JitzyJT
-
Posts
18 -
Joined
-
Last visited
Posts posted by JitzyJT
-
-
Please bring a dark theme to the forum!!!!
-
On 9/29/2020 at 9:35 PM, Marcos said:
Yes, v14 is going to be released later this year. It will be announced here as well as via other marketing channels.
Cool !!!
Does that mean all users under Ver 13 will get a free upgrade to the new release?
@Marcos -
2 hours ago, Marcos said:
About 6 hours during weekends. Anyways, streamed updates coupled with the LiveGrid reputation system ensure receiving newly added detections every few minutes.
Thank you @Marcos
So it's about every 6hrs during weekends for signature updates?
What about during Mon-Fri? -
What's the update frequency for ESET to update it's module?
It's been 4 hours since it last updated the signatures.
Is this normal? I thought the frequency was every hour or two?
-
42 minutes ago, itman said:
The problem here initially is the Eset GUI was being denied access to the Windows Apps folder when you tried to select a file in that folder.
The solution to this and like access situations is to first copy/create the full path name to the desired .exe and paste it into the Eset firewall rule. This eliminates the Eset GUI permissions issue since the GUI is not trying to physically access the folder.
Make sure you reset Windows Apps folder back to its original default permissions.
Thank you @itman for all your valuable inputs you share in this forum.
I did exactly what you mentioned and reverted everything back to default and the rule still works until the app gets updated. But now I know I can access the folder using a file manager and then copy the path name and then paste it on the Eset firewall module "Rules" tab.
Thanks for telling me that. I wonder why I didn't think about that in the first place!!!!
Now I don't have to change the permissions of Windows Apps folder every time the desired uwp app gets updated.@Marcos You can close this thread as I have the solution now.
-
But I would really appreciate if ESET have a feature in their firewall module to deny access to running processes on user demand "permanently"
-
24 minutes ago, peteyt said:
Found this not sure if its any good but apparently has methods https://www.maketecheasier.com/access-windowsapps-folder-windows-10/
Thank you @peteyt
I followed the "Manual" instructions in that page and took ownership of the folder and it's contents.
Now I can access it through ESET firewall to create rules.Don't even have to change to interactive mode in the firewall module.
It works!!!
Now I want to know if there is any security concern for taking ownership of the "Windows Apps" folder andit's contents since Windows didn't want to allow access by default. -
6 minutes ago, peteyt said:
Id also check that link above which might allow you to get proper access to the folder.
There's even a quick fix download but I'd use that one at your own risk
I'll check it out.
Thanks @peteyt -
3 minutes ago, Marcos said:
As a workaround you could temporarily switch to interactive mode, run the desired Windows app, create a blocking rule and then switch back to automatic mode. However, creating rules for Windows apps is not recommended since the folder name changes with each update of the app and therefore you'd have to create a new rule each time an app updates.
Thank you @Marcos
I'll try that. I do know after each update the apps folder name changes and I have to do it again. -
Before ESET I have used Bitdefender, Kaspersky and Comodo. None of these apps could access the folder through explorer just like eset.
BUT all these security solutions had an option to deny internet access "permanently" for a running process through their firewall module.
I'm wondering if eset could do it as well. The workaround through network connections is only temporary -
7 minutes ago, Marcos said:
You can create a blocking firewall rule for specific applications. As for WindowsApps, not sure what's special about it since I can't get there either from explorer after elevating rights via UAC but can get there through a file manager after elevation.
Exactly @Marcos
If i use a file manager or some space explorer apps I can access the folder and it's contents but not possible through explorer or from ESET.
That's why I asked about denying access through the running process tab. But I need a permanent way to deny access for it -
12 minutes ago, peteyt said:
Do you use the apps? If not rather than just blocking it does it not let you uninstall them?
Thank you @peteyt
Yes I do use uwp apps and yes it will let me uninstall them. I use normal Windows "Apps & Features" setting to uninstall most of the apps. Some Windows own apps cannot be uninstalled like that. For that I use powershell commands. It's not a problem though.
12 minutes ago, peteyt said:It also looks like a permission issue stopping you from accessing the folder but unsure why. Does the security tab link in the message do anything?
It's indeed a permission issue. I can access the folder through another app called Minitool Partition Wizard. But I get the "Access Denied" popup if I try to open the folder directly by going through my C drive or browse it through ESET.
-
45 minutes ago, Marcos said:
Via the network connections panel you can temporarily block communication for a process:
Is that the only way to block internet connection for running processes?
Because when that process starts again it can access internet unless I do what you mentioned. I want to know if I can deny internet access for a process permanently.
49 minutes ago, Marcos said:I don't understand. Only users with administrator rights can create rules. And such users have access to folders in Program files.
I'm the admin of my Windows account and I have admin rights and I can access any folders inside "Program Files" except for "Windows Apps" folder.
-
Hello ESET,
I would like to know how to deny internet access for a particular running process using eset firewall.
I also would like to know how to deny internet access for a particular Microsoft Store app. The path leading to "C:\Program Files\WindowsApps" doesn't give permission to manually add them.
Instead is it possible for firewall to block it from the running process?For example below is a screenshot of a store app running in the memory "Disney Magic Kingdoms" and the process name is "_dk_entrypoint_precompiled.exe". Now I can't block it the traditional way since the user have no access to the folder ("C:\Program Files\WindowsApps\DisneyMagicKingdoms") by default.
So I want to know if I can block that process running in memory using eset firewall?
Windows default firewall could do it. -
2 hours ago, Marcos said:
1, In the list of SSL/TLS filtered applications change "auto" to "scan" for idman.exe:
Thanks again @Marcos
That did it. I changed the scan action of IDM from "auto" to "scan" and ESET blocked it straight way. Tried with Chrome, Firefox, Edge Chromium (with microsoft store idm extension) and Brave browser.
ESET blocked the download on all four browsers.
As for limiting the connections which I didn't have to do anyway so I'm leaving it as it is.
I'll keep looking if it'll happen again after changing the setting.
Thank you for now!!! -
10 hours ago, Marcos said:
Web access protection cannot scan files downloaded through download managers. Downloaded files will be scanned by real-time protection or upon extraction from an archive.
Thank you @Marcos
But when I tried downloading from AMTSO all files were blocked by ESET even if the download was initiated by IDM..thumb.png.09197ea24cc8bd42c4d51ebd898cf314.png)
But if I download the eicar zip file from the official page ESET doesn't block the download through idm. ESET blocked the page but not the download from the eicar official page. But it did block the download from AMTSO. This is what I'm getting into.
If it's by nature that ESET functionality is to not block downloads done through download managers then it shouldn't work for any websites.
I believe it's because the eicar test file downloaded from the official page have SSL encryption and AMTSO doesn't?
-
On 6/28/2020 at 1:17 PM, Marcos said:
It seems the website doesn't actually initiate the download of the test file eicar.com. Try downloading it from here:
hxxp://2016.eicar.org/download/eicar_com.zip
If detected, web access protection works alright.
On 6/29/2020 at 6:25 PM, itman said:Actually, that's the zipped version. Both HTTP and HTTPS eicar.com versions can be downloaded here: hxxp://2016.eicar.org/85-0-Download.html . In any case, Eset detects both on attempted download.
Looks like there is a problem - again - with the AMTSO test download web site.
To add to this ESET doesn't block the download if it's done through internet download manager. The file downloaded successfully and then the file detection cleaned it up from the downloads folder.
I also tried going here and downloading from all four https versions of the file and then again the both zip files got downladed via idm but the threat was detected by eset with a notification.
The file got downloaded and it is a concern.
Can you guys also test this out in Google Chrome with latest idm installed?
PS : The file was blocked when I tried downloading without idm.
Eset Internet Security : 13.2.16.0 (64bit)
Google Chrome : 84.0.4147.105 (64bit)
Internet Download Manager : 6.38 build 2
Thank you
.png.90a440973eaa740f47a8796bc4d8d23c.png)
Forum Feedback
in General Discussion
Posted
Thank you @Marcos
Dark theme looks awesome!!!