Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by chrcoluk

  1. The setting still exists on Windows 8.1. https://winaero.com/how-to-disable-or-enable-fast-startup-in-windows-8-1/
  2. Is there a changelog? even tho I had prelease selected i wasnt expecting an automated update to v12 without consent been asked.
  3. I think it has actually activated, as I have a 30 day license, I had to click on the X to close the activation window after acknowledging the error.
  4. An internal error occurred during the activation process. Latest version downloaded directly from ESET.
  5. This seller is still around, and still selling these licenses. I am talking about eset enabling this practice to happen, really they should either be honouring the licenses so innocent people dont lose out or taking action to prevent this from occurring.
  6. I brought a 10 year license from ebay, it seems the practice is to wait for ebay feedback period to expire and also wait for paypal period to expire (6 months) and then cancel the license. Isnt eset giving too much power to resellers as its enabling some nasty fraud to take place. This here also where marcos response was not very forgiving https://forum.eset.com/topic/16019-eset-cancelled-license/
  7. the pause protection is useful for me, please re add it. I have a password enabled so to pause that password has to be entered. Perhaps make it so it still shows if a password is set?
  8. I am not talking about the process although I didnt specifically check the process usage but I think its tied to the OS buffers or something, as I remember checking task manager and no process had large amounts of usage. It was basically memory unaccounted for. Task manager reported the memory as commited but in the process list nothing had it used. The problem goes away when I disable the ransomware protection and does not exist in nod32 v8 (but of course v8 doesnt have the ransomware protection). If I ignore it then windows will eventually start closing down processes when memory runs out as after a few of weeks of uptime its several gigabytes of memory leaked.
  9. I prefer the new warning icon, orange was too in your face for informational minor stuff.
  10. I have been running v10 for a while on both my laptop and desktop, overall I am happier with it than v8. However on my laptop there has been a niggling memory leak, its slow but steady, it seems to leak about 100-200mB a day in resource usage, the leak cannot be recovered by closing programs, I have always had to reboot to recover the memory. I started playing with the settings and found by disabling the new ransomware protection in HIPS settings has solved it. I have an idea of why its happening, my laptop runs automated tools every minute which connect to my modem to collect stats and upload to a server, several scripts are run to collect and process this information, these tools have caused a lot of security programs to have problems, so I suspect nod32 is having issues with them, I am happy to share the tools with the developers if it helps them diagnose the problem. My desktop doesnt seem to have the memory leak problem.
  11. So I have been using nod32 with outlook for a number of years, I am scanning emails using the outlook plugin. I however want to migrate to thunderbird, the first problem I noticed was that there is no plugin. I googled and nod32 decided to drop support way back in v5 for vague reasons, which seemed to be summed up as they couldnt be bothered to maintain the plugin anymore. Even when pointed out there is a long term support version of thunderbird which lasts a year with no feature changes eset seeminly refuse to support it. Yet of course they advertise on their commercial product they scan email traffic for viruses. So I enabled pop/imap protocol scanning (and ssl pops/imaps), now it is worth pointing out at this point there is 3 ways to connect to a email server. 1 - plain text, very bad idea, especially when using plan login auth method. Many providers even outright block this. 2 - legacy implicit ssl, this is now considered legacy aka deprecated, some providers no longer support this, especially on smtp. 3 - explicit ssl, aka STARTTLS, this is the modern reccomended way of connecting to mail servers for all 3 of smtp,imap and pop. Now the nod32 protocol scanning options have the ability to enable for plain connections and implicit, explicit is nowhere to be seen but its possible by design it is supposed to work when using the pop/imap vs pops/imaps settings. What I discovered was this. 1 - plain, scans as expected. 2 - legacy implicit, no scanning, this surprised me as its clearly optional in the settings, but nope no eset signature and eicar attachment no popup from nod32. 3 - explicit ssl, I was hopeful, but no scanning. Now if this was some guy on his own offering free code, I would be understanding. But this is a commercial product which I have paid for, and from where I sit as the customer its not my concern if it is hardwork for eset's developers to maintain a thunderbird plugin. It should be a "deal with it" situation. The plugin is my preffered solution but if they can make the protocol filtering work with STARTTLS then I would accept that as well. So please eset fix this or stop advertising email scanning support. Now I am still using v8, after some sleep, and maybe when the weather cools down a bit so I have more energy I will try v10 beta on a spare machine with thunderbird to see if that works. Also to add, if it is to be done via protocok filtering eset, need to make sure they keep up with modern encryption standards, gcm/chacha ciphers, pfs, dane, key pinning etc. Also wise to point out interception of encrypted traffic goes against the principles of TLS, so by far a plugin is the preffered solution.
