Jump to content

Nightowl

Most Valued Members
  • Content Count

    1,110
  • Joined

  • Days Won

    11

Kudos

  1. Upvote
    Nightowl gave kudos to Marcos in Banking & Payment browser switch with 13.2.14.0 update!   
    The issue has been fixed. A new Banking and payment protection module 1190 with the fix is now available on pre-release update servers.
  2. Upvote
    Nightowl received kudos from vivelasieste in Antivirus for mac: Kaspersky or eset?   
    To me both of them are good products and worth trying but since I've been using ESET since ages and I got used to it and because it's light , I can't move to another product , but Kaspersky is worth a try , I want to give it a try someday also.
  3. Upvote
    Nightowl received kudos from chrlshlmn in Kerish Doctor   
    Usually these software aren't recommended by Microsoft , as they tend to touch the registry and sometimes they could break off things
    Automatic Maintenance in Windows does probably just the same , as still you have the Disk Cleanup which changed to another name by Microsoft recently.
    Then CCleaner when moved to Avast if I am not mistaken , they were hacked , yea it happens to all , but still I just dropped the application at all.
  4. Upvote
    Nightowl gave kudos to Marcos in Ransomware   
    Not really. Ransomware typically removes itself after it has finished encryption. It's the ransomware note which contains information necessary to obtain a decryptor for ransom.
  5. Upvote
    Nightowl gave kudos to New_Style_xd in Block Chrome update   
    It worked, thank you very much

  6. Upvote
    Nightowl received kudos from New_Style_xd in Block Chrome update   
    It's better described here : https://support.eset.com/en/kb2843-create-a-firewall-rule-to-allowdisallow-use-of-a-certain-application-in-my-windows-eset-home-product
    Just put a BLOCK instead of Allow , and for the exe path put C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  and then manually check for update in Chrome , it should fail.
    Disabling the services can help you also stop the update , but if it got enabled , it will update automatically , but you can disable them and only manually they can be started.
  7. Upvote
    Nightowl gave kudos to Marcos in "Pause firewall" permission   
    Even if a policy with all settings was applied, users with admin rights would be able to pause any protection, not only the firewall.
  8. Upvote
    Nightowl gave kudos to peteyt in Block Chrome update   
    I use Automatic firewall myself now (used to use interactive mode). I believe you can disable Chrome updates without the need for the firewall https://www.makeuseof.com/tag/stop-automatic-chrome-updates-windows/ This will at least stop chrome updating automatically itself. 
    You could run the firewall after than it interactive mode and try to update and possibly tell eset to block it however you may block the wrong thing.
  9. Upvote
    Nightowl gave kudos to itman in ESET I.S. Agressively blocking URL, can't find app   
    In regards to what this malware JavaScript malware does, a few observations.
    In addition to other system modifications, it creates a new network service. It also creates a copy of wscript.exe in the C:\Users\Public directory. Assumed it is using that copy to execute any additional scripts the malware deploys. So if one is indeed using Eset HIPS to monitor wscript.exe startup, you would have made target application in the rule C:\Windows\System32\wscript.exe. As such, this rule will not detect wscript.exe startup from any other directory location.
    This gets us to Eset's "stone age" HIPS capability. I for one have "been harping" for some time about the lack of global wildcard capability. That is a specification such as *\wscript.exe that would detect wscript.exe PE use regardless of where it is located. -EDIT- How this would be deployed is one "ask" HIPS rule for C:\Windows\System32\wscript.exe. Then one "block" HIPS rule for *\wscript.exe. This would also enable blocking of abused legit "living of the land" utilities such as those included in the SysInternals suite; e,g. PsExec, that can be maliciously deployed from any directory.
    BTW- the dropping of executable's into the C:\Users\Public directory is a technique used by North Korean hackers. One possible source where the malware is originating from.
  10. Upvote
    Nightowl gave kudos to itman in ESET I.S. Agressively blocking URL, can't find app   
    The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script.
    Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120
     
  11. Upvote
    Nightowl gave kudos to Marcos in ESET I.S. Agressively blocking URL, can't find app   
    Got it from VT. In fact, it's not detected because of the extension but with a correct extension it would be detected:
    updatewins.js - JS/Kryptik.BPU trojan. The detection was created between Feb 17-20. We'll adjust it so that such files can be normally detected.
  12. Upvote
    Nightowl received kudos from peteyt in Latest Malware Protection tests on AV Comparatives   
    For me that's excellent for most of them .. so it depends only on your taste and opinion and experience with the software itself , I tend to like ESET more because it's been several years with it and I just don't want to move on to another product , even though I would like to try Kaspersky for a bit , but I still stay with ESET due to several years of using it and it's light.
  13. Upvote
    Nightowl gave kudos to Marcos in Move my product to a new pc   
    V4 for Linux is a legacy product which doesn't support activation / deactivation. You simply enter a username and password for update and that's it. If update didn't work it must have been a glitch with your credentials that was subsequently resolved but definitely the issue could not be connected to activation.
  14. Upvote
    Nightowl gave kudos to Milan98 in ESET Internet security and windows defender   
    Yep, works now, thanks.
  15. Upvote
    Nightowl gave kudos to Marcos in Antivirus for mac: Kaspersky or eset?   
    Since you are in the official ESET forum, the answer is clear Anyways, it's a good practice also to try various products to find out if a particular AV works alright on your machine. It can happen that an AV with excellent results in tests causes performance issues in your environment and vice-versa. Should you encounter an issue while trialing ESET, you can ask here for assistance.
  16. Upvote
    Nightowl gave kudos to M.K. in Remove any macro in Microsoft Office documents   
    Hi,
    a quick update to this older thread.
    With the upcoming update of the Archive support module (v1303, currently on pre-release servers) it should be now possible to remove macros from office documents in incoming emails, even in previously released Mail security products.
    If you define a custom rule with Attachment type condition, select "Office files/Generic OLE2 Compound Document", and choose Quarantine attachment (or Delete attachment) as an action, Office documents will be delivered without any macros.
    Note: you can of course combine additional conditions in the rule to target it to specific groups or types of emails.
    Matej
  17. Upvote
    Nightowl gave kudos to boracln in IObit Constantly Triggering ESET   
    My Schools İT department recommended me to use İObit, nothing wrong has happened yet and hopefully never will. I dont have too many important things on my laptop so even if something does İll reset it and install windows again. Thanks again
  18. Upvote
    Nightowl gave kudos to mpower in JS/Spy.Agent.AH found - but where?   
    Yeah, I told my customer to change FTP/SSH and database passwords already ...
    Thanks!
  19. Upvote
    Nightowl received kudos from boracln in IObit Constantly Triggering ESET   
    Windows 10 can now do all of the jobs these softwares used to do when we were using XP or Vista times , like to find drivers , clean registry or whatever they do , while in the same time Microsoft recommends to never clean registry or touch it , well you can make your crazy changes while having no problems if you know what you are doing , but I believe they know their system very well
    Same as drivers , it's better to take them from the manufacturer website or from Windows Update.
  20. Upvote
    Nightowl gave kudos to boracln in IObit Constantly Triggering ESET   
    Thank you guys 
     
  21. Upvote
    Nightowl received kudos from boracln in IObit Constantly Triggering ESET   
    I might be mistaken , but all these software are useless and they provide headache more than they provide calmness.
  22. Upvote
    Nightowl gave kudos to Jacques-Renaud in ESET NOD32 and UFW rules on Linux Mint 19.3   
    Thank you Nightowl.
  23. Upvote
    Nightowl gave kudos to Marcos in blocking government level spyware   
    We detect spying and other malware regardless of its origin. If I recall correctly, the CEO of ESET stated this publicly in the past.
  24. Upvote
    Nightowl gave kudos to Marcos in Getting address blocked messages too frequently from the same site   
    Moderators of this forum work either directly at the customer care in ESET HQ in Slovakia or ESET LLC in the US or they are experienced persons such as Aryeh who is a distinguished senior researcher from ESET LLC. Then there are users from the ESET staff group who help in this forum; they are typically developers who chime in to help especially with ESMC-related issues.
  25. Upvote
    Nightowl gave kudos to MichalJ in Update Error?   
    Maybe a "Stupid" idea, but is the Windows time set correctly? There is by default a check in ESET application, that compares the date of the issue of the latest detection update, against the system time. If the system time is set in the future, it could trigger this notification, but it´s just a guess. 
×
×
  • Create New...