PodrskaNORT
ESET Insiders-
Posts
154 -
Joined
-
Days Won
1
Everything posted by PodrskaNORT
-
Mozilla Firefox and NOD32 Antivirus
PodrskaNORT replied to autobotranger's topic in ESET NOD32 Antivirus
Hi, In regard to ESET's program - you will be protected just as fine as you were using MSIE11. Tomo -
xp end of support
PodrskaNORT replied to Goldenyears's topic in ESET Internet Security & ESET Smart Security Premium
Hi I think there is, as always, a lot of "IF...THEN" situations and a number of compromises. You can jump to Linux ;-) In these circumstances - your XP is left without security fixes (as SweX stated - it's essential security measure) + you are hesitating to migrate to Win7 / Win81 - could be the perfect time for switch? Ubuntu is now polished.. if new GUI is too hardware intensive - you can select Lubuntu. Unless you have some superimportant unique custom-made hardware / software.. in which case you shouldn't connect to the Net with this machine in first place - thus, patches are not important at all (as they can smash OS, too). ESET will do its best in a nonpatched environment for years... you can install some ESET's programs even on Windows 2000, cca four years after its EoS! <OFFTOPIC> Can you guys please elaborate why not switch to 8.1? :-) I was a bit of "hesitating Win8 type", too, but now that I installed 8.1 on two computers - I love it! And one of them is not-at-all-new laptop with rather small and slow disk. Of course, it takes some time to adjust to changes. I *do* miss classic Start button and I try to hit it about 500 times a day :-) But I still don't want to tweak Win8 to enable it - I just want to train myself into "new interface"! </OFFTOPIC> Tomo -
Hi Team, After several days (weeks?) of testing "ESET HIPS against CryptoLocker" I can confirm that I sure would recommend it, at least regarding the part that it does not interfere with legitimate applications. This is the resulting page when "something" (an .EXE) tries to execute itself from %AppData%: (see attached image 01) So, HIPS will ask customer for action, and also an "automatic" exception rule can be added from within alert window (as this example for some Java's module): (see attached image 02) The original rule (named "CryptoLocker") looks like this: (see attached image 03) Rule asks me whenever an EXE tries to execute. At the start, I was not sure whether subfolders will be included in rule, but this proves they are. The only "problem" is that I did not manage to create generic rule (using %AppData% variabla) – I had to enter full path. So, from my point of view – I will give this rule a go :-) Tomo
-
Identical IP Address Detected In Network
PodrskaNORT replied to CptSternn's topic in ESET Endpoint Products
Interesting... it looks to me like the appearance of fixed IP caused DHCP server mess :-) I have some questions: All other computers showed same IP address (*.180) in message? All other computers are on DHCP? Did it stop after you unplugged the "problematic" one from the network? Tomo -
If I may put my $.2... There is no 100% security - not in a real life, not in an IT life. I believe AV industry is by far the most successful security IT branch - should other security branches have been such successful in stopping hack-attempts, we would have much safer environment. Yet, if attacker has physical & Admin access to machine (Admin access would be enough) - I don't believe there is *any* security (not only AV) program that could stop even "kiddie-script" kind of attacks, not mentioning any serious malware-attempts. So, yes - with physical & Admin access anyone can kill the machine in 5 seconds with, let's say, one-line batch script, no matter if it has 9 AV programs installed or none :-) Tomo
-
Cannot upgrade ERAS 5.0.119 to 5.1.34
PodrskaNORT replied to jimwillsher's topic in ESET PROTECT On-prem (Remote Management)
I can confirm same procedure as @jimwillsher mentioned when upgrading ERAS 5.0.119 to ERAS 5.1.34. Everything was migrated / upgraded perfectly, although it does look like fresh installation. Tomo -
Online Virus Scanner shutting computer down
PodrskaNORT replied to sec161's topic in Malware Finding and Cleaning
One thing comes to my mind... It could be that CPU / GPU / MoBo is overheating during this intensive task and then PC shuts down to protect from burning. Try installing something like HWInfo and monitor temperature. If it is the reason - just clean the dust from fans in PC. Tomo -
Xaress, (+) Start SysInternals Autoruns (+) search for Conduit in its results (+) note the locations (+) disable all instances (it could autostart from several places) (+) delete all folders noted above (+) (if any of folder says it cannot be deleted because the file is in use - kill EXPLORER.EXE and delete folders from DOS prompt; restart EXPLORER afterwards) Also check for software that brought the Conduit (toolbars, games, ...). Recently, popular are: Absolutist_Games Magentic toolbar MyAshampoo Toolbar (not to be mixed with legitimate Ashampoo software!) Flipora search engine Incredimail (?) Tomo
-
Trojan found in memory scan and .net framework.
