Jump to content


Most Valued Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by SweX

  1. I note that most issues mentioned seem to be connected to the firewall of ESS. Well, why not go with NOD32 + Win OS Firewall or some other 3'rd party firewall - if the firewall in ESS causes too much problems for certain users. I use the Firewall in Policy-based mode myself cause I want control, but I have not noticed any issues when I have used Automatic mode either. We also now have the Firewall "Troubleshooter" (I forgot its real name) in V9 that has been implemented to help with the firewall issues one may get. Other times an hour in Learning mode may solve issues automatically.
  2. @V3.Firewall You do as you like. I have nothing more to add. ESS and its firewall will protect the computer it is installed nicely. If you want to protect your whole network to which you connect your computer that you have ESS installed on + other computers and/or mobile devices. Then you might better try to do that in your hardware e.g router, hardware firewall...etc etc that all internet traffic runs through. Perhaps you should invest in a UTM solution or similar, even if they are not much of a firewall specifically. But that is OT for this thread. I think you should just settle down and use ESS and try to stop worry so much about what could happen or not. And instead think about if it is realistic or not. Again, I doubt a hacker will try to hack you because you are not of any interest for them. They hack into stuff where they can get their hands on valuable databases, documents, files, confidential and secret stuff basically. And I don't think you sit on any information of that sort.
  3. Keep posting in your thread here instead of starting another one. https://forum.eset.com/topic/7859-virus-signature-database-failure/ I am not sure I understand everything you post in the thread. But I assume that if you Disable automatic updating of the VSD so it won't check for updates every 60min, then you won't receive the error messages when the update attempt fails due to no and/or bad internet connectivity cause the product can't connect to ESET's servers. And instead click the update button manually when you want/have the ability to update. You don't get around the updates, they are part of every AV product on the market. You should also understand what you say -> "but it is better on protection" -> are connected to keeping the product up-to-date. The product displays the error messages to let the ESET user know that the product is not working/updating properly as it should, and maximum protection can't be assured, it is expected and normal behaviour of malfunctioning security products.
  4. Do you have detection of potentially Unwanted, Unsafe and Suspicious apps enabled ? I ask since most users usually "complain" that ESET almost is too strict when it comes to these detections and not the other way around. On the link below - do you pass all of the tests that AMTSO provides in order to make sure that ESET and other security products are set up correctly & works properly ? Try the 6 links for Desktop Solutions in this post: https://forum.eset.com/topic/7179-amtso-security-features-check/?p=38904
  5. I assume you know that Outpost is no longer a supported product since Agnitum was purchased by Sophos? Of course I know: Agnitum will provide antivirus base updates, bug fixing and technical support until December 31, 2016. Outpost Firewall Pro 9.3 will never die the same with Windows XP It will still be used even if you do not receive updates But since you now run Win 7.... "I buy new pc 2016/ddr3 4gb windows 7 ultimate 32 biti" ....there's no need to bother with XP and softwares that will soon be discontinued.
  6. +1 When I saw the thread title I thought I was going to recommend 7-Zip
  7. There is no specific setting for ransomware malware detection on/off. Your previous thread on the same topic/question is here: https://forum.eset.com/topic/7355-nod32-ransomware-protection/
  8. ...@OP, And also open the PDF they refer to for some more information on the technology used in the products.
  9. I assume you know that Outpost is no longer a supported product since Agnitum was purchased by Sophos? It was Yandex that acquired Agnitum - the maker of the Outpost products. Sophos acquired SurfRight - the maker of the HitmanPro and HitmanPro.Alert products. But I am sure you just mixed them up
  10. Appears Eset dials out every 1/2 hour, which I believe are the LiveGrid blacklist updates. And the connection is to their servers. So I an sticking with the botnet checking as the reason for the port 443 dial outs by ekrn.exe within the 1/2 hour intervals. Yes, I assume you are right, it doesn't sound wrong in any way at least. And since ESET doesn't seem interested in making a comment about this - we can only go by what we believe is happening here.
