Jump to content

Nightowl

Most Valued Members
  • Content Count

    1,201
  • Joined

  • Last visited

  • Days Won

    12

Kudos

  1. Upvote
    Nightowl gave kudos to itman in CamScanner detected as trojan downloader (ESET Mobile)   
    Kaspersky just published an analysis on CamScanner:
    https://securelist.com/dropper-in-google-play/92496/
  2. Upvote
    Nightowl gave kudos to Marcos in ransomware attack   
    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
    - the detection for the ransomware was added at least 2 months before the incident
    - password protection of ESET's settings was not enabled
    - detection of potentially unsafe applications was disabled

    We also found out that:
    1, A brute-force RDP attack was performed:
    - Administrator had 22 377 failed login attempts
    - ADMINISTRATOR had 5 438 failed login attempts
    - ADMINISTRADOR had 1 102 failed login attempts
    - ADMIN had 710 failed login attempts
    2, There was a suspicious RDP connection from a foreign country
    3, A local user GhostUser has been created recently
    4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
    5, Event logs have been recently cleared.

    This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
  3. Upvote
    Nightowl gave kudos to notimportant in ransomware attack   
    This is not an excuse. I see this all the time in the customers logs when brute force attacks are performed against RDP.
  4. Upvote
    Nightowl gave kudos to Marcos in a variant of EFI.CompuTrace.A   
    For more information, please refer to:
    https://support.eset.com/kb6567/
    https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
    https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
  5. Upvote
    Nightowl gave kudos to Marcos in EvilGnome Detection?   
    Detected by many AVs:

  6. Upvote
    Nightowl gave kudos to Farah in ESMC Replication   
    I believe that it's possible through a windows failover cluster, you are counting on windows though in such cases and not on an Eset feature
    https://help.eset.com/esmc_install/70/en-US/installation_cluster_windows.html

     
  7. Upvote
    Nightowl gave kudos to itman in Am I having too many Edge connections?   
    I never attempted to block Cortana using Eset HIPS. I use O&O ShutUp 10 to "harness" its activities.
  8. Upvote
    Nightowl gave kudos to PERRYGOGAS in Removal of JS/ScrInject.b ???   
    Great! thank you!
  9. Upvote
    Nightowl gave kudos to peteyt in Another AV to complement ESET   
    Cheers for the clarification. Never use it so wasn't sure. 
  10. Upvote
    Nightowl received kudos from peteyt in Another AV to complement ESET   
    You still get to set a scheduled scan or use it as on demand scanner but not as real time , indeed it does get disabled when ESET is installed in order to avoid conflicts.
  11. Upvote
    Nightowl gave kudos to last_ship in Android App Lock is Delayed   
    Thanks @Rami . Good to know I'm not the only one at least I guess. 
  12. Upvote
    Nightowl gave kudos to itman in Win64.Vools.L Can not be cleaned   
    Appears to me, the clients got nailed by a true 0-day malware. Also, it appears Eset created a new signature for this bugger, Win64/Vools.P.
    It is encouraging that Eset was still able to detect it via AMS using a prior variant DNA signature.
    BTW - what was the source of the svchost.exe injection?
  13. Upvote
    Nightowl gave kudos to kamiran.asia in Win64.Vools.L Can not be cleaned   
    Yes a 0-Day malware !
    A Service with a Dll injector "FunctionRPCHelper.dll" that inject svchost.exe
    😎
  14. Upvote
    Nightowl received kudos from TomasP in last update GUi delay open   
    ESET is known for being light since the first version it was released when other AVs was plaguing and killing the machines like Norton in the XP days.
    I believe ESET is still doing the same thing , staying light till this day. that might be the decision of saving the "15-26MB" of RAM.
  15. Upvote
    Nightowl received kudos from Peter Randziak in last update GUi delay open   
    ESET is known for being light since the first version it was released when other AVs was plaguing and killing the machines like Norton in the XP days.
    I believe ESET is still doing the same thing , staying light till this day. that might be the decision of saving the "15-26MB" of RAM.
  16. Upvote
    Nightowl received kudos from Aryeh Goretsky in last update GUi delay open   
    ESET is known for being light since the first version it was released when other AVs was plaguing and killing the machines like Norton in the XP days.
    I believe ESET is still doing the same thing , staying light till this day. that might be the decision of saving the "15-26MB" of RAM.
  17. Upvote
    Nightowl received kudos from Aryeh Goretsky in ESET disables GlassWire Firewall   
    ESET Internet Security does have a firewall included so that's why GlassWire firewall is disabled , so they won't conflict with eachother , you need to remove GlassWire firewall , If you would like to keep using it , then you will need to switch Internet Security for Antivirus.
  18. Upvote
    Nightowl gave kudos to Marcos in Got a question about virus signatures   
    That's perfectly ok. What would not be ok if the engine constantly doesn't get updates after more than an hour.
  19. Upvote
    Nightowl received kudos from Moriseif in I can't see "Refer your friend" button!   
    I have reinstalled Windows due to the bug of the CMD that I've posted about earlier (It's not related to ESET) , but I can confirm that Refer to your friend is not available for me also , I did download ESET from International Website , activated it again with my license , and Refer button is missing.
    ESET Internet Security 12.0.27.0
  20. Upvote
    Nightowl gave kudos to Leonardo in Future changes to ESET Internet Security and ESET Smart Security Premium   
    Hello @Rami 
    You are right ! That is a very friendly program?
  21. Upvote
    Nightowl received kudos from Aryeh Goretsky in Future changes to ESET Internet Security and ESET Smart Security Premium   
    It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.
  22. Upvote
    Nightowl received kudos from Leonardo in Future changes to ESET Internet Security and ESET Smart Security Premium   
    It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.
×
×
  • Create New...