Nightowl
Most Valued Members-
Posts
1,844 -
Joined
-
Days Won
17
Everything posted by Nightowl
-
It's the BIOS package or the updater which is vulnerable , updating to more recent BIOS version will make ESET go quiet It's just mad about the BIOS/driver whatever this is , because it's vulnerable , you can exclude the detection so ESET can be quiet about it , or just update the BIOS/drivers(more recommended) which will fix the vulnerability and make ESET go quiet. But I think ESET is mad about the downloaded files of the BIOS , removing them will get rid of the detection, if the detection was from the BIOS itself , we will see another location in the message.
-
Suspected botnet detected in Endpoint
Nightowl replied to Guillermo Mariel's topic in Malware Finding and Cleaning
Better to keep it behind a Firewall protected and allow only specific IP addresses to be able to connect to the domain controller , this is more secure approach. I am also almost sure that the port is open Otherwise the said IP won't be able to reach , or in another scenario there has to be a reverse shell for it to be open a way for bad guys to get in , but I still believe in the first scenario , port is enabled. -
Is bing toolbar installed from Edge? Edge tries to force Bing bar on the Desktop
-
I don't know exactly why the installer cannot run , an ESET staff can help more than me But I have a suggestion to upgrade your Windows 10 to more recent Windows 10 version because 20h2 is out of support.
-
I believe slow downloads are related to Blizzard(Battle.net) themselves It's not only you , as Battle.net is buggy when you open Download Limit , try to go for no limit If not limited , try to limit it to half of your internet speed or even more or even above your download connection speed. ( sounds stupid I know , but their limit is buggy or used to be buggy ). And it can be their servers are just feeling tired and there isn't enough speed for everyone , I don't know how are their servers located , but your location can also make an affect. I know because I experienced this with high speed connections , with ESET and without ESET with different locations.
-
I understand , thanks for the explanation , I installed the dependency I cannot get the GUI to run , I have this error in systemctl econnd[1774]: ESET Endpoint Antivirus Error: Invalid request: Function not implemented I restarted eea service eea[4375]: ESET Endpoint Antivirus error: Can't start GUI for user vm. Please log out and log in to start GUI for vm I logged in and out Should I try to reinstall again? I have other machines that run same endpoint and linux server but didn't have those troubles , it's weird , and I also noticed if I open the Secure boot , the protections cannot open , am I doing something wrong?
-
Hello , I couldn't dig much into it , I will do so soon and give logs, but I have a question , ESET Protect shows fatal error on starting the product , its installed but cannot start , but I think it could be because of kernel 6.5 of 22.04? I should downgrade to Kernel 5.15 for it to work normally Is it true?
-
Suspected botnet detected in Endpoint
Nightowl replied to Guillermo Mariel's topic in Malware Finding and Cleaning
More info about the IP : https://app.crowdsec.net/cti/80.66.88.215 I think what is ESET blocking is the brute force attempts or scanning , I believe you have ports opened on the internet , 135 is one of them , svchost.exe answers on that port. -
Suspected botnet detected in Endpoint
Nightowl replied to Guillermo Mariel's topic in Malware Finding and Cleaning
Hello brother May I ask you if there is an open RDP/SMB/HTTP port enabled to the WAN ? As for port 135 it's related to RDP , is it open to the internet? I ask because in VirusTotal analysis it shows that this IP tries to brute force SMB RDP , DDOS HTTP. https://www.virustotal.com/gui/url/d8612bf4479489b5c1b23a2194531469ac8673a0cb359dc0be69d3464a8c48e5/detection -
Try to update the Lenovo tools to a more recent version if that doesn't fix the ESET detections then you can ignore it or proceed to remove the Lenovo tools Unsafe detection with Lenovo probably means what has been detected is vulnerable therefore ESET doesn't like it because it can be exploited to infect the machine. I've googled about the OneKey Optimzer , It's related to the battery management in the Laptop, if there is no recent version with the vulnerability that ESET is mad about fixed , then I would ditch that and use Windows internal power management.
-
True and shouldn't be open as your home network doesn't serve DNS to people outside.
-
You are welcome About port 53 , try to check that device and see the firewall rules for port 53 TCP , it shouldn't be open for DNS unless that device serves something or it's open by mistake.
-
Yes while connected from LAN , see your IP from whatismyip websites , then disconnect from your WIFI home , and then scan the WAN IP that you got from the website , it should how you the results from Outside > to your side I think inside the LAN , since it's trusted , ports can communicate with eachother unless it's instructed by the personal firewall on the devices (like ESET or windows firewall) to disable certain ports from communicating.
-
I don't know this application , but try to use LTE/4G connection when attempting to scan your IP , that will show your firewall that you are outsider scanning , scanning from the LAN to WAN IP , will show wrong results if I am not mistaken.
-
May I ask how did you scan? did you use Nmap for example or ESET built in scanner?
-
I believe now ESET should be able to detect stuff , you can test it with an EICAR test file from EICAR official website I've read now that in a recent FortiOS firewall version 7.2+ , it's able to scan the QUIC protocol but it was never able and the solution was to block QUIC through App Control , same applies to Palo Alto firewall , but I don't know if they added the function to scan QUIC protocol or not. So could be security software solutions like ESET and other companies will follow the path soon.