  11. "I play dota 1 and someone attacks my internet and eset firewall detect 0 block 0 my internet shut down" Is that a fact (it happened) or only an example of what you are afraid of could happen ? If yes, how do you know that it was an attack from "someone" against you ? IMO. You don't need to worry much about these types of attacks against your network, they are usually directed against websites, services, isp's and organization, not individual users. If large corporations can't protect their networks with enterprise-grade hardware (that cost loads of $$$) to stop or re-direct the traffic in a good way to keep their services going, how do you think a simple consumer router with "protection against X, Y and Z" will be able to handle that amount of traffic if a serious attack would be directed at you ? As an individual you are much more likely to encounter malware and/or privacy issues - than getting hit with a network attack. Your ISP can get attacked so it can indirectly affect you and your internet connectivity for a short or long time, depending on how big the attack is and how well the ISP can stop or re-direct the traffic, but it is not aimed at you personally. My ISP was target for a huge ddos attack last year, they were quite good at re-directing the traffic - but it still affected internet connectivity for some customers plus the IP-TV service for those that had that too, but there's nothing you as a customer can do about that. My router has these settings, and it can surely help against this or that, but I am not going to get seriously attacked since I am not a target - if I were to be attacked for some reason, I would most likely not stand a chance anyway. If I were you, then I would stop reading & comparing fancy words in product descriptions to stop scaring up myself for no good reason. But you are of course free to buy whatever you want if it makes you feel any better. Just don't buy what they used to "protect" the Central Bank of Bangladesh. It failed big time. We have had this firewall/attack discussion before and the situation has not changed since the last time: https://forum.eset.com/topic/6009-eset-smart-security-8windows-xp-sp3 (Well, the above thread turned into a discussion about some "King", though it seems like the old King (XP) has been replaced with a new King (Win 7) according to post 1 in this thread.) P.S Outpost is no more, and their customers have been offered licenses for another product.
  12. Also, I may be a nice pale person but I really wish there was a bit more colors in the GUI here and there. It is so white/grey/pale in its current state. Well, except the "home" screen where the ESET robot is where we have a bit blue and green. But I want nothing extreme and/or sharp color contrasts, that would be even more annoying/worse compared to its current look.
  13. That might partially explain what is going on here. I did do a lookup to hxxp://threatcenter.crdf.fr/?Stats yesterday. Had no idea that that they had a rep problem. So will stay away from there from now on. Marcos, take note. So the question is does Eset use the clould for rep scanning and the like while browsing? And why would ekrn.exe be connecting to an IP address using port 443 to do so? This link is a http link, not https. This does look like something to do with Eset's web filtering but would like an explanation. The Cloud (LiveGrid) is being used by the Web protection yes. But I fail to understand how a 3'rd party get's involved in real-time, if that is what's happening here. But we are only speculating, and I don't like speculating as there is a chance we draw the wrong conclusion here, and that would be no good. Better if ESET steps into the thread and clarify what's going on. I except that Marcos reads what we write here. I mean, I understand that threat data from 3'rd parties like CRDF get's shared with ESET and maybe pushed to ESET servers -> which the client/software side connects to, but I have never heard of any vendor that let's their client/software connect to 3'rd party servers in real-time as part of the cloud service that the vendor has in-built in the product. I expect the software to have connections with the vendor only, and nothing else. Like this..... 3'rd party threat data -> ESET -> ESET servers <- Software/client communicates with. (Roughly explained.) Well, who knows, lol. I don't like speculating and sound like I blame someone or something for doing wrong here. I rather see that ESET clears any misunderstanding up that we may have initiated by our speculations in this thread. ESET may not be able to reveal much about these ekrn.exe dial-outs if that would help the dark side, but at least assure that it is normal and nothing to worry about. If not at all in public, then we have a PM system that is made for sharing secrets
  14. "I have seen ekrn.exe connections to France; IPs and" = hxxp://zulu.zscaler.com/submission/show/0a488f4ae32fed497ee780a13e632fdd-1457747333 = hxxp://zulu.zscaler.com/submission/show/f13900d05ca24d742ef31fa4308575f3-1457745695 Do they both belong to crdf.fr ? As in this crdf -> hxxp://threatcenter.crdf.fr/?Stats ESET is not on their partner list: hxxp://threatcenter.crdf.fr/?Partners
  15. ...... -> hxxp://www.senderbase.org/lookup/?search_string=> -> https://www.spamhaus.org/query/ip/ https://www.spamhaus.org/sbl/query/SBL156393 https://www.spamhaus.org/sbl/query/SBL171415 https://www.spamhaus.org/pbl/query/PBL188929 "chinanet-gz is providing services to spammers and botnet operators since years and ignoring all abuse complaints sent by Spamhaus and 3rd parties" (Guess that could be one reason why MBAM blocks that IP) hxxp://www.senderbase.org/lookup/?search_string=> -> hxxp://www.abuseat.org/lookup.cgi?ip= "IP Address is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-03-07 02:00 GMT (+/- 30 minutes), approximately 4 days, 23 hours, 30 minutes ago." @spc3rd, Sorry to hear about your health issues, I hope you get better and feel better soon again.Take care.
