Jump to content

SweX

Most Valued Members
  • Posts

    2,266
  • Joined

  • Last visited

  • Days Won

    110

Posts posted by SweX

  1. I note that most issues mentioned seem to be connected to the firewall of ESS. Well, why not go with NOD32 + Win OS Firewall or some other 3'rd party firewall - if the firewall in ESS causes too much problems for certain users.

     

    I use the Firewall in Policy-based mode myself cause I want control, but I have not noticed any issues when I have used Automatic mode either.

     

    We also now have the Firewall "Troubleshooter" (I forgot its real name) in V9 that has been implemented to help with the firewall issues one may get. Other times an hour in Learning mode may solve issues automatically.

  2. @V3.Firewall

     

    You do as you like. I have nothing more to add. ESS and its firewall will protect the computer it is installed nicely. If you want to protect your whole network to which you connect your computer that you have ESS installed on + other computers and/or mobile devices. Then you might better try to do that in your hardware e.g router, hardware firewall...etc etc that all internet traffic runs through. Perhaps you should invest in a UTM solution or similar, even if they are not much of a firewall specifically. But that is OT for this thread. I think you should just settle down and use ESS and try to stop worry so much about what could happen or not. And instead think about if it is realistic or not.

     

    Again, I doubt a hacker will try to hack you because you are not of any interest for them. They hack into stuff where they can get their hands on valuable databases, documents, files, confidential and secret stuff basically. And I don't think you sit on any information of that sort.

  3. Keep posting in your thread here instead of starting another one.

    https://forum.eset.com/topic/7859-virus-signature-database-failure/

     

    I am not sure I understand everything you post in the thread. But I assume that if you Disable automatic updating of the VSD so it won't check for updates every 60min, then you won't receive the error messages when the update attempt fails due to no and/or bad internet connectivity cause the product can't connect to ESET's servers. And instead click the update button manually when you want/have the ability to update.

     

    You don't get around the updates, they are part of every AV product on the market.

     

    You should also understand what you say -> "but it is better on protection" -> are connected to keeping the product up-to-date.

     

    The product displays the error messages to let the ESET user know that the product is not working/updating properly as it should, and maximum protection can't be assured, it is expected and normal behaviour of malfunctioning security products.

  4. Do you have detection of potentially Unwanted, Unsafe and Suspicious apps enabled ?

     

    post-320-0-99965800-1458774891_thumb.png

     

    I ask since most users usually "complain" that ESET almost is too strict when it comes to these detections and not the other way around.

     

    On the link below - do you pass all of the tests that AMTSO provides in order to make sure that ESET and other security products are set up correctly & works properly ?

     

    Try the 6 links for Desktop Solutions in this post: https://forum.eset.com/topic/7179-amtso-security-features-check/?p=38904

  5.  

     

    Now I secure my network with 2 firewall [router tp link wr841n and Agnitum Outpost Pro Firewall 9.3]

     

    I assume you know that Outpost is no longer a supported product since Agnitum was purchased by Sophos?

     

     
     
    Of course I know:
     
    Agnitum will provide antivirus base updates, bug fixing and technical support until December 31, 2016.
     
    Outpost Firewall Pro 9.3 will never die the same with Windows XP It will still be used even if you do not receive updates

     

     

    But since you now run Win 7....

     

    "I buy new pc 2016/ddr3 4gb windows 7 ultimate 32 biti"

     

    ....there's no need to bother with XP and softwares that will soon be discontinued.

  6. 7-Zip, it's free and open source, compatible with most archive file types too. When using it, just right click on an archive in Explorer and select an option from the 7-Zip context menu (extract here, extract to folder, etc). You can also use the program itself to compress (and expand/explore) files and more.

     

    hxxp://www.7-zip.org/

     

    +1 When I saw the thread title I thought I was going to recommend 7-Zip :D

  7.  

    Now I secure my network with 2 firewall [router tp link wr841n and Agnitum Outpost Pro Firewall 9.3]

     

    I assume you know that Outpost is no longer a supported product since Agnitum was purchased by Sophos?

     

    It was Yandex that acquired Agnitum - the maker of the Outpost products.

     

    Sophos acquired SurfRight - the maker of the HitmanPro and HitmanPro.Alert products.

     

    But I am sure you just mixed them up ;)

  8.  

    The Cloud (LiveGrid) is being used by the Web protection yes. But I fail to understand how a 3'rd party get's involved in real-time, if that is what's happening here. But we are only speculating, and I don't like speculating as there is a chance we draw the wrong conclusion here, and that would be no good. Better if ESET steps into the thread and clarify what's going on. I except that Marcos reads what we write here.

     

    I mean, I understand that threat data from 3'rd parties like CRDF get's shared with ESET and maybe pushed to ESET servers -> which the client/software side connects to, but I have never heard of any vendor that let's their client/software connect to 3'rd party servers in real-time as part of the cloud service that the vendor has in-built in the product. I except the software to have connections with the vendor only, and nothing else. LIke.....

     

    3'rd party threat data -> ESET  -> ESET servers <- Software/client communicates with. (Roughly explained.)

