
Nightowl
-
Content Count
1,201 -
Joined
-
Last visited
-
Days Won
12
Kudos
-
Nightowl gave kudos to itman in CamScanner detected as trojan downloader (ESET Mobile)
Kaspersky just published an analysis on CamScanner:
https://securelist.com/dropper-in-google-play/92496/
-
Nightowl gave kudos to Marcos in ransomware attack
Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
- the detection for the ransomware was added at least 2 months before the incident
- password protection of ESET's settings was not enabled
- detection of potentially unsafe applications was disabled
We also found out that:
1, A brute-force RDP attack was performed:
- Administrator had 22 377 failed login attempts
- ADMINISTRATOR had 5 438 failed login attempts
- ADMINISTRADOR had 1 102 failed login attempts
- ADMIN had 710 failed login attempts
2, There was a suspicious RDP connection from a foreign country
3, A local user GhostUser has been created recently
4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
5, Event logs have been recently cleared.
This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
-
Nightowl gave kudos to notimportant in ransomware attack
This is not an excuse. I see this all the time in the customers logs when brute force attacks are performed against RDP.
-
Nightowl gave kudos to Marcos in a variant of EFI.CompuTrace.A
For more information, please refer to:
https://support.eset.com/kb6567/
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
-
-
Nightowl gave kudos to Farah in ESMC Replication
I believe that it's possible through a windows failover cluster, you are counting on windows though in such cases and not on an Eset feature
https://help.eset.com/esmc_install/70/en-US/installation_cluster_windows.html
-
Nightowl gave kudos to itman in Am I having too many Edge connections?
I never attempted to block Cortana using Eset HIPS. I use O&O ShutUp 10 to "harness" its activities.
-
-
Nightowl gave kudos to peteyt in Another AV to complement ESET
Cheers for the clarification. Never use it so wasn't sure.
-
Nightowl received kudos from peteyt in Another AV to complement ESET
You still get to set a scheduled scan or use it as on demand scanner but not as real time , indeed it does get disabled when ESET is installed in order to avoid conflicts.
-
Nightowl gave kudos to last_ship in Android App Lock is Delayed
Thanks @Rami . Good to know I'm not the only one at least I guess.
-
Nightowl gave kudos to itman in Win64.Vools.L Can not be cleaned
Appears to me, the clients got nailed by a true 0-day malware. Also, it appears Eset created a new signature for this bugger, Win64/Vools.P.
It is encouraging that Eset was still able to detect it via AMS using a prior variant DNA signature.
BTW - what was the source of the svchost.exe injection?
-
Nightowl gave kudos to kamiran.asia in Win64.Vools.L Can not be cleaned
Yes a 0-Day malware !
A Service with a Dll injector "FunctionRPCHelper.dll" that inject svchost.exe
😎
-
Nightowl received kudos from TomasP in last update GUi delay open
ESET is known for being light since the first version it was released when other AVs was plaguing and killing the machines like Norton in the XP days.
I believe ESET is still doing the same thing , staying light till this day. that might be the decision of saving the "15-26MB" of RAM.
-
Nightowl received kudos from Peter Randziak in last update GUi delay open
ESET is known for being light since the first version it was released when other AVs was plaguing and killing the machines like Norton in the XP days.
I believe ESET is still doing the same thing , staying light till this day. that might be the decision of saving the "15-26MB" of RAM.
-
Nightowl received kudos from Aryeh Goretsky in last update GUi delay open
ESET is known for being light since the first version it was released when other AVs was plaguing and killing the machines like Norton in the XP days.
I believe ESET is still doing the same thing , staying light till this day. that might be the decision of saving the "15-26MB" of RAM.
-
Nightowl received kudos from Aryeh Goretsky in ESET disables GlassWire Firewall
ESET Internet Security does have a firewall included so that's why GlassWire firewall is disabled , so they won't conflict with eachother , you need to remove GlassWire firewall , If you would like to keep using it , then you will need to switch Internet Security for Antivirus.
-
Nightowl gave kudos to Marcos in Got a question about virus signatures
That's perfectly ok. What would not be ok if the engine constantly doesn't get updates after more than an hour.
-
Nightowl received kudos from Moriseif in I can't see "Refer your friend" button!
I have reinstalled Windows due to the bug of the CMD that I've posted about earlier (It's not related to ESET) , but I can confirm that Refer to your friend is not available for me also , I did download ESET from International Website , activated it again with my license , and Refer button is missing.
ESET Internet Security 12.0.27.0
-
Nightowl gave kudos to Leonardo in Future changes to ESET Internet Security and ESET Smart Security Premium
Hello @Rami
You are right ! That is a very friendly program?
-
Nightowl received kudos from Aryeh Goretsky in Future changes to ESET Internet Security and ESET Smart Security Premium
It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.
-
Nightowl received kudos from Leonardo in Future changes to ESET Internet Security and ESET Smart Security Premium
It's not that big deal in my opinion @nonamelab, It's a way to bring more people to use ESET and in the same time giving the person who invited the other person who doesn't use ESET , a month of usage or more I don't remember exactly.