Nightowl
-
Posts
1,844 -
Joined
-
Days Won
17
Posts posted by Nightowl
-
-
10 hours ago, Tetranitrocubane said:
I'll put it out of my mind in that case, and thank you for the explanation! I'm surprised that ESET would label these files as malicious after nearly 10 years - but I suppose stranger things have happened.
Thank you once again
Most likely due to a vulnerability found in that file.
ESET designates them as unsafe because a malicious actor can exploit them depending how vulnerable they are.
-
It's the BIOS package or the updater which is vulnerable , updating to more recent BIOS version will make ESET go quiet
It's just mad about the BIOS/driver whatever this is , because it's vulnerable , you can exclude the detection so ESET can be quiet about it , or just update the BIOS/drivers(more recommended) which will fix the vulnerability and make ESET go quiet.
But I think ESET is mad about the downloaded files of the BIOS , removing them will get rid of the detection, if the detection was from the BIOS itself , we will see another location in the message.
-
On 4/11/2024 at 4:15 AM, Guillermo Mariel said:
Thanks for the prompt response, something important to add is that it is a Windows Server and domain controller role.
Better to keep it behind a Firewall protected and allow only specific IP addresses to be able to connect to the domain controller , this is more secure approach.
On 4/11/2024 at 3:59 AM, Guillermo Mariel said:the server does not have port 135 open to the Internet, however, when executing the netstat command, it is observed that it is trying to connect to different public IPs (Several classified as malicious or malware according to Virustotal) , and the connection status is SYN_SENT.
I am also almost sure that the port is open
Otherwise the said IP won't be able to reach , or in another scenario there has to be a reverse shell for it to be open a way for bad guys to get in , but I still believe in the first scenario , port is enabled.
-
Is bing toolbar installed from Edge?
Edge tries to force Bing bar on the Desktop
-
1 hour ago, Faizan said:
I don't know exactly why the installer cannot run , an ESET staff can help more than me
But I have a suggestion to upgrade your Windows 10 to more recent Windows 10 version because 20h2 is out of support.
QuoteCurrent status as of May 9, 2023May 9, 2023, all editions of Windows 10, version 20H2 have reached end of servicing. The May 2023 security update, released on May 9, is the last update available for this version. Devices running this version will no longer receive monthly security and preview updates containing protections from the latest security threats. -
I believe slow downloads are related to Blizzard(Battle.net) themselves
It's not only you , as Battle.net is buggy when you open Download Limit , try to go for no limit
If not limited , try to limit it to half of your internet speed or even more or even above your download connection speed. ( sounds stupid I know , but their limit is buggy or used to be buggy ).
And it can be their servers are just feeling tired and there isn't enough speed for everyone , I don't know how are their servers located , but your location can also make an affect.
I know because I experienced this with high speed connections , with ESET and without ESET with different locations.
-
-
2 hours ago, kurco said:
I see, would it be possible to share system logs? without them I'm not able to give any suggestions what could be wrong.
Run the log collector of ESET ?
-
Just now, kurco said:
econnd is responsible only for communication with other eset agents. What kind of desktop environment are you using?
Ubuntu Mate 22.04 , same as other desktops/server which are working normally.
-
4 minutes ago, kurco said:
Hi,
kernel 5.15 is not affected, because it's compiled with default version of ubuntu gcc. But 6.5 is compiled with gcc version, which is not by default present and therefore it needs to be installed, because it is dependency for kernel modules compilation.
Kurco.
I understand , thanks for the explanation , I installed the dependency
I cannot get the GUI to run , I have this error in systemctl
econnd[1774]: ESET Endpoint Antivirus Error: Invalid request: Function not implemented
I restarted eea service
eea[4375]: ESET Endpoint Antivirus error: Can't start GUI for user vm. Please log out and log in to start GUI for vm
I logged in and out
Should I try to reinstall again?
I have other machines that run same endpoint and linux server but didn't have those troubles , it's weird , and I also noticed if I open the Secure boot , the protections cannot open , am I doing something wrong?
-
1 minute ago, kurco said:
Hi,
it looks like you are encountering following issue: https://support.eset.com/en/kb8571-eset-service-fails-to-start-when-installing-eset-server-security-or-eset-endpoint-antivirus-for-linux-on-ubuntu-2204-or-mint-21
Regards,Kurco
Hello ,
I used kernel 5.15 and it worked fine , I don't know if this KB can solve it with 6.5 I didn't try because I already removed 6.5 kernel.
Thank you.
-
1 hour ago, Microbe said:
What happens if you block the Camera Access to Edge from Privacy Settings in Windows 10/11?
-
Hello ,
I couldn't dig much into it , I will do so soon and give logs, but I have a question , ESET Protect shows fatal error on starting the product , its installed but cannot start , but I think it could be because of kernel 6.5 of 22.04? I should downgrade to Kernel 5.15 for it to work normally
Is it true?
-
More info about the IP : https://app.crowdsec.net/cti/80.66.88.215
I think what is ESET blocking is the brute force attempts or scanning , I believe you have ports opened on the internet , 135 is one of them , svchost.exe answers on that port.
