-
Posts
485 -
Joined
-
Last visited
-
Days Won
9
Posts posted by shocked
-
-
since setting the "protection" sections in "Real-time & Machine learning protection" as aggressive, i've noticed that many files are being sent to Eset for analysis.
most of them seem to be "*.part" files from like a browser cache or something judging by their name.
for example, 08tJ3cwD.exe.partthe weird thing is that when checking the AppData\Local\Temp folder can't find them, unless they're also removed by the antivirus before being sent. an in-depth scan comes completely clean. i've done a clean install of my OS two days before for other reasons. i'm kinda confused.
Time;Hash;File;Size;Category;Reason;Sent to;User
31/10/2021 11:07:39 μμ;0A05AB6FD488B3929A19D1710E7C52738837224A;C:\Users\******\AppData\Local\Temp\08tJ3cwD.exe.part;9027584;Executable;Automatic;LiveGuard;DESKTOP-\******\
1/11/2021 1:26:33 πμ;CB82D19065216BA7FA67A411B4E84BA1E4563964;C:\Users\******\AppData\Local\Temp\uNiMPuam.exe.part;11728742;Executable;Automatic;LiveGuard;DESKTOP-\******\
1/11/2021 2:32:12 πμ;96D6BB3A0B46BE749162DEB3A5CA5130A2326911;C:\Users\******\Downloads\52f5a657-b783-406f-a0e4-5e13107f9997.tmp;16384;Executable;Automatic;LiveGuard;DESKTOP-\******\
2/11/2021 12:41:07 πμ;06501D7A40FC112590804050C7AF972443C289CD;C:\Users\******\AppData\Local\Temp\VVgoccCi.exe.part;9462296;Executable;Automatic;LiveGuard;DESKTOP-\******\
2/11/2021 12:41:29 πμ;4AB52B2D24107C3FAD16BF1A50FDC26FEC8763B6;C:\Users\******\AppData\Local\Temp\P0UcL4nK.exe.part;9566040;Executable;Automatic;LiveGuard;DESKTOP-\******\
2/11/2021 1:41:38 μμ;A80E6875C9617AEB6EA0874EBC749DC745D6F5D1;C:\Users\******\AppData\Local\Temp\Bi_Khh32.exe.part;11383032;Executable;Automatic;LiveGuard;DESKTOP-\******\_____________________________________________________________________
Time;Component;Event;User
31/10/2021 11:07:39 μμ;ESET Kernel;File '08tJ3cwD.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM
1/11/2021 1:26:33 πμ;ESET Kernel;File 'uNiMPuam.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM
2/11/2021 12:41:07 πμ;ESET Kernel;File 'VVgoccCi.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM
2/11/2021 12:41:29 πμ;ESET Kernel;File 'P0UcL4nK.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM
2/11/2021 1:41:38 μμ;ESET Kernel;File 'Bi_Khh32.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM -
i've always kept reporting > aggressive & protection > balanced. that way i think it will always report any suspicious files and keep the protection to good levels so as to not interfere with my "daily life".
even if i (sometimes willingly) download a malicious file but don't run it, it will either quarantine it or delete it. i haven't encountered any false positive (or when detection/database updates could cause FPs it was fixed before i could encounter one) and for that i'm quite satisfied.
overall i'm extremely satisfied with the provided options/settings. ✌️
-
contact the support of your region and ask them to upgrade the license key. i did it myself and after paying a small ont-time fee my key was upgraded to Premium and was able to upgrade the installed program.
-
it's really easy. on the start menu type notepad and open the app that will appear on the results. then copy paste the contents on the website that Marcos suggested,
@echo off sc config winmgmt start= disabled net stop winmgmt /y %systemdrive% cd %windir%\system32\wbem for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s wmiprvse /regserver winmgmt /regserver sc config winmgmt start= auto net start winmgmt for /f %%s in ('dir /s /b *.mof *.mfl') do mofcomp %%s
then save the file to the desktop for easy finding and rename it as repair.bat . before saving it on the "save as" dialog, make sure to change the file type to "ALL FILES" and not txt text file type. you can also right click the file later and rename it as "repair.bat" and remove the txt extension.
