tzuzut
Members-
Posts
28 -
Joined
-
Last visited
About tzuzut
-
Rank
Newbie
Profile Information
-
Location
Canada
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
I can see that the root cert in the browser is ESET, so I assume its working. I thought I recalled years earlier that when enabling this feature, one could view the log and watch the list of https connections and files being scanned... or is this only active during a detection? I am seeing "allowed" status white listed domains showing up under 'filtered websites', and thats about it when it comes to internet activity.
-
tzuzut reacted to a post in a topic: Let's talk about privacy in ESET Browser Privacy & Security
-
tzuzut reacted to a post in a topic: Bug: MPC-BE x64 video player un-pauses when opening Eset GUI
-
I get the following error in eventviewer, with both the Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList notepad.exe and wmic process call create "notepad.exe" commands. They only open notepad one time on an a clean boot, then the error persists each consecutive execution from then on. Initially when it works, it appears to load the legacy notepad, with an option to open the 'updated' version. 0x80070005: Cannot create the process for package Microsoft.WindowsNotepad_11.2306.15.0_x64__8wekyb3d8bbwe because an error was encountered while adjusting the token. [GetPackageToken]
-
So, oddly, I am getting inconsistent results with windows. I've disabled exploit protections for wmic, and restarted the service, and though it claims notepad launch was successful, it does not appear, not even temporarily, according to task manager. At times it does; perhaps on a fresh boot of windows. I had strange issues like this before... and other issues, where exploit protection child process blocking for wmic would work on one windows system and only partially on another. On one system it worked for wmic.exe only, but not the powershell command. In the other system, it blocked both. I tried disabling the following attack surface reduction rule as well, but the same issue (if it is one) persists. I'm not sure if attack surface reduction rules actually work when using a third party av. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide
-
tzuzut reacted to a post in a topic: HIPS to ASK when WMI loads child processes not working