rugk
-
Posts
1,716 -
Joined
-
Last visited
-
Days Won
54
Posts posted by rugk
-
-
In many cases like this there is an https frame inserted in the http website - check whether this is not the case.
Come on. That's not secure at all.
Any attacker could simply inject JavaScript into the HTTP site and send all data entered to itself.
An HTTPS-IFrame does not help in any way to prevent this.
-
Correct.
The IP addresses should belong the the domains. At least when I looked them up they were.
-
Yes I have to adjust the toll to be compatible with ESET v9. I'll track this issue in on Github.
If I find the time I'll fix it. Besides this contributions are welcome of course.
-
AFAIK even a huge blocking rule should not slow down ESET's firewall.
by the way virus total flags it sadly as HEUR/QVM11.1.Malware.Gen and W32.HfsAtSTIL.6930 -> hash SHA256 d9be90d7d6ea015c9f438f0df35611bde8e221423170ec342346ea9f5e62b5ef
The hash is correct. These detections are false positives.
I have changed the first post to add a note about this (again). -
Maybe some motivation for updating the Linux version:
In this test, the best detection rates in terms of Linux and Windows were exhibited by the desktop solution from ESET, followed by Symantec and Kaspersky Lab endpoint versions for company workstations.
-
If you have a list of IPs (each IP on a new line in a txt file or something similar) you can use it.
If you have no list of IPs I only have a sample of the ones used by ZeusTracker. You can get it here.
i mean does the program add 222 ips considered malware ,doesn'it ?This depens on what list you use, but the ZeusTracker list is a list of domains used by a malware.
does it work like peerblock ?
Based on a quick read about Peerblock I think so, yes. However if you want to use a list from Peerblock (or better: from https://www.iblocklist.com/which is used by Peerblock) you would have to adjust it first by removing the labels before each IP.
-
See post #175
Just BTW: You can also get the direct link of a post by clicking at the number at the right top.
-
Not sure how they did it when they released V7 that was also first released on a few local markets just like V9 hmmm
You maybe mean v8? Because v7 was released at once as far as I know. Only v8 was just released worldwide later on. At the specific language release this there was also an announcement, but I can imagine that they now want to prevent complaints from users who are asking when it will be available in their language...
So maybe you're right.
-
BTW why is there still no (pinned) thread about the new ESS and NOD32 release?
-
@ThomasP
Okay, nice. However installing v9 over v8 didn't worked in my case. And as said by @TomFace many people may also like to do a clean installation (just as a matter of principle e.g.).
So for issue 4 the link is nice. I did only saw one link (which was the question "Do you have a username/password?") but the site opened did not loaded so I closed it again.
As I think this was temporarily I guess this is the site you mean.
Point 3 is more bad if you want (or have) to do a fresh installation on the same device (or a new installation of v9 on another device if you want to reuse the settings).
So what do you think about a standalone settings converter? Just so that i can use my old settings files with the new format too.
-
Interesting to know. However I don't know why this matters...
Especially how do you get this conclusion?
i have noticed that live grid works better in v8 then prev. version
I think there weren't significantly changes and the new LiveGrid module is independent of the product versions (also appears in v8).
-
Problem here is if it's cloaked malware some of which are sandbox aware, it could escape detection.
You don't know what sandbox ESET uses and the malware (author [hopefully]) does not know this either. Additionally there could be multiple sandboxed used or the file could otherwise be analysed or processed before it's given to the sandbox.
Basically many things could happen there. And I'm sure ESET makes it as hard as possible for the malware to get out that it's running in a sandbox.
The implication here is it is passes cloud and back-end scanning, the software will be whitelisted on your PC?
It would not be whitelisted - it just would not be detected. That means if there is a traditional signature it would still detect it.
To get on the cloud whitelist a file must pass more criteria than a single test AFAIK. E.g. statistical things like how many users use it, how new the file is may play a role, but I think there are more factors, which ESET won't disclose - of course.
BTW - I like this one: "its hashtag is first compared against these white- and blacklisted items"
Hashtag? #maliciousfile
Whoever wrote the help possibly just meant hash and not hashtag.
-
I installed German Version 9 over Version 8 without problems on my PC and laptop (both win 7 64bit).
No new licence key was needed.
Oh, great. In my case it did not worked that well...
So I'll use v8 a bit more.
-
As said ESET v9 was already released in some languages. So I've did a quick test and here is what I'd like to say (also for other using who want to upgrade).
- At first (of course) do a backup before upgrading. (at least create a system restore point)
- You have to uninstall the Version 8 of ESET prior to installing v9. This means, do not install v9 over v8.
I tried it and got errors because ekrn.exe constantly closed itself/crashed silently and restarted in a loop. - You cannot import the setting from v8. Even if you export the settings from v8 you cannot import them in v9, because it seems the settings file format has changed.
- The license system was adjusted to the one used in the v6 business versions. That means you cannot use your old username/password for this version any more - a license key is required.
I assume ESET will create a site where you can convert the license. (Currently I couldn't found one)
Windows 7 x64
German translation of this post can be found here: https://www.computerguard.de/threads/eset-smart-security-2016-v9-und-eset-nod32-antivirus-2016-veroeffentlicht.9786/
-
Personally I don't really like the P2P updates...
However in your situation you could use the business products from ESET where you can make an update mirror on one PC in your network.
However the PCs with ESET Endpoint Protection have to belong to you of course.
The only thing you can currently do for other computers is using the latest version of the installer, which also has all VSD updates included (at the time where it was released).
(And also use the offline installer so it doesn't have to download the installer file every time)
-
-
ESS has an Exploit blocker. But did not you know this already, TomFace?
Whether MBAE is necessary is more or less a personal opinion. I would say it is not.
However I think MBAE should not hurt in any case. If you're running MBAM with ESS and have no problems also MBAE should be possible.
But basically it's good just to try it and see whether/how it works.
Previous thread: https://forum.eset.com/topic/6048-run-ess-with-mbam-premium-and-mbae-premium/
-
As our detector app does not look for the presence of the patches, but it rather looks at the exploitable vulnerabilities directly, it detects correctly that the device may still be a subject to attacks. As far as I know, not even Nexus devices are fully patched as of today.
That's good, but AFAIK that's the same which is also done by Zimperium. Zimperium even shows you the exact exploits (7 ones) for which it checks (which even takes longer than the check the ESET Stagefright Detector app is doing). So I doubt that Zimperium is wrong there - and I'm quite sure it also checks for the vulnerabilities directly.
This is what the both apps actually show:
And that's the device with it's exact version:
-
ESET®, a global pioneer in IT security for more than two decades, today announced the acquisition of data encryption company DESlock+. ESET plans to fully integrate the DESlock+ core technology into its existing business and consumer product lines. Financial details of the transactions were not disclosed.
Data protection and privacy are among the top concerns of both companies and individuals, with government agencies enforcing regulations that require businesses and organizations to implement security measures, including encryption, to protect the data of their users.
So as it seems we are going to see an encryption part in ESET products in the near future...
-
-
ESET already has a DDOS protection included in the firewall.
-
Just FYI: As for svchost.exe you can choose the service which a rule should cover in v9 of ESS and NOD32.
-
Okay, they confirmed me that it's a false positive:
It is a false positive of our scanner and this issue will be fixed in our next signature update.
-
You may want to send this question directly to the ESET labs: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141
Maybe they can answer you better.
CSR Harmony Wireless Software Stack injects weak root certificate into trust store
in General Discussion
Posted · Edited by rugk
I was quite surprised as I saw too very suspicious root certificates in my CA store.
These were installed by a Bluetooth driver from CSR. Obviously this enables interception of HTTPS connections if the private key is found.
Additionally it injected certs into the "trusted publisher store", which means it can also fake digital signatures.
The worst thing are the certificates itself - they are 1024bit RSA certificates, which are very insecure, so that it may be possible to crack the public key and get out the private key.
More information here: https://pastemarkdown.com/Su5Ch
And here you can see how it injects it: https://vimeo.com/rugkme/csrharmonyrootcert