Nightowl
Most Valued Members-
Posts
1,820 -
Joined
-
Days Won
17
Everything posted by Nightowl
-
Trojan Detection Blocks Access to Excel.
Nightowl replied to Felipe osorio's topic in Malware Finding and Cleaning
It is indeed a virus and the location of it indicates it more WINDOWS/TEMP , And the file name is more weird ,I doubt some of your colleagues have to work on a file named q.vbs and store in TEMP Remove that file after you send it to ESET , and inform the place where it came from that they are sending malicious files , and if there is no response / action from their side , block them. If your client doesn't use macros inside Word or Excel files , its recommended to disable them by default even from trusted locations. -
ESET is blocking VPN for apps installed after ESET
Nightowl replied to jcubic's topic in ESET Endpoint Products for Linux
Please give support for Forticlient and don't forget about it https://www.fortinet.com/support/product-downloads -
Scheduled Scans
Nightowl replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
I wish for an Application Control that is similar to Kaspersky's App Control , Trend Micro's App Control It can give more control on what runs on the PC and what cannot run Thanks ESET. -
Warzone RAT CT2 - Synology DSM
Nightowl replied to wbraveheart's topic in Malware Finding and Cleaning
Is your NAS exposed to internet? -
What is the Design on the New ESET Startup Screen and Packaging?
Nightowl replied to Odriver's topic in General Discussion
Your link leads to 404 my brother. Give us the old eye icon in the taskbar and old skins , would be perfect! -
I apologize , I got confused with VirusTotal , I didn't pay attention it's virusradar website.
-
Unfortunately ESET have no control of how VirusTotal looks like. I believe ESET will tell you to send the suggestions to VirusTotal Team But what I would like from same category , is a section in the ESET website that will allow us to send submissions like VirusTotal , but to test it with Augur/ESET definitions.
-
VBS wıll be dıscontınued by Mıcrosoft due to the risk and due to discontinuing Internet Explorer I think we will see more and more of Powershell attacks instead of VBS
-
Threat: HTML/ScrInject.B trojan false-positive website
Nightowl replied to Daisy1986's topic in Malware Finding and Cleaning
Clicking "Go Home" would trigger hxxps://watchseries.id/home;HTML/ScrInject.B trojan -
I tried to go to the link that the error gives you but it's not found An ESET staff might help you faster than me but I will try my way. Let's check if your server isn't corrupted in some parts Please run this in CMD admin : sfc /scannow The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy
-
Try to temporary disable your Web Access Protection , it probably should work , but I know you will remain without Web Access Protection , but this is my workaround for accessing my VPN application. (no I don't work for ESET , so not an official answer)
-
ESET Endpoint Linux v10 Web Access + FortiClient
Nightowl replied to Nightowl's topic in ESET Endpoint Products for Linux
When I made contact in July , I received that it's a Known Issue between VPN and Web Access Protections and it will be looked on in the future. -
ESET Endpoint Linux v10 Web Access + FortiClient
Nightowl replied to Nightowl's topic in ESET Endpoint Products for Linux
I have updated to 10.1.8.0 and re-enabled Web Access Protection but sadly same problem remains , I've tested because I have read from release logs that it got improved. It can be re-produced by downloading FortiClient VPN (VPN only) deb package from here https://www.fortinet.com/support/product-downloads And having ESET web access protection to be running in the same time. No need for login or passwords or VPN's IP , the GUI will not work as long as Web Access Protection is running. Thank you. -
Network
Nightowl replied to usereset22's topic in ESET Internet Security & ESET Smart Security Premium
It's normal , if you got your ISO from here https://www.microsoft.com/en-us/software-download/windows10ISO It's safe because it's Microsoft, other than that like what you posted about SearchApp.exe , it's the search which built into Windows , it communicates with the internet probably with Bing -
Network
Nightowl replied to usereset22's topic in ESET Internet Security & ESET Smart Security Premium
Just sit your detections to Aggressive in ESET and HIPS in Smart Mode And if you want to control what goes out and in , you can go with Interactive Mode in Firewall , but will give you lot of alerts for the first time till everything get configured , you can use the Learning Mode before going Interactive Mode. In TCPView you will see lot of attempts and connections by Windows itself because it communicates with other things and with microsoft etc , but if you obtained iso from Microsoft and formatted and installed it , I doubt it would be tampered with iso , but anyway , you can run a deep scan with ESET after you set everything to aggressive detection and reporting and if you still don't trust the result of ESET , you can check another free scanner like Sophos Hitman or any free scanner that won't run as real-time so it doesn't conflict with ESET real-time protections. -
Network
Nightowl replied to usereset22's topic in ESET Internet Security & ESET Smart Security Premium
What are you surfing to in Edge? or what Extensions are you using in Edge? -
I attacked by virus and hacked my fb account
Nightowl replied to Sohel Rana's topic in Malware Finding and Cleaning
Rambler is a website that is similar to Yahoo/MSN and is owned by Sberbank , I doubt it will launch attacks on specific users to steal their instant messaging accounts Another connection is that the attackers used emails from Rambler.ru services , which is the same thing if the attacker used gmail or proton or whatever , since even bad actors that aren't connected to PC work used ProtonMail which is based on Switzerland. It doesn't matter where it's coming from , even if from your friends , if the link isn't supposed to come or the message look weird , don't open it -
Thanks for your assistance ITMAN I will check it out. I wish I had an easier route rather than messing with Microsoft's GPO
-
I was looking at it yesterday (SRP) , but your explanation is better than what I was reading , I will give this one a try , and apply it to specific folders like Downloads , TEMP etc. and will see what happens About Downloads location , I bet I can keep it there , I just put the wanted extentions to be blocked Thank you bro.