     

     

    Appears Eset dials out every 1/2 hour, which I believe are the LiveGrid blacklist updates. And the connection is to their servers. So I an sticking with the botnet checking as the reason for the port 443 dial outs by ekrn.exe within the 1/2 hour intervals.

    Yes, I assume you are right, it doesn't sound wrong in any way at least. And since ESET doesn't seem interested in making a comment about this - we can only go by what we believe is happening here.

  9. "I play dota 1 and someone attacks my internet and eset firewall detect 0 block 0 my internet shut down"

     

    Is that a fact (it happened) or only an example of what you are afraid of could happen ? If yes, how do you know that it was an attack from "someone" against you ?

     

    IMO. You don't need to worry much about these types of attacks against your network, they are usually directed against websites, services, isp's and organization, not individual users. If large corporations can't protect their networks with enterprise-grade hardware (that cost loads of $$$) to stop or re-direct the traffic in a good way to keep their services going, how do you think a simple consumer router with "protection against X, Y and Z" will be able to handle that amount of traffic if a serious attack would be directed at you ?

     

    As an individual you are much more likely to encounter malware and/or privacy issues - than getting hit with a network attack. Your ISP can get attacked so it can indirectly affect you and your internet connectivity for a short or long time, depending on how big the attack is and how well the ISP can stop or re-direct the traffic, but it is not aimed at you personally. My ISP was target for a huge ddos attack last year, they were quite good at re-directing the traffic - but it still affected internet connectivity for some customers plus the IP-TV service for those that had that too, but there's nothing you as a customer can do about that.

     

    post-320-0-68085500-1457873253_thumb.jpg

     

    My router has these settings, and it can surely help against this or that, but I am not going to get seriously attacked since I am not a target - if I were to be attacked for some reason, I would most likely not stand a chance anyway.

     

    If I were you, then I would stop reading & comparing fancy words in product descriptions to stop scaring up myself for no good reason.


    But you are of course free to buy whatever you want if it makes you feel any better. Just don't buy what they used to "protect" the Central Bank of Bangladesh. It failed big time.
     
    We have had this firewall/attack discussion before and the situation has not changed since the last time: https://forum.eset.com/topic/6009-eset-smart-security-8windows-xp-sp3
     
    (Well, the above thread turned into a discussion about some "King", though it seems like the old King (XP) has been replaced with a new King (Win 7) according to post 1 in this thread.)
     
    P.S
    Outpost is no more, and their customers have been offered licenses for another product.
  10. In the next release of ESS (V10x I assume) I would like to see the GUI go back to something similar to v8x. The GUI is not something I normally get overly concerned with but v8 was much easier to use then v9x. Specifically the "firewall rules" screen which in v9 is just not easy to use at all.

    Also, I may be a nice pale person :rolleyes:  but I really wish there was a bit more colors in the GUI here and there. It is so white/grey/pale in its current state. Well, except the "home" screen where the ESET robot is where we have a bit blue and green. But I want nothing extreme and/or sharp color contrasts, that would be even more annoying/worse compared to its current look.

  11.  

    "I have seen ekrn.exe connections to France; IPs 62.210.11.201 and 195.154.36.97."

     

    62.210.11.201 =  hxxp://zulu.zscaler.com/submission/show/0a488f4ae32fed497ee780a13e632fdd-1457747333

     

    195.154.36.97 =  hxxp://zulu.zscaler.com/submission/show/f13900d05ca24d742ef31fa4308575f3-1457745695

     

    Do they both belong to crdf.fr ? As in this crdf -> hxxp://threatcenter.crdf.fr/?Stats

    ESET is not on their partner list: hxxp://threatcenter.crdf.fr/?Partners

    That might partially explain what is going on here.

     

    I did do a lookup to hxxp://threatcenter.crdf.fr/?Stats yesterday. Had no idea that that they had a rep problem. So will stay away from there from now on. Marcos, take note.

     

    So the question is does Eset use the clould for rep scanning and the like while browsing? And why would ekrn.exe be connecting to an IP address using port 443 to do so? This link is a http link, not https.

     

    This does look like something to do with Eset's web filtering but would like an explanation.

     

    The Cloud (LiveGrid) is being used by the Web protection yes. But I fail to understand how a 3'rd party get's involved in real-time, if that is what's happening here. But we are only speculating, and I don't like speculating as there is a chance we draw the wrong conclusion here, and that would be no good. Better if ESET steps into the thread and clarify what's going on. I except that Marcos reads what we write here.

     

    I mean, I understand that threat data from 3'rd parties like CRDF get's shared with ESET and maybe pushed to ESET servers -> which the client/software side connects to, but I have never heard of any vendor that let's their client/software connect to 3'rd party servers in real-time as part of the cloud service that the vendor has in-built in the product. I expect the software to have connections with the vendor only, and nothing else. Like this.....

     

    3'rd party threat data -> ESET  -> ESET servers <- Software/client communicates with. (Roughly explained.)

     

    Here's an interesting tidbit. That IP address,195.154.36.97, scans 100% clean at VirusTotal. Not a single AV product flagged it.

     

    Also didn't previously noticed the "botnet" reference. Perhaps that is what is ekrn.exe port 443 dial-out is checking for?

