Jump to content


Most Valued Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by rugk

  1. I was quite surprised as I saw too very suspicious root certificates in my CA store.

    These were installed by a Bluetooth driver from CSR. Obviously this enables interception of HTTPS connections if the private key is found.




    Additionally it injected certs into the "trusted publisher store", which means it can also fake digital signatures.

    The worst thing are the certificates itself - they are 1024bit RSA certificates, which are very insecure, so that it may be possible to crack the public key and get out the private key.



    More information here: https://pastemarkdown.com/Su5Ch

    And here you can see how it injects it: https://vimeo.com/rugkme/csrharmonyrootcert

  2. In many cases like this there is an https frame inserted in the http website - check whether this is not the case.

    Come on. That's not secure at all.


    Any attacker could simply inject JavaScript into the HTTP site and send all data entered to itself.

    An HTTPS-IFrame does not help in any way to prevent this.

  3. AFAIK even a huge blocking rule should not slow down ESET's firewall.

    by the way virus total flags it sadly as HEUR/QVM11.1.Malware.Gen and W32.HfsAtSTIL.6930  -> hash SHA256  d9be90d7d6ea015c9f438f0df35611bde8e221423170ec342346ea9f5e62b5ef

    The hash is correct. These detections are false positives.
    I have changed the first post to add a note about this (again).

  4. If you have a list of IPs (each IP on a new line in a txt file or something similar) you can use it.


    If you have no list of IPs I only have a sample of the ones used by ZeusTracker. You can get it here.




    i mean does the program add 222 ips considered malware ,doesn'it ?

    This depens on what list you use, but the ZeusTracker list is a list of domains used by a malware.


    does it work like peerblock ?

    Based on a quick read about Peerblock I think so, yes.  However if you want to use a list from Peerblock (or better: from https://www.iblocklist.com/which is used by Peerblock)  you would have to adjust it first by removing the labels before each IP.

  5. Not sure how they did it when they released V7 that was also first released on a few local markets just like V9 hmmm :unsure:


    You maybe mean v8? Because v7 was released at once as far as I know. Only v8 was just released worldwide later on. At the specific language release this there was also an announcement, but I can imagine that they now want to prevent  complaints from users who are asking when it will be available in their language...

    So maybe you're right.

  6. @ThomasP

    Okay, nice. However installing v9 over v8 didn't worked in my case. And as said by @TomFace many people may also like to do a clean installation (just as a matter of principle e.g.).


    So for issue 4 the link is nice. I did only saw one link (which was the question "Do you have a username/password?") but the site opened did not loaded so I closed it again.

    As I think this was temporarily I guess this is the site you mean.


    Point 3 is more bad if you want (or have) to do a fresh installation on the same device (or a new installation of v9 on another device if you want to reuse the settings).

    So what do you think about a standalone settings converter? Just so that i can use my old settings files with the new format too.

  7. Problem here is if it's cloaked malware some of which are sandbox aware, it could escape detection.

    You don't know what sandbox ESET uses and the malware (author [hopefully]) does not know this either. Additionally there could be multiple sandboxed used or the file could otherwise be analysed or processed before it's given to the sandbox.

    Basically many things could happen there. And I'm sure ESET makes it as hard as possible for the malware to get out that it's running in a sandbox.


    The implication here is it is passes cloud and back-end scanning, the software will be whitelisted on your PC?

    It would not be whitelisted - it just would not be detected. That means if there is a traditional signature it would still detect it.

    To get on the cloud whitelist a file must pass more criteria than a single test AFAIK. E.g. statistical things like how many users use it, how new the file is may play a role, but I think there are more factors, which ESET won't disclose - of course.



    BTW - I like this one: "its hashtag is first compared against these white- and blacklisted items"

    Hashtag? #maliciousfile ;)

    Whoever wrote the help possibly just meant hash and not hashtag.

  8. As said ESET v9 was already released in some languages. So I've did a quick test and here is what I'd like to say (also for other using who want to upgrade).


    1. At first (of course) do a backup before upgrading. (at least create a system restore point)
    2. You have to uninstall the Version 8 of ESET prior to installing v9. This means, do not install v9 over v8.
      I tried it and got errors because ekrn.exe constantly closed itself/crashed silently and restarted in a loop.
    3. You cannot import the setting from v8. Even if you export the settings from v8 you cannot import them in v9, because it seems the settings file format has changed.
    4. The license system was adjusted to the one used in the v6 business versions. That means you cannot use your old username/password for this version any more - a license key is required.
      I assume ESET will create a site where you can convert the license. (Currently I couldn't found one)


    Windows 7 x64


    German translation of this post can be found here: https://www.computerguard.de/threads/eset-smart-security-2016-v9-und-eset-nod32-antivirus-2016-veroeffentlicht.9786/

  9. Personally I don't really like the P2P updates...


    However in your situation you could use the business products from ESET where you can make an update mirror on one PC in your network.

    However the PCs with ESET Endpoint Protection have to belong to you of course.


    The only thing you can currently do for other computers is using the latest version of the installer, which also has all VSD updates included (at the time where it was released).

    (And also use the offline installer so it doesn't have to download the installer file every time)

  10. ESS has an Exploit blocker. But did not you know this already, TomFace?


    Whether MBAE is necessary is more or less a personal opinion. I would say it is not.

    However I think MBAE should not hurt in any case. If you're running MBAM with ESS and have no problems also MBAE should be possible.

    But basically it's good just to try it and see whether/how it works.


    Previous thread: https://forum.eset.com/topic/6048-run-ess-with-mbam-premium-and-mbae-premium/

  11. As our detector app does not look for the presence of the patches, but it rather looks at the exploitable vulnerabilities directly, it detects correctly that the device may still be a subject to attacks. As far as I know, not even Nexus devices are fully patched as of today.


    That's good, but AFAIK that's the same which is also done by Zimperium. Zimperium even shows you the exact exploits (7 ones) for which it checks (which even takes longer than the check the ESET Stagefright Detector app is doing). So I doubt that Zimperium is wrong there - and I'm quite sure it also checks for the vulnerabilities directly.


    This is what the both apps actually show:



    And that's the device with it's exact version:


  12. ESET®, a global pioneer in IT security for more than two decades, today announced the acquisition of data encryption company DESlock+. ESET plans to fully integrate the DESlock+ core technology into its existing business and consumer product lines. Financial details of the transactions were not disclosed.

    Data protection and privacy are among the top concerns of both companies and individuals, with government agencies enforcing regulations that require businesses and organizations to implement security measures, including encryption, to protect the data of their users.



    So as it seems we are going to see an encryption part in ESET products in the near future...

  • Create New...