rugk

I was quite surprised as I saw too very suspicious root certificates in my CA store. These were installed by a Bluetooth driver from CSR. Obviously this enables interception of HTTPS connections if the private key is found. Additionally it injected certs into the "trusted publisher store", which means it can also fake digital signatures. The worst thing are the certificates itself - they are 1024bit RSA certificates, which are very insecure, so that it may be possible to crack the public key and get out the private key. More information here: https://pastemarkdown.com/Su5Ch And here you can see how it injects it: https://vimeo.com/rugkme/csrharmonyrootcert

Come on. That's not secure at all. Any attacker could simply inject JavaScript into the HTTP site and send all data entered to itself. An HTTPS-IFrame does not help in any way to prevent this.

Correct. The IP addresses should belong the the domains. At least when I looked them up they were.

Yes I have to adjust the toll to be compatible with ESET v9. I'll track this issue in on Github. If I find the time I'll fix it. Besides this contributions are welcome of course.

AFAIK even a huge blocking rule should not slow down ESET's firewall. The hash is correct. These detections are false positives. I have changed the first post to add a note about this (again).

Maybe some motivation for updating the Linux version: https://www.av-test.org/en/news/news-single-view/linux-16-schutzpakete-gegen-windows-und-linux-schaedlinge-im-test/

If you have a list of IPs (each IP on a new line in a txt file or something similar) you can use it. If you have no list of IPs I only have a sample of the ones used by ZeusTracker. You can get it here. This depens on what list you use, but the ZeusTracker list is a list of domains used by a malware. Based on a quick read about Peerblock I think so, yes. However if you want to use a list from Peerblock (or better: from https://www.iblocklist.com/which is used by Peerblock) you would have to adjust it first by removing the labels before each IP.

Just BTW: You can also get the direct link of a post by clicking at the number at the right top.

You maybe mean v8? Because v7 was released at once as far as I know. Only v8 was just released worldwide later on. At the specific language release this there was also an announcement, but I can imagine that they now want to prevent complaints from users who are asking when it will be available in their language... So maybe you're right.

BTW why is there still no (pinned) thread about the new ESS and NOD32 release?

@ThomasP Okay, nice. However installing v9 over v8 didn't worked in my case. And as said by @TomFace many people may also like to do a clean installation (just as a matter of principle e.g.). So for issue 4 the link is nice. I did only saw one link (which was the question "Do you have a username/password?") but the site opened did not loaded so I closed it again. As I think this was temporarily I guess this is the site you mean. Point 3 is more bad if you want (or have) to do a fresh installation on the same device (or a new installation of v9 on another device if you want to reuse the settings). So what do you think about a standalone settings converter? Just so that i can use my old settings files with the new format too.

Interesting to know. However I don't know why this matters... Especially how do you get this conclusion? I think there weren't significantly changes and the new LiveGrid module is independent of the product versions (also appears in v8).

You don't know what sandbox ESET uses and the malware (author [hopefully]) does not know this either. Additionally there could be multiple sandboxed used or the file could otherwise be analysed or processed before it's given to the sandbox. Basically many things could happen there. And I'm sure ESET makes it as hard as possible for the malware to get out that it's running in a sandbox. It would not be whitelisted - it just would not be detected. That means if there is a traditional signature it would still detect it. To get on the cloud whitelist a file must pass more criteria than a single test AFAIK. E.g. statistical things like how many users use it, how new the file is may play a role, but I think there are more factors, which ESET won't disclose - of course. BTW - I like this one: "its hashtag is first compared against these white- and blacklisted items" Hashtag? #maliciousfile Whoever wrote the help possibly just meant hash and not hashtag.

Oh, great. In my case it did not worked that well... So I'll use v8 a bit more.

As said ESET v9 was already released in some languages. So I've did a quick test and here is what I'd like to say (also for other using who want to upgrade). At first (of course) do a backup before upgrading. (at least create a system restore point) You have to uninstall the Version 8 of ESET prior to installing v9. This means, do not install v9 over v8. I tried it and got errors because ekrn.exe constantly closed itself/crashed silently and restarted in a loop. You cannot import the setting from v8. Even if you export the settings from v8 you cannot import them in v9, because it seems the settings file format has changed. The license system was adjusted to the one used in the v6 business versions. That means you cannot use your old username/password for this version any more - a license key is required. I assume ESET will create a site where you can convert the license. (Currently I couldn't found one) Windows 7 x64 German translation of this post can be found here: https://www.computerguard.de/threads/eset-smart-security-2016-v9-und-eset-nod32-antivirus-2016-veroeffentlicht.9786/

Personally I don't really like the P2P updates... However in your situation you could use the business products from ESET where you can make an update mirror on one PC in your network. However the PCs with ESET Endpoint Protection have to belong to you of course. The only thing you can currently do for other computers is using the latest version of the installer, which also has all VSD updates included (at the time where it was released). (And also use the offline installer so it doesn't have to download the installer file every time)

More info here: https://forum.eset.com/topic/6091-anti-exploit/

ESS has an Exploit blocker. But did not you know this already, TomFace? Whether MBAE is necessary is more or less a personal opinion. I would say it is not. However I think MBAE should not hurt in any case. If you're running MBAM with ESS and have no problems also MBAE should be possible. But basically it's good just to try it and see whether/how it works. Previous thread: https://forum.eset.com/topic/6048-run-ess-with-mbam-premium-and-mbae-premium/

That's good, but AFAIK that's the same which is also done by Zimperium. Zimperium even shows you the exact exploits (7 ones) for which it checks (which even takes longer than the check the ESET Stagefright Detector app is doing). So I doubt that Zimperium is wrong there - and I'm quite sure it also checks for the vulnerabilities directly. This is what the both apps actually show: And that's the device with it's exact version:

https://www.eset.com/us/resources/content-browser-detail/eset-acquires-data-encryption-leader-deslock/ So as it seems we are going to see an encryption part in ESET products in the near future...

ESET already has a DDOS protection included in the firewall.

Just FYI: As for svchost.exe you can choose the service which a rule should cover in v9 of ESS and NOD32.

Okay, they confirmed me that it's a false positive:

You may want to send this question directly to the ESET labs: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141 Maybe they can answer you better.