Jump to content

tzuzut

Members
  • Posts

    28
  • Joined

  • Last visited

About tzuzut

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Canada

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I can see that the root cert in the browser is ESET, so I assume its working. I thought I recalled years earlier that when enabling this feature, one could view the log and watch the list of https connections and files being scanned... or is this only active during a detection? I am seeing "allowed" status white listed domains showing up under 'filtered websites', and thats about it when it comes to internet activity.
  2. I was already on the pre-release update channel. I just manually updated and it pulled a couple, but the problem persists.
  3. That is a work around I can confirm works, but what of those who wish to use global keys?
  4. Update: It will also play if a video is loaded and not just paused, but also if it is stopped, or if no video is loaded currently, but was previously played.... so as to automatically open and play last opened video, when clicking on the eset gui from the taskbar, or from the start menu.
  5. If a video is opened in MPC-BE x64, and it is paused, opening Eset GUI will un-pause the video.
  6. I get the following error in eventviewer, with both the Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList notepad.exe and wmic process call create "notepad.exe" commands. They only open notepad one time on an a clean boot, then the error persists each consecutive execution from then on. Initially when it works, it appears to load the legacy notepad, with an option to open the 'updated' version. 0x80070005: Cannot create the process for package Microsoft.WindowsNotepad_11.2306.15.0_x64__8wekyb3d8bbwe because an error was encountered while adjusting the token. [GetPackageToken]
  7. So, oddly, I am getting inconsistent results with windows. I've disabled exploit protections for wmic, and restarted the service, and though it claims notepad launch was successful, it does not appear, not even temporarily, according to task manager. At times it does; perhaps on a fresh boot of windows. I had strange issues like this before... and other issues, where exploit protection child process blocking for wmic would work on one windows system and only partially on another. On one system it worked for wmic.exe only, but not the powershell command. In the other system, it blocked both. I tried disabling the following attack surface reduction rule as well, but the same issue (if it is one) persists. I'm not sure if attack surface reduction rules actually work when using a third party av. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide
  8. I'll have to disable AGC and then test your suggestions, this requires a restart so I'll post my results as I find the time.
×
×
  • Create New...