-
also i would suggest to try again running the uninstall tool in the safe mode, run it a couple of times until it shows "no supported products found"
-
first of all rename the file back to eis_nt64.exe or better yet, redownload it if possible.
then open the start menu and type CMD, then select "open" from the right side, then in the window that opens type this c:\users\YOUR_USERNAME_HERE\downloads
(in the place of YOUR_USERNAME_HERE , type the username you have set your windows account. for example c:\users\john\downloads)move the downloaded file in the Downloads folder and then type eis_nt64.exe --avd-disable
see the image for reference. hope i helped -
4 hours ago, itman said:
Did you close the browser after disabling DoH
i was testing it for a few minutes, i did close the browser between the on/off of the setting
-
the other day when i disabled DNS-over-HTTPS it didn't change anything, now it (somewhat) successfully detects the phishing website, mostly on the second try by refreshing the page.
-
1 hour ago, itman said:
somehow interacted with Firefox profile settings
it's really weird how it can interact with the FF settings and "defeat" the protection. i haven't changed anything security related to the FF config settings, only some that relate to tab previews etc. so it's puzzling.
-
creating a new clean FF profile seems to make it work.. some weird setting seems to interfere with it but i can't understand what and why. even FF safe mode with addons disabled didn't help.
-
i can confirm that with Edge it's blocked whether it's https or not. FF will block it with http only.
meddling with dns-over-https in FF doesn't have any effect. -
maybe it has to do with how the service counts days. for example i bought my license on September 5 2020 and it expires on September 6 2022. for some reason it adds one day on top of the day of the purchase.
besides the "aesthetic", there's no problem with that.
-
i reported something similar back in October as i stated there, it failed restoring a similar file although it was completed successfully judging by the restored drivers/programs.
disabling the program's defenses can be a bit time consuming or a user might not want to disable them, can the logic behind HIPS be improved not to block such operations or not to interfere with them?
back in 2015 i reported it again and was told that it would be fixed, i guess the fix isn't fully functional? -
if it shows xx.xx.19.xx then it must have updated successfully, otherwise i suppose you'd have visible problems.
to be sure, when the next update gets released, you can download the file as i have mentioned above and upgrade it that way. -
go to advanced settings > device control > webcam protection and check the rules to see if you have enabled the notify option in some of them.
that way Eset will notify you no matter if it's allowed or blocked. -
the xml data you posted confuse me, perhaps it's some upgrade path from one version to another. like going from A > B, B > C in order to reach the final version D. and avoid going from A > D directly.
what does the program report when you open the about section as shown above in my image? if it's not 14.2.19.0 then download and upgrade on top of the old one, it will maintain all settings and activation status.
-
you don't mention the previous version, but showing 14.2.10.0 could be old cached data, and then on a new check it retrieved the new version.
what version does it show when you open the program and go to help and support section?
also just because a new version is released it doesn't mean that ALL files/drivers etc. will have the same version number.
-
on my pc it shows the same version as well. if you got a notification that the update was installed successfully, then don't worry. the article merely suggests to remove prior to updating it, if the user wants to remove it. it's not mandatory, otherwise they wouldn't have implemented the in-place update mechanism.
-
you can just download the correct version and install it over the old one. it will upgrade it just fine. that's what i do
-
i don't have chrome, but i suppose it's not too different from Edge.
click the 3 dots and select settings, from there type in the search field background apps and see if it's enabled.i've noticed that this keeps some instances of Chrome running in the background, perhaps this triggered the notification, due to it checking for camera permissions perhaps.
-
14.2.19.0 is the latest. it was released today. the support article wasn't updated yet it seems.
download the latest nod32 update from here. download the live installer by clicking download for windows or click advanced download on the right and download the desired 32 or 64 bit version for the computer you want to install it to.
-
that's the official app from Microsoft, of course it's safe to run it.
-
i've never heard of such program, could you provide a link to the website hosting it?
-
i have the same events listed but they start from 27/5. back then i had EIS, from 15/6 i upgraded to ESSP.
ESSP keeps sending many "*.exe.part" files to Live Guard/Virus Lab
in ESET Internet Security & ESET Smart Security Premium
Posted · Edited by shocked
the most peculiar thing is that whenever the notification appears that the file was sent to Eset, i wasn't downloading anything that time or before the notification. sometimes it just pops out of the blue.
could it be that another program tries to download something, eg. Adobe Acrobat checking for update or whatever, and it also uses the part extension? and that triggers the program to send them to Live Guard?