     

     

     

    Well, who knows, lol.  :D I don't like speculating and sound like I blame someone or something for doing wrong here. I rather see that ESET clears any misunderstanding up that we may have initiated by our speculations in this thread. ESET may not be able to reveal much about these ekrn.exe dial-outs if that would help the dark side, but at least assure that it is normal and nothing to worry about. If not at all in public, then we have a PM system that is made for sharing secrets ^_^

  12. 195.154.36.97 is a bad IP! What is going on here Eset? I noticed these are port 443 connections. This have anything to do with SSL protocol scanning?

     

    ...... -> hxxp://www.senderbase.org/lookup/?search_string=119.1.109.121-> 

     -> https://www.spamhaus.org/query/ip/119.1.109.121

    https://www.spamhaus.org/sbl/query/SBL156393

    https://www.spamhaus.org/sbl/query/SBL171415

    https://www.spamhaus.org/pbl/query/PBL188929

     

    "chinanet-gz is providing services to spammers and botnet operators since years and ignoring all abuse complaints sent by Spamhaus and 3rd parties"

     

    (Guess that could be one reason why MBAM blocks that IP)

     

    hxxp://www.senderbase.org/lookup/?search_string=195.154.36.97->

    -> hxxp://www.abuseat.org/lookup.cgi?ip=195.154.36.97

     

    "IP Address 195.154.36.97 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

    It was last detected at 2016-03-07 02:00 GMT (+/- 30 minutes), approximately 4 days, 23 hours, 30 minutes ago."

     

    @spc3rd, Sorry to hear about your health issues, I hope you get better and feel better soon again.Take care.

  13. No doubts it's worth the money :)  Let's give it a try and activate a 30-day trial version to find out yourself.

    I agree, but then I don't expect an employee to say anything else as that would look kinda weird :P  ;)

    And indeed, more people SHOULD take advantage of the trial period that ESET and as good as every other vendor provides, and not buy straight away, to only a few days later go through a refund process cause they didn't like it.

    I often say -> "Always try before you buy". The trials are available for a reason.

  14. "I thought about asking on the ESET forum if ESET really is that good"

    :D

     

    OK, joke a side. I am sure you could find deals at a few places online if you look around e.g Amazon, Newegg is great for people in the U.S, but I see you use the Euro € sign, so I assume you're located somewhere in Europe. As mentioned above, the renewal will be a bit lower, but I am sure you can find the software at some place for quite a bit lower than 50€ / 1 PC if you're after a good deal. Though I don't know where to look so I can't give any shopping suggestions.

     

    Is this 50€ / 1 user from your local distributor/reseller or ?

  15. There's a memory leak. I have a laptop Windows 10 64 bit and a desktop Windows 10 Pro 64 bit.

    Desktop has been on 27 hours. shows 600 meg (can't work out how to post screen shot) I have been downloading a game overnight.

    Will return to about 120 meg after a reboot.

     

    TS said that ekrn.exe was using 116mb on the system, not 600mb. It's a huge difference. Yes, we know there is a leak that affects some users, but judging by the amount ekrn.exe use on that system, TS does not seem to be affected. If ekrn.exe does use much more than that on the system, then it would be in everyone's interest if TS told us more about that instead.

     

    @Wrogg

    Yes, rebooting will release the memory. If you have a fast upload connection and are willing to help out, then create a complete memory dump -> hxxp://support.eset.com/kb380/ that ESET can download and analyze, and hopefully it will shed some light on why some users are having this problem.

     

    We already have 2 open threads about a possible ram leak:

    https://forum.eset.com/topic/7487-seems-like-a-memory-leak/

    https://forum.eset.com/topic/6317-eset-smart-security-9-memory-leak/

     

    Please continue in one of them cause we really don't need a 3'rd thread on the same topic, thanks.

  16. My eset is taking too much memory usage around 116,000k is there anyway to decrease it? or how can i send report to resolve this problem?

    It is not a problem at all, so there is no need to report anything. The product is designed and supposed to use that much. Other products may be designed differently and use e.g 25mb according to task manager but they also "hide away" the rest, ESET does not. There is a good reason why the product is designed like it is. Unless you have performance issues/slow computer caused by the product, there really is nothing to resolve. :)

  17. Do you see the orange popup on all/any websites or only on some specific websites you browse to ?

     

    And have you detection of PUAs, PUPs and Suspicious apps enabled in ESET ?

    (if not, enable all of them and run another scan, and keep them enabled from now on)

    hxxp://support.eset.com/kb3204/

     

    If you have these detection categories enabled and ESET does still not detect and remove it.

    Then you can try the guide below, it is from 2013, but the method and tools used to remove it are still relevant today, and they are quite easy to use. Follow the description and what is shown in the screenshots and it should be pretty straight forward. (The tools used in the guide may probably also find items connected to "aa.js/q.adrta.com" that you mention in your first post, and possibly more, check the detection log and what each item belong to before you remove anything, so you don't remove anything you want to keep incase of FP.)

     

    https://malwaretips.com/blogs/ib-adnxs-popup-virus/

×
×
  • Create New...