rugk

Okay and what do you think about changing this in future version of ESS, so that the Anti-theft feature will capture pictures from all cameras which are available?

Description: ESS Anti-Theft should capture pictures of all available cameras (not only of one camera). Detail: Especially Tablets or Convertibles now have more than one camera built-in. So if this is the case then ESS should take photos from all these cameras. More details: Have a look at this topic: Select camera for anti-theft

Well softwarepatch.com looks quite good... And I was wrong there is a patch and this is the official download: hxxp://www.microsoft.com/en-us/download/details.aspx?id=23751 As described there it may be needed when you have a non-Intel processor. However now you have SP3. Has the installation of ESS worked? And I don't understand the thing with Ubuntu... So you have an XP and an Win7 PC. And you want to install Ubuntu - I think you mean Ubuntu. So maybe the Wikipedia article will help you: https://en.wikipedia.org/wiki/Ubuntu_%28operating_system%29#Installation Anyway just FYI there is a version of NOD32 for Linux too and AFAIK - if you really want to change - you will be able to use the Linux version with the same username/password you actually use for the Windows version, so you can take ESET with you.

Yes, I think that's a good idea.

Mhh... Could you tell your partner that they still have the icon of the old ESET versions as their favicon? Generally their site seems to be a bit outdated. (e.g. they talk about ThreadSense.NET which is today named ESET LiveGrid and they have still images of ESS v6 on their website) BTW This is the "official" Austrian ESET site: hxxp://www.eset.com/at/ (but the support link there redirects to the site @TomasP has pointed to)

Here are some basically information about OpenCandy if you shouldn't know about it already: Controversial Advertising Program Now Being Embedded in More Software

Threema 2.0 for iOS has been released too.

You have to make sure that the VM you set up is safe and your local network too. Also the host computer should be clean of course, so I would - before doing this - at least run a full system scan at your computer (and maybe all other computers in the local network) with a few tools. I recommend: ESET SysRescue Live, Herdprotect and maybe Malwarebytes Anti-malware/another "Rescue disk" from another AV vendor. Of course nowhere is 100% security so of course you have to trust the system and even the Windows installation disk/ISO image/... you download for installing Windows. You have to decide if you want to block "Microsoft adware/privacy" or if you want to create "pre-defined system rules" so Windows is allowed to do everything which it normally does. Any other thing is impossible, because you can't find for every connection out what it delivers to Microsoft or what not. Especially if there would be things Microsoft really want to get then they would of course use connection which have to be allowed (e.g. for Windows update) and then it doesn't matter what other connections you block. And I think you want to create "pre-defined system rules" and not firewall rules, which block Microsoft collecting user data or something else. That may be a reason why there aren't so many pre-defined rules, but if you really want "real pre-defined" rules which allow everything what Windows is connecting then mustn't care about it.

Okay, I think I found your issue (more or less). You have a very specific blocking rule for the process and even a specific allowing rule. Let's talk about the allowing rule, because the blocking rule is not important for this. The allowing rule only allows connections to: a/some specific IPs from local port: UDP to remote port: SNMP So if you get the notification from ESS next time, please double check if the connection is not trying to use another port or trying to connect to another IP. That's also the reason why I said a screenshot would be very helpful, because there we would see where/how the connection is really trying to connect to your router.

If it's a fresh window and nothing expect windows and ESS is on it you don't have to give any thought to the ports/IPs it. You want pre-defined system rules and you won't block any Windows connection, so if that's what you then you can do it this way. And BTW please don't quote the whole post. It's clear that you're referring to my post before.

@Utini If you really want this rules why don't make it yourself? Make it like you said, create a fresh VM, install a fresh copy of windows (and do not install any "integration components" or something like this), install ESS, do not install any other software at all and then you can create all the rules while using the VM. Before creating the rules I would suggest you to export the configuration, so you can compare it to the configuration later. Then you have to possibilities how to create these rules: Use interactive mode (and make it - more or less - manually) - but this would be very time-consuming... or configure a strict learning mode and use it to automatically create the needed rules - e.g. like this: 1 After this you can export the configuration and compare the configuration files, so that you can "extract" only the created rules. Here is how you can do this: https://forum.eset.com/topic/3512-eset-passive-quiet-install-to-include-pua-detection/?p=20461 Okay if you don't want to do the last step you can also send me the XML files and I do this for you. Then you finally will have a configuration file which everyone can import who wants to have the pre-defined system rules you talk about here. Okay there would be one exception: The users would have to use exact the same OS (e.g. Windows 8.1 Pro, 64bit) otherwise there could be rules which are not needed or some rules are missing. I would even try - if you use the learning mode - to let it create rules over several days and try to use nearly all common windows features that use a connection. 1 Okay there is still something on which you should pay attention: Create a rule for Internet explorer manually (which allows the connection to any IP) - otherwise it would be very crazy. because you will get a rule for every website you visit and for every connection IE is accessing: Or don't open the Internet Explorer at all. Maybe not do it as shown in my screenshot, so uncheck the box to include the local port for outgoing connection. Usually this is quite irrelevant and would only cause the creation of unnecessary rules. Additionally would suggest you to set the network mode to "public" so you won't create any rules with local IP addresses (because this local IP addresses may of course change in every new network and so the aren't the same for every ESET user) And when all rules are created you maybe even want to unify rules. E.g. a rule which allows "spoolsv.exe, outgoing connection to port 1234, IP: 12.34.567.89" and "spoolsv.exe, outgoing connection to port 4321, IP: 98.76.543.21" could be unified to "spoolsv.exe, outgoing connection to port 4321 and 1234, IP: 98.76.543.21 and 12.34.567.89"

Okay, but you haven'z made a screenshot of this in your last post. spoolsv.exe's "user-friendly name" is "Spooler SubSystem App". In your post before you have two rules for spoolsv.exe. One one allowing and one blocking (a specific IP). So I don't see any ask rule too. Can you maybe make a screenshot of the interactive message you still get?

Okay, so I wouldn't say that it's a bug in Windows. And I haven't seen this in ESS v7 at all, so maybe it is a bug in ESS v8 which happens rarely but is there. Are there any other users experiencing this?

Hello @ToddBowers, sorry for your inconveniences. However next time it would be good if you could start a new topic as this topic is older than one year. With "cover" you surely mean this... hxxp://ejie.me/ BTW I have tested cover with ESS v 8.0.304.x and it worked fine as far as I see. What was/is your problem with cover? And for Windowblinds: Maybe the issue can be fixed when switching HIPS to learning mode, change the style in Windowblinds and then switch HIPS to your preferred mode back.

Well normally you do not need any patch before downloading SP3. Just make sure you have Windows updates enabled.

My statement was ironical of course. But however it's nice that you found a file which doesn't include the PUA. So you can see Viber can offer packages without it's PUA inside. Great finding!

Okay so if you click on "Populate with selected connection settings" it will select "Virtual adapter"? That's of course not normal and not wanted. So if you have the possibility (only as an experiment) can you test whether this behaves differently when you have selected home/public network and whether this behaves differently when you're in a different network?

Wouldn't it be most useful if the Anti-theft feature of ESS would took photos of both cameras: the front and the back camera?

Hello @Utini, at first nice "Block OpenCandy" rule. Secondly in the advanced view you can also sort the rules by the application. If you do so you should find all rules for "spoolsv.exe" and you can have a look whether there is a rule with a higher priority. @Marcos That there is often written "Ask" is only because no rule is defined for this action and Utini is in interactive mode. If Utini would be in automatic mode there would be written "allow". This confusing thing is one reason why I like the advanced view of the rules more.

Well protocol filtering is not a firewall. This is the module (which is also included in NO32) which scans the network traffic for malware. So if you exclude it these traffic won't be scanned for malware anymore. But anyway can you link to the software which is causing this issue? Maybe there is an incompatibility with ESET's protocol filtering (or Windows filtering platform, which is used for this) and the software.

...and if you do so, I think it would be helpful to create a full SysInspector log and include it in the support case too.

Like I already replied to you I haven't seen this with other applications, but if that's true then you of course can't do anything. Anyway this issue seems to happen very rarely, so it's not such bad and we don't have to worry about it.

Well with that you're of course right. However I tested it and enabled this logging and it doesn't "spam" my firewall log (at least not in a 2 sec interval), so does it "fix" this issue if you disable the option? BTW AFAIK most attacks will still be logged even if you have disabled this option. Edit: Okay, no it spams (more or less) my firewall log. It's not such often and regularly so I could say it's in a 2 sec interval, but it's there.

It is available from MS. Here are some information how to download it: How to obtain Windows XP Service Pack 3 (SP3) Windows XP Service Pack 3 (SP3)

Thanks for the link, @researcher. However the [member=Viber Reputation team] calls itself Reputation team and not Viber advertising... Although I have to say that it's advertising if you read something like this: WTF. Free calls in any country? Then I have to download it right now... That's especially interesting, because you can find this "advertisement sentences" one-to-one on their official site (www.viber.com/products/windows).