Jump to content

DaveB-Opt

Members
  • Content Count

    21
  • Joined

  • Last visited

Profile Information

  • Location
    U.K.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Actually I spoke too soon. The only affected machine is an internal server which always resides behind our firewall
  2. We have a threat notification for the following. However we have blocked all connections coming from 185.202.0.0/16 at the firewall level, and I'm unable to see any incoming traffic from that IP address in the last week (from the firewall logs also). I'm not sure what triggers this alert in ESET but I'm also unsure as to how the firewall didn't pick up the connection attempt? Can anyone shed some light on this detection. Process name System Rule name Rule ID Source address
  3. We're getting lots of blocked notifications which are showing as unresolved. 1. Is this normal behaviour? 2. Lots of them are going to one domain name. What can we do to mitigate? See messages below More details Hash A57DF2FDEBBCE21F5E1913B73797DF0B50BFA03E Uniform Resource Identifier (URI) https://hardyload.com Process name C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Event An attempt to connect to URL
  4. Thanks! - appreciate your advice. This may not be one of our company devices so I may not be able to use it.
  5. Unfortunately this machine is often connected to a shared Wi-Fi connection outside of our network.
  6. What's the best practise for these notifications? They don't say 'blocked' or 'resolved' so I'm unsure what they're telling me. Thanks
  7. Will do - might not be until next week though
  8. Thanks Marcos. What's the easiest way to find out what's causing the performance issues? Most computers are ok but a handful are really sluggish unless the real-time scanner is disabled. All are using the same policy. All are of a similar spec
  9. Are there any security implications from excluding ESET from scanning itself? The real-time scanner appears to be taking a toll on performance recently. We have the latest AV endpoint installed and we're using the balanced policy 'out of the box'
  10. Ok so what do we do in this instance? The choices are effectively: 1. Allow the URL and hope for the best 2. Tell our client they are malicious and lose business Thanks
  11. Ok so that zonestor URL redirects to a.net-dag34.stream - which appears to be the malicious url It redirects to a.net-dag34.stream /iwxb/rimnc/index-en-c-xs.html?td=www.watervilleireland.com&browser=Chrome&country=United%20Kingdom&city=Islington&os=Windows&pr=$999&yp=$1&cep=aZSUB41JfS1fP6UO41IiKF9rubuwVLziFs1m2U8_gN0JnFBE2VtEOExzRbMVub1gZo_xS6A18PxQifQHCZdZTJ6qB18tVidF9aIdIdiSOdCPhRE4kDFZ1njq5aGgkwWzExqb5bFnnILAedgwek7vG8iPQtmzzY_RYdiY2tBkH8o_JqBHah2OtLoC2LV4inGhlWMfa1UHmmezP1ZxkknPVYSmLcIxfGkqCqBGL1cgMGI&4=&3=&5=&6=&7=&8=470001
  12. https zonestor dot com fec9c24dca291d2000/adv12628/test/link
×
×
  • Create New...