Jump to content

itman

Most Valued Members
  • Content Count

    4,140
  • Joined

  • Last visited

  • Days Won

    130

Everything posted by itman

  1. The Autoruns screen shot I posted just showed the current registry settings. These have to be added manually via Regedit or possible by Group Policy: This type of activity should be restricted via Group Policy setting.
  2. A-V C is "very creative" when it comes to finding samples for its Realtime test series. It's not uncommon for it to slip in a few samples that are geographically restricted to one country and/or region within with an "in-the-wild" dispersion of < 10. The odds of encountering one these samples in close to zero.
  3. I assume the reference is to this year's most recent A-V C Realtime test where Eset scored 98.4%; approximately the same as it has previously scored recently in this test series. If one has concerns about Eset, refer to this more comprehensive test series where over 10,000 malware samples are used: https://www.av-comparatives.org/tests/malware-protection-test-march-2019/ . Eset scored 99.86% for malware protection. Again, this is only one AV Lab's test; and test series for that lab. Refer to all the AV lab tests that Eset participates in and you will observe that Eset is a top scorer overall.
  4. I did some testing a while back in regards to Edge and Eset B&PP. Now, it is possible things have changed since then. I set Edge to my default browser. Manually running Eset B&PP from the desktop opened Edge as a protected browser w/o issue. Whether Eset B&PP was fully functional in regards to keystroke protection and the like, I did not test for.
  5. I use Thunderbird. I just checked my e-mail and had no problem connecting to AOL servers using IMAPS using EIS 12.1.34. I also run Win 10 x(64) 1809. Did you just recently upgrade to Win 10 x(64) 1903 on the device with T-Bird e-mail issues? Are the PