itman

I will also note that this URL, https://www.agricom.cl/ , is OK. Appears to me that access is being attempted to an intranet domain of above via the Internet?

Since there have been past complaints about Eset blocking IOBit web sites and software to boot, note the following also from the bleepingcomputer.com article. Obviously, the attacker used this vulnerability to exploit the IOBit web site.

Are you disabling the Ethernet network connection as noted below? https://www.addictivetips.com/windows-tips/disable-an-ethernet-connection-windows-10/

Elaborating on this attack, the details are as follows. The IOBit forum website was compromised by an attacker who gained admin access to the site. This allowed him to harvest e-mail addresses of forum users and plant a malicious download from the forum web site. The attacker then sent e-mails to IOBit forum users which stated they were the winners of a free one year license to an IOBit security product. At this point note that the e-mail would appear legit since the sender's address was legit. The following are excerpts from the bleepingcomputer.com article. The ransomware i

The main thing to know about this attack was Windows Defender was bypassed since the malware created exclusions in WD to allow its malicious .dll to run undetected. Kapersky also didn't stop files being encrypted by the ransomware portion of the attack. Per a malwaretips.com poster: Waiting until someone does a detailed analysis on this puppy.

A bit difficult to understand what you posted. Eset has three retail products with a firewall: 1. Internet Security 2. Smart Security Premium. 3. A legacy product called Smart Security. This has been superseded by Internet Security. Which of the above did you have installed previously? Which of the above did you recently install? Did you uninstall what you had installed previously prior to performing the new install?

You can make an inquiry as to pricing here: https://www.eset.com/my/business/windows-security/

The way to diagnose this is as follows: 1. Set Ethernet IPv4 connection back to Obtain DNS server automatically. 2. Reboot device or do via command prompt window, ipconfig /flushdns, ipconfig /release, and ipconfig /renew commands to reset IPv4 connection and acquire a new IPv4 lease. 3. Via command prompt window, enter ipconfig /all and note IPv4 DNS server assignment IP addresses. 4. Open Eset GUI and then Network protection. 5. Select Advanced. Then select Zones -> Edit. In the DNS section, do you see the same IPv4 DNS server addresses noted in the prior ip

Are you referring to the Eset splash screen which just shows an image of Eset logo? If so, refer to below screen shot to disable its display at system start up time.

I came across this posting in regards to connection-specific DNS suffice: https://community.linksys.com/t5/Wireless-Routers/Need-to-get-rid-of-quot-DNS-Suffix-Search-List-quot-from-ISP/td-p/1233151 It confirms: 1. It is assigned by Comcast ISP servers. 2. It is IPv6 conditioned. My best guess as to why it changes from hsd1.ca.comcast.net to hsd2.ca.comcast.net deals with IPv6 DNS server assignment. I suspect hsd1 is the primary IVv6 DNS server and hsd2 is the secondary server. I have never really seen anything like this before. When Eset detects the hsd2.ca.comcast.net

FYI https://help.eset.com/protect_cloud/en-US/what_is_new.html

NOD32 does not contain a firewall. Installing NOD32 would have no effect on any existing firewall you were previously using. Did you perhaps purchase and install Eset Internet Security by mistake?

First, we are talking about connection-specific DNS suffice versus domain DNS suffix. Connection-specific DNS suffix is assigned via the DHCP initialization processing and really should never change. Also Eset uses connection-specific DNS suffice to actually name the network connection. I would talk to Comcast tech support as to why your connection-specific DNS suffix name is changing. Might be a problem with your ISP issued router. Or, there is a router configuration option to prevent this from happening.

More info on the use of APIPA in Windows and when it is invoked is given here: https://www.lifewire.com/automatic-private-internet-protocol-addressing-816437

Since you state this issue is intermittent in nature, another possibility is the use of APIPA address DNS server assignment. APIPA IPv4 DNS server addresses start with 169.xxx.xxx.xxx and are used when DHCP initialization processing cannot establish a valid IPv4 DNS server connection Unfortunately Eset network processing doesn't handle this situation at all and will indeed try to great a new network connection when it occurs.