  16. I agree, but then I don't expect an employee to say anything else as that would look kinda weird And indeed, more people SHOULD take advantage of the trial period that ESET and as good as every other vendor provides, and not buy straight away, to only a few days later go through a refund process cause they didn't like it. I often say -> "Always try before you buy". The trials are available for a reason.
  17. "I thought about asking on the ESET forum if ESET really is that good" OK, joke a side. I am sure you could find deals at a few places online if you look around e.g Amazon, Newegg is great for people in the U.S, but I see you use the Euro € sign, so I assume you're located somewhere in Europe. As mentioned above, the renewal will be a bit lower, but I am sure you can find the software at some place for quite a bit lower than 50€ / 1 PC if you're after a good deal. Though I don't know where to look so I can't give any shopping suggestions. Is this 50€ / 1 user from your local distributor/reseller or ?
  18. ESET - a variant of Win32/RiskWare.DYAMAR.A https://www.virustotal.com/en/file/3668bc29170a486d574954f7284c8b01bcf025b88960615d6fa4e6beed822746/analysis/1457679452/
  19. TS said that ekrn.exe was using 116mb on the system, not 600mb. It's a huge difference. Yes, we know there is a leak that affects some users, but judging by the amount ekrn.exe use on that system, TS does not seem to be affected. If ekrn.exe does use much more than that on the system, then it would be in everyone's interest if TS told us more about that instead. @Wrogg Yes, rebooting will release the memory. If you have a fast upload connection and are willing to help out, then create a complete memory dump -> hxxp://support.eset.com/kb380/ that ESET can download and analyze, and hopefully it will shed some light on why some users are having this problem. We already have 2 open threads about a possible ram leak: https://forum.eset.com/topic/7487-seems-like-a-memory-leak/ https://forum.eset.com/topic/6317-eset-smart-security-9-memory-leak/ Please continue in one of them cause we really don't need a 3'rd thread on the same topic, thanks.
  20. You can't update via ESET, the software only show available updates by using information provided by the OS itself, but it's up to you to decide whether you want to download the updates in question or not. edit: too slow I see.
  21. Did you also perform a manual update after switching to pre-release updates by clicking "Update now" so that the product actually is updated to pre-release modules ?.....
  22. Why should they be accessible for non-forum users too ?
  23. It is not a problem at all, so there is no need to report anything. The product is designed and supposed to use that much. Other products may be designed differently and use e.g 25mb according to task manager but they also "hide away" the rest, ESET does not. There is a good reason why the product is designed like it is. Unless you have performance issues/slow computer caused by the product, there really is nothing to resolve.
  24. Do you see the orange popup on all/any websites or only on some specific websites you browse to ? And have you detection of PUAs, PUPs and Suspicious apps enabled in ESET ? (if not, enable all of them and run another scan, and keep them enabled from now on) hxxp://support.eset.com/kb3204/ If you have these detection categories enabled and ESET does still not detect and remove it. Then you can try the guide below, it is from 2013, but the method and tools used to remove it are still relevant today, and they are quite easy to use. Follow the description and what is shown in the screenshots and it should be pretty straight forward. (The tools used in the guide may probably also find items connected to "aa.js/q.adrta.com" that you mention in your first post, and possibly more, check the detection log and what each item belong to before you remove anything, so you don't remove anything you want to keep incase of FP.) https://malwaretips.com/blogs/ib-adnxs-popup-virus/
  25. TomasP have already responded and given an answer to your question before: https://forum.eset.com/topic/869-eset-nod32-blocking-my-website/?p=40978
  • Create New...