PodrskaNORT replied to pejomo's topic in Malware Finding and Cleaning
Here is FileAlyzer 2.x info about that file on my disk. Maybe you can compare: filename: RegSvcs.exe filepath: C:\windows\Microsoft.NET\Framework\v2.0.50727\ filesize: 32768 timestamp[file]: 2010-11-21 03:23:56 timestampraw[file]: 3D751AFC age[file]: 1080 attribs: A+D-H-L-R-S- attribs: A+ attribs: D-H-L-R-S- filetype: PE crc32: C92CDC1B md5: D79F070423FDD3F01CE8C2BA3FBBC8ED sha1: 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8 crc32[file]: C92CDC1B md5[file]: D79F070423FDD3F01CE8C2BA3FBBC8ED sha1[file]: 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8 -
Hi, Limiting web access to a list of addresses will always result in limited response. You should first use some HTTP "sniffer" or logger to see what pages/servers Yahoo mail app accesses and then allow them all if you want to see normal Yahoo interface. Otherwise - there will always be *one* address that is mistakenly not allowed and the most desired icon will be exactly on that address :-) Tomo
- 1 reply
-
- web protection
- firewall
-
(and 1 more)
Tagged with:
-
@MrWrighty Without access to logs I can not claim this, but - I *think* that an e-mail contained just a link, customer clicked on the link which opened web page with Java exploit that allows download and execution of .exe file; that exe encrypted files (could be any of dozens of perfectly legal utilities); it could also download an additional .exe which overwrote original documents (again, this could be one of hundreds perfectly legal tools for secure deleting files). So *i believe* there was no malware in game at all - just plain old application-exploit attack, which IMHO usually have the nastiest payload than malware. Should other types of security software be as effective as antivirus, it would be much prettier world :-) Maybe you could check browser history and/or logs, mail logs, etc. for further details. Upgrade Java, all browsers and applications! Tomo
-
Ghostly files detected and quarantined!
PodrskaNORT replied to nod32user's topic in ESET NOD32 Antivirus
@nod32user Can you try to deliberately quarantinte one file (eicar, for example) and then empty the quarantine? Maybe that will reset counter... I can not reproduce the problem so I could not test this theory, but this little trick works with Recycle Bin in Windows, maybe it would work here, too :-) Tomo -
Ghostly files detected and quarantined!
PodrskaNORT replied to nod32user's topic in ESET NOD32 Antivirus
@nod32user 1) Try with this: hxxp://download.eset.com/manuals/eset_eav_7_userguide_enu.pdf -> 4.5.4 Access setup "Require full administrator rights..." Tomo -
Win32/RemoteAdmin.RAdmin.AC potentially unsafe application
PodrskaNORT replied to dst-ap's topic in ESET NOD32 Antivirus
@dst-ap There should be ESET File Security on servers. What version of Endpoint Antivirus you have installed on servers? Tomo -
I beleve these files are needed: (1) check whether @esets link is in /etc/init.d (points to /opt/eset/esets/etc/init.d/esets) (2) /root/Startup/esets_gui OR (3) I found it also in /root/my-applications/bin/esets_gui on my Puppy (esets_gui is copied from /opt/eset/esets/bin/esets_gui; link would probably do the thing, too) I'm not 100% sure now which of (2) and (3) is *the* one. Try it :-) Tomo
-
Hi Alarik You will have to put it in "autostart" folder(s). I don't have links at hand what exactly these folders are but check the google.. Tomo