-
Posts
31 -
Joined
-
Last visited
About j_mo
-
Rank
Newbie
Contact Methods
-
Website URL
twitter.com/theamazingjmo
Profile Information
-
Gender
Male
-
Location
USA
-
Interests
stuff
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Hello, I am using someone else's LAN at the moment, and I am trying to only trust the IP of one other device. I think I have the trusted zone configured correctly, I just don't know if it's blocking all the multicast. Usually when I create a specific blocking rule there is tons of blocked connections. I have it configured with zones and it doesn't log anything. I wanted to make sure it is still working.
-
j_mo changed their profile photo
-
Hello all, I noticed the firewall notifications that appear in Interactive Mode do not have the time of the attempted connection. This seems like a pretty easy thing to add, and not having it causes issues, at least for me. If I come back to my PC and there is a notification from a process I don't recognize, or a Windows system process or some such, I often cross reference the notification with sysmon to figure out when it ran and why. This would be a lot easier to do with the time on the notification. It is very time-consuming to try to find it in ESET's logs
-
New_Style_xd reacted to a post in a topic: Eset and Google chrome together?
-
Eset and Google chrome together?
j_mo replied to New_Style_xd's topic in ESET Internet Security & ESET Smart Security Premium
I'm gonna be that guy and put it out there that Chrome has some security issues and weird advertising and analytics projects like FLoC embedded in it, where you don't even know if you're a participant unless you investigate the code yourself or use one of the detection sites, and I don't recommend it for anyone. Much better off using a Chromium based browser like Vivaldi, or even Edge over Chrome. -
Hi, I have set up an Unbound resolver running on localhost. All is well, except that ESET can't connect to LiveGrid. I gather this is because it wants to use the Windows DNS client. Well, it can't, because I murdered it. Got tired of it not listening to me. Leaking DNS all the time, and my ISP has a transparent proxy so my router DNS settings are meaningless. In fact, the router won't even allow the static routes for the DNS to be deleted. They just magically reappear. So, maybe not just a proxy, but tampered hardware. I'm going to complain to the technician when they come on Tuesday. That's beside the point. I just want ESET to accept 127.0.0.1 as a DNS server. It will not accept any manually entered configuration.
-
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
Well, thanks for assisting me in locating the source of the issue. I do not use Edge except on very rare occasions where I need a Chromium browser and it's already there. My main browser is a Firefox fork so unfortunately not supported by ESET. I'll try to look into the technical workings of the secured browser to see what benefit if any it provides to what I already have. Do you know if ESET plans to incorporate any virtualization technology into their software, akin to what Kaspersky and some others have now? That should essentially secure the memory, keyboard, etc. of many programs on the system, rather than only a few supported popular browsers. -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
For example, Windows UWP apps change their paths every time they update. It would be very helpful to wildcard part of the path. It seemed to work in the past but I don't think my rules where I do that are working anymore. -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
I fixed that problem by turning off the secured browser. That's what was generating those blocks. They're gone now. I guess "OPP" is Online Payment Protection or something like that would be my guess, -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
Judging from the documentation it looks like some features require exact processes and some don't; I'm just having trouble figuring out which will allow paths. It looks like performance exclusions will, but HIPS Deep Behavioral Inspection only says "processes." It would be helpful to be able to make firewall rules with paths/wildcards as well but I don't see an answer for that. -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
Actually, I just had a thought that the Edge browser being set to secured may be causing that. Glad you mentioned the banking protection. I'll turn the always secure thing off and see if that helps. -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
I don't think it's very good behavior to have processes like Edge blocked from system applications by default. I don't see any way I can override that OPP protected process rule, it's a hidden rule basically. I will have to turn Self-Defense off which is a shame. -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
So just to confirm, in all the rules of the entire application, the only one that accepts wildcards are registry HIPS rules? What about paths? -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
No, when you look in the HIPS log you can see that Self-Defense protects other processes than just ESET's. Edge is one. It's under a separate rule called OPP Protected Process. I'm trying to let some programs access Edge. Windows Error Reporting can't even get access for pete's sake: Time;Application;Operation;Target;Action;Rule;Additional information 2022-01-29 9:00:09 PM;C:\Windows\System32\WerFault.exe;Get access to another application;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;Blocked;OPP protected process;Modify state of another application,Terminate/suspend another application I have HIPS on Automatic currently. I only have two manual rules and they have nothing to do with this. -
j_mo reacted to a post in a topic: Wildcards and paths
-
j_mo reacted to a post in a topic: Wildcards and paths
-
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
Is there a way to modify the OPP Protected processes rule? Like exclude msedge.exe as a protected process without having to disable the whole Self-Defense? -
Wildcards and paths
j_mo replied to j_mo's topic in ESET Internet Security & ESET Smart Security Premium
I looked in documentation but I never found that. -
Hello, are wildcards or paths allowed in rules or not? It seemed like they were in the past. If they aren't, why are they accepted as valid inputs? Thanks.