-
Posts
355 -
Joined
-
Last visited
-
Days Won
10
Everything posted by SeriousHoax
-
Web protection not working properly, self-defense somewhat bypassed. Not a good week for ESET š¤ An ESET official should privately contact Andy Ful on this matter to learn the method he used to disable ESET. He'll only share the details privately to an ESET official if they reach out to him asking the details and possibly take measure so that it doesn't happen again. As Andy Ful suggested, the preventive measure for this should not be a mere signature-based solution.
-
Well, now it's not even working for me in Chromium browsers. In Edge, the first time it blocks and then if I reload the page, it isn't blocked. On my testing Chrome Portable browser in another drive, web protection is not working most of the time even in default settings without DoH. Something is not right. It needs to be looked at fixed soon.
-
When Firefox is set to use maximum or increased protection in DNS over HTTPS settings then ESET does not block blacklisted websites. For example, here's a VT link of a fake crack program website already in ESET's blacklist: https://www.virustotal.com/gui/url/5583ee6d3fa820c9c851f37746d9b5a896da37bc7ce93329d6dcc02e4b7d9daa/detection But with above DNS settings, it is not blocked: When I set Firefox's DNS over HTTPS settings to Off, ESET blocks it. There is no such issue on Chromium browsers: Edit: In case it has some sort of connection, ESET's web protection also doesn't work when used with AdGuard for Windows. Changing any network driver or other related settings has no impact. To be clear, in the explained scenario in my main post I'm not using AdGuard for Windows.
-
Question about a Virus
SeriousHoax replied to Purpleroses's topic in ESET Internet Security & ESET Smart Security Premium
The help link you gave above has the link to the extension in Chrome store: https://chromewebstore.google.com/detail/eset-browser-privacy-secu/oombnmpbbhbakfpfgdflaajkhicgfaam -
Question about a Virus
SeriousHoax replied to Purpleroses's topic in ESET Internet Security & ESET Smart Security Premium
Not even if I manually install it? -
Question about a Virus
SeriousHoax replied to Purpleroses's topic in ESET Internet Security & ESET Smart Security Premium
Did you really see ESET's certificate in Brave? I don't think ESET officially supports Brave and also based on your screenshot ESET is not decrypting Brave's traffic as expected. You have to manually add the Brave's exe to Application scan rules in SSL/TLS settings and set it to Scan. Also, I'm curious to know if "ESET Browser Privacy & Security" extension with Secure Search works in Brave. Do you know @Marcos? -
Remediation of virus threat
SeriousHoax replied to NewToThis's topic in Malware Finding and Cleaning
Do two more scans with Norton Power Eraser and Kaspersky Virus Removal Tool. These two are the best second opinion scanners. -
Thanks for this link, but I see that it only mentions some security software that have keylogger protection. I'm talking about incompatibility with apps like this one: https://www.omicronlab.com/avro-keyboard.html which is used by a lot of people in my region. ESET is not compatible with this app. An ESET staff on this forum told me that ESET will work to make it compatible but that was a while ago. Nothing has changed so far. I think ESET should add apps like this to the incompatible list.
-
FYI, I have tested some other top products on the site and none of them detected anything. ESET's detection is correct for sure as confirmed by Marcos. This once again proves (to me at least) that ESET is the best at detecting malicious scripts on websites. Many times, ESET is the only one/the first one to detect such things.
-
Web Access Protection and Encrypted Client Hello (ECH)
SeriousHoax replied to M-SOC's topic in ESET Endpoint Products
Yeah, all AV products with SSL scanning function bust ECH. -
Web Access Protection and Encrypted Client Hello (ECH)
SeriousHoax replied to M-SOC's topic in ESET Endpoint Products
It doesn't have to be Cloudflare DNS. Any DNS that supports one of the encrypted DNS protocols like DoH, DoT, DoQ works. For example, I use my custom NextDNS. BTW, for Firefox one may have to manually set "network.dns.echconfig.enabled" to True. There are methods to enable in Chromium browsers also. -
Web Access Protection and Encrypted Client Hello (ECH)
SeriousHoax replied to M-SOC's topic in ESET Endpoint Products
The thing is ESET's HTTPS scanning feature breaks Encrypted Client Hello. According to tests, SNI's aren't encrypted with default ESET. This is not just ESET of course, any product with HTTPS traffic scanning breaks it. Only Adguard For Windows can apply ECH( even though it decrypts TLS connection like ESET) if you allow its DNS protection feature (enabled by default) and enable ECH from Advanced settings. It makes Adguard handle the DNS and apply ECH. So maybe this is not possible unless AV products with HTTPS scanning feature like ESET handles DNS encryption by supporting ECH. ECH is still not finalized and currently mainly supported by cloudflare services I think. But looks like eventually it will become a standard. So I'm curious how ESET is going to handle this case. Sites to test if ECH is working or not: https://tls-ech.dev/ https://defo.ie/ech-check.php https://crypto.cloudflare.com/cdn-cgi/trace/ For the last test site, you'll have to check if, sni=plaintext/encrypted. -
I'm 100% certain that this @adulwahabis a fake account aka bot that was created just to post a positive comment on this thread. It has to be either from ESET or Intel. The ChatGPT like writing style, the picture and the fact that it was the first and only post from that account so far is a clear giveaway. If you do an image search, you'll find this image on a random Indian website. It's also not hard (for me at least) to guess this person's religion just by looking at the photo which doesn't match with the name. Really poor and unnecessary marketing attempt. Regarding my Intel TDT experience, "I'm an AMD user".
-
Hi @Marcos! Wondering what this particular malicious script does? Does it redirect to malvertisements or something else?