-
Hello brother
May I ask you if there is an open RDP/SMB/HTTP port enabled to the WAN ?
As for port 135 it's related to RDP , is it open to the internet?
I ask because in VirusTotal analysis it shows that this IP tries to brute force SMB RDP , DDOS HTTP.
-
7 hours ago, PassingBy said:
Hi Nightowl,
Thanks for the insights. Actually, Vantage was just updated and now the Energy/Battery section offers a lot more of data. The configuration on this Yoga does in such a way that Windows power management doesn't offer the same functions so i need to keep Vantage. I guess my next machine won't be a Lenovo.
You are welcome
There is a topic about it here also :
-
1 hour ago, PassingBy said:
As per headline.
I ran a scan, which is still ongoing and instantly these two files popped up.
C:\Drivers\OneKey Optimizer\setup.exe » INSTALLSHIELD » OneKey Optimizer.msi » MSI » ISSetupFile.SetupFile42 » INNO » {app}\bin\reaper_u.dll - a variant of Win32/Lenovo.G potentially unsafe application - action selection postponed until scan completion
C:\Drivers\OneKey Optimizer\setup.exe » INSTALLSHIELD » OneKey Optimizer.msi » MSI » ISSetupFile.SetupFile42 » INNO » {app}\bin\reaper.dll - a variant of Win32/Lenovo.G potentially unsafe application - action selection postponed until scan completion
Sole difference between the two seems the name "dll" and "u.dll"I think they're part of Lenovo Vantage, which i only use for power management but has lots of exe tasks ongoing on my machine, including some i never liked too much but keep going.
Any advice?
Thanks
E.
Try to update the Lenovo tools to a more recent version if that doesn't fix the ESET detections then you can ignore it or proceed to remove the Lenovo tools
Unsafe detection with Lenovo probably means what has been detected is vulnerable therefore ESET doesn't like it because it can be exploited to infect the machine.
I've googled about the OneKey Optimzer , It's related to the battery management in the Laptop, if there is no recent version with the vulnerability that ESET is mad about fixed , then I would ditch that and use Windows internal power management.
-
On 4/2/2024 at 5:50 PM, itman said:
Eset firewall use has no bearing on if a port is open or closed. The router controls this.
True and shouldn't be open as your home network doesn't serve DNS to people outside.
-
7 hours ago, Laplacian said:
I now scanned the external IP from LTE/4G device and it didn't show no ports or even any host up. Then I also scanned my LAN again using NMAP and the device inside my network seems to have the port 53 open indeed, but it is TCPwrapped. I do not know why does show that one port. But I trust ESET so its all good thanks for the help
You are welcome
About port 53 , try to check that device and see the firewall rules for port 53 TCP , it shouldn't be open for DNS unless that device serves something or it's open by mistake.
-
1 minute ago, Laplacian said:
I scanned the machine inside my LAN with another LAN device. As for the public IP, I will try to scan outside my LAN. I will post when I have done that thanks.
Yes while connected from LAN , see your IP from whatismyip websites , then disconnect from your WIFI home , and then scan the WAN IP that you got from the website , it should how you the results from Outside > to your side
I think inside the LAN , since it's trusted , ports can communicate with eachother unless it's instructed by the personal firewall on the devices (like ESET or windows firewall) to disable certain ports from communicating.
-
Just now, Laplacian said:
I scanned with phone where I have paid app called Net Analyzer
I don't know this application , but try to use LTE/4G connection when attempting to scan your IP , that will show your firewall that you are outsider scanning , scanning from the LAN to WAN IP , will show wrong results if I am not mistaken.
-
20 minutes ago, Laplacian said:
Hi,
So I scanned all my machines on my network, and it showed that my computer has the port 53 DNS domain port open? Is this normal, as I think that I haven't seen that being open before if I remember correctly. And even if it is open, shouldn't ESET prevent showing that it is open?
May I ask how did you scan? did you use Nmap for example or ESET built in scanner?
-
Also to save yourself the QA (Testing) which isn't your task to do so
Maybe easier just to switch to ESET VPN or ProtonVPN(offers free servers/countries also) and for blocking ads , just use uBlock Origin for your browser
Saves you the hassle and headache to fix those bugs.
-
26 minutes ago, Ahmeduchiha said:
I believe now ESET should be able to detect stuff , you can test it with an EICAR test file from EICAR official website
I've read now that in a recent FortiOS firewall version 7.2+ , it's able to scan the QUIC protocol but it was never able and the solution was to block QUIC through App Control , same applies to Palo Alto firewall , but I don't know if they added the function to scan QUIC protocol or not.
So could be security software solutions like ESET and other companies will follow the path soon.
Heavy bug in Version 17.1.9.0 Internet security
in ESET Internet Security & ESET Smart Security Premium
Posted
HTTP/3, based on QUIC, is the third major version of the Hypertext Transfer Protocol (HTTP) and was adopted as an IETF standard in 2022. QUIC+HTTP/3 were created to solve inherent limitations with TCP that constrain performance and user experience. - From NGINX website