Jump to content

Nightowl

Most Valued Members
  • Content Count

    1,130
  • Joined

  • Days Won

    12

Kudos

  1. Upvote
    Nightowl gave kudos to Peter Randziak in Eset Detects .Dll But Not .Exe Version?   
    Hello @itman,
    the .exe itself is not malicious, it loads the .dll, which is being detected...
    Peter
  2. Upvote
    Nightowl gave kudos to Marcos in Having truble with Metatrader [Emofid Version]   
    The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD.
    Detection of suspicious app would look like
    file.exe - a variant of Win32/Packed.VMProtect.AC suspicious application
     
  3. Upvote
    Nightowl received kudos from jafarfathi in Having truble with Metatrader [Emofid Version]   
    It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore.
  4. Upvote
    Nightowl received kudos from jafarfathi in Having truble with Metatrader [Emofid Version]   
    But it is the machine learning that is triggering the detection , not the update database
    The way this program behaves is being triggered by AUGUR that is suspicious
  5. Upvote
    Nightowl received kudos from ValerieMichelle007 in ESET Internet Security blocks a URL, but ESET Mobile Security doesnt   
    Mobile Security needs some kind of permissions for Anti-Phishing to work properly , have you enabled that?
  6. Upvote
    Nightowl received kudos from r1man in ESET Internet Security blocks a URL, but ESET Mobile Security doesnt   
    Mobile Security needs some kind of permissions for Anti-Phishing to work properly , have you enabled that?
  7. Upvote
    Nightowl received kudos from ebill in Release 13.2.15 before official announcement   
    You are just angry at something that you can't change , all companies do the same , they release an update and then they give the change notes after a while , or go meet Microsoft , they won't tell you what changed. or say hello to Steam
    I don't represent ESET , and I don't work for them , but a delay of a bit or few hours after being posted in their download page and after that to their forum , it doesn't mean anything bad , they have posted it they didn't hide them , It's just a matter of a little bit of time delaying the upgrade so you can read the notes and after than initiate your upgrade or delay it for next version.
  8. Upvote
    Nightowl received kudos from fabioquadros_ in Release 13.2.15 before official announcement   
    You are just angry at something that you can't change , all companies do the same , they release an update and then they give the change notes after a while , or go meet Microsoft , they won't tell you what changed. or say hello to Steam
    I don't represent ESET , and I don't work for them , but a delay of a bit or few hours after being posted in their download page and after that to their forum , it doesn't mean anything bad , they have posted it they didn't hide them , It's just a matter of a little bit of time delaying the upgrade so you can read the notes and after than initiate your upgrade or delay it for next version.
  9. Upvote
    Nightowl received kudos from fabioquadros_ in Release 13.2.15 before official announcement   
    Just wait till you see official notes before you upgrade , or refuse the upgrade if you don't know the changes.
  10. Upvote
    Nightowl received kudos from howardagoldberg in Release 13.2.15 before official announcement   
    You are just angry at something that you can't change , all companies do the same , they release an update and then they give the change notes after a while , or go meet Microsoft , they won't tell you what changed. or say hello to Steam
    I don't represent ESET , and I don't work for them , but a delay of a bit or few hours after being posted in their download page and after that to their forum , it doesn't mean anything bad , they have posted it they didn't hide them , It's just a matter of a little bit of time delaying the upgrade so you can read the notes and after than initiate your upgrade or delay it for next version.
  11. Upvote
    Nightowl gave kudos to User2 in JS/Spy.Agent.Z Trojan got blocked. But where?   
    Hello Nightowl,
    excuse me for my late answer! I didnt expected a second reply.
    Thank you for your adivce. I even considered to change Adblock Plus to uBlock. I will change it shortly.
    And i didn't know uMatrix but i will have a look to it. It sounds like it is from the same developer how uBlock is. I think i will try this too also when websites will look broken.
  12. Upvote
    Nightowl gave kudos to Marcos in Banking & Payment browser switch with 13.2.14.0 update!   
    The issue has been fixed. A new Banking and payment protection module 1190 with the fix is now available on pre-release update servers.
  13. Upvote
    Nightowl received kudos from vivelasieste in Antivirus for mac: Kaspersky or eset?   
    To me both of them are good products and worth trying but since I've been using ESET since ages and I got used to it and because it's light , I can't move to another product , but Kaspersky is worth a try , I want to give it a try someday also.
  14. Upvote
    Nightowl received kudos from chrlshlmn in Kerish Doctor   
    Usually these software aren't recommended by Microsoft , as they tend to touch the registry and sometimes they could break off things
    Automatic Maintenance in Windows does probably just the same , as still you have the Disk Cleanup which changed to another name by Microsoft recently.
    Then CCleaner when moved to Avast if I am not mistaken , they were hacked , yea it happens to all , but still I just dropped the application at all.
  15. Upvote
    Nightowl gave kudos to Marcos in Ransomware   
    Not really. Ransomware typically removes itself after it has finished encryption. It's the ransomware note which contains information necessary to obtain a decryptor for ransom.
  16. Upvote
    Nightowl gave kudos to New_Style_xd in Block Chrome update   
    It worked, thank you very much

  17. Upvote
    Nightowl received kudos from New_Style_xd in Block Chrome update   
    It's better described here : https://support.eset.com/en/kb2843-create-a-firewall-rule-to-allowdisallow-use-of-a-certain-application-in-my-windows-eset-home-product
    Just put a BLOCK instead of Allow , and for the exe path put C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  and then manually check for update in Chrome , it should fail.
    Disabling the services can help you also stop the update , but if it got enabled , it will update automatically , but you can disable them and only manually they can be started.
  18. Upvote
    Nightowl gave kudos to Marcos in "Pause firewall" permission   
    Even if a policy with all settings was applied, users with admin rights would be able to pause any protection, not only the firewall.
  19. Upvote
    Nightowl gave kudos to peteyt in Block Chrome update   
    I use Automatic firewall myself now (used to use interactive mode). I believe you can disable Chrome updates without the need for the firewall https://www.makeuseof.com/tag/stop-automatic-chrome-updates-windows/ This will at least stop chrome updating automatically itself. 
    You could run the firewall after than it interactive mode and try to update and possibly tell eset to block it however you may block the wrong thing.
  20. Upvote
    Nightowl gave kudos to itman in ESET I.S. Agressively blocking URL, can't find app   
    In regards to what this malware JavaScript malware does, a few observations.
    In addition to other system modifications, it creates a new network service. It also creates a copy of wscript.exe in the C:\Users\Public directory. Assumed it is using that copy to execute any additional scripts the malware deploys. So if one is indeed using Eset HIPS to monitor wscript.exe startup, you would have made target application in the rule C:\Windows\System32\wscript.exe. As such, this rule will not detect wscript.exe startup from any other directory location.
    This gets us to Eset's "stone age" HIPS capability. I for one have "been harping" for some time about the lack of global wildcard capability. That is a specification such as *\wscript.exe that would detect wscript.exe PE use regardless of where it is located. -EDIT- How this would be deployed is one "ask" HIPS rule for C:\Windows\System32\wscript.exe. Then one "block" HIPS rule for *\wscript.exe. This would also enable blocking of abused legit "living of the land" utilities such as those included in the SysInternals suite; e,g. PsExec, that can be maliciously deployed from any directory.
    BTW- the dropping of executable's into the C:\Users\Public directory is a technique used by North Korean hackers. One possible source where the malware is originating from.
  21. Upvote
    Nightowl gave kudos to itman in ESET I.S. Agressively blocking URL, can't find app   
    The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script.
    Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120
     
  22. Upvote
    Nightowl gave kudos to Marcos in ESET I.S. Agressively blocking URL, can't find app   
    Got it from VT. In fact, it's not detected because of the extension but with a correct extension it would be detected:
    updatewins.js - JS/Kryptik.BPU trojan. The detection was created between Feb 17-20. We'll adjust it so that such files can be normally detected.
  23. Upvote
    Nightowl received kudos from peteyt in Latest Malware Protection tests on AV Comparatives   
    For me that's excellent for most of them .. so it depends only on your taste and opinion and experience with the software itself , I tend to like ESET more because it's been several years with it and I just don't want to move on to another product , even though I would like to try Kaspersky for a bit , but I still stay with ESET due to several years of using it and it's light.
  24. Upvote
    Nightowl gave kudos to Marcos in Move my product to a new pc   
    V4 for Linux is a legacy product which doesn't support activation / deactivation. You simply enter a username and password for update and that's it. If update didn't work it must have been a glitch with your credentials that was subsequently resolved but definitely the issue could not be connected to activation.
  25. Upvote
    Nightowl gave kudos to Milan98 in ESET Internet security and windows defender   
    Yep, works now, thanks.
×
×
  • Create New...