  12. I too would like more information on this, the description from eset on AMS is extremely vague and whilst marcos has offered a bit more insight he still hasnt clarified how nod32 determines a process to be suspicious. The post above mine is proof customers of eset are looking at the competition the fact they researched what emsisoft are doing, and I too can confirm I was doing the same, yesterday I spent about 3-4 hours mulling whether to buy nod32 licenses or emsisoft licenses for my laptop and w10 testing machine. I came very close to emsisoft due to the behaviour blocker (of which their documents and staff explains what it looks for as well as been configurable) but in the end stayed loyal to eset because I have used it for so long, and I have made some developed HIPS rules for use in nod32. Maybe eset think its not wise to reveal how this stuff works as then a bad guy reading this forum knows how to work round it, but it also makes your customers not trust your product so much as they cannot be sure they are protected from certain types of malware. I run hitman pro alert alongside nod32, and disabled nod32's EB and AMS because I fear it conflicts with HMPA, and I use HMPA for exploit blocking because they have gone into detail what they do to block exploits, whilst eset's description is very vague. I used to run EMET alongside nod32 before using HMPA, and things EMET protected against such as bypassing OS level DEP, nod32 never blocked, so I am honestly very confused specifically what exploit blocker does and what behaviour AMS looks for.
  13. adding this here, as is more relevant then where I posted it I guess. https://forum.eset.com/topic/8418-wishlist/ Will install the new v10 beta on my win10 machine and a VM to test.
  14. it fails because ESET doesnt check for revoked cert's, is recommended if you value proper TLS security to not use https scanning. hxxp://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
  15. The ESET root certificate is not pre-generated. Keeping SSL filtering enabled is strongly recommended and safer than having it disabled as the number of malware that utilizes encrypted communication is rising. With SSL scanning disabled, your system might be vulnerable to such malware. The document is very valid marcos, its sad that eset keep telling people to ignore this stuff instead of redesigning the way they scan https traffic to be TLS RFC compliant.
  16. Can I use this new hips module on v8? and yeah itman has great rules, I try to find posts where he posts a few so I can copy but he wont release the whole set :/
  17. I concur, eset hasnt done this behaviour in the past, I strongly suggest to not force v8 users to upgrade.
  18. what do people (and eset) think about these suggestions? My NOD32 want list mostly HIPS related. 1 - after entering password to make changes, no further authentication needed for 60 seconds (configurable in options up to max 15 minutes min of 0 aka current behaviour). 2 - Require password for temporary approvals on HIPS (made viable by #1). 3 - Add a interactive mode that doesnt auto approve on failure to respond to prompt. 4 - Add a feature that if in interactive mode and no activity detected for 2 hours (interval configurable), auto switch to policy mode. 5 - Dont require http(s) scanning for normal status icon. 6 - Add choice between new and old UI. 7 - Do not make import config also import license info, whilst this is convenient, its a problem when sharing config between machines.
  19. I observed whenever importing my config e.g. following a windows reinstall, it also copies my license over and activates nod32, is convenient, but I fear a problem. I have just purchased 2 more licenses which is one key for 2 installations, and plan to import my config from my existing setup. Will it try to import the key and activate making eset think I am sharing my license info? I need to import as is many HIPS rules on my configuration. A lot of work to do manually.
  20. I hope you add an option to stop v8 users been prompted to use v9. My issues are I dont like the new UI its too big and slow, and when I used it, it seemed buggy (hips rules corrupted), finally I dont like how it doesnt let you disable https scanning without a warning so my preference is to keep using v8. Freeola sent me the user/password so I have now extended my license fine. Can I ask why you doing this but still allow people to use v7 and older? so if I dont upgrade to v9 will v8 still get updates?
  21. yep they didnt include it, thank you, will ring them in 2 hours when their offices open.
  22. To add I read the knowledgebase which shows a screenshot on v8 with an option to use a key, when I click activate tho that option is not there. hxxp://support.eset.hu/kb2792/?viewlocale=en_US
  23. marcos if you going to have an http interception module you need to keep up with modern web standards. http/2 is v2 of the http protocol, which originated from google's spdy. there is also a upcoming QUIC protocol as well.
  24. I had to get a new license because freeola wouldnt let me renew existing, but I got sent a v9 key not v8 license, is there a way to covert this or use this on v8 please? I am not interested in v9 at this time. I still have the option directly renewing with eset which is easier but then I would have to chase freeola for a refund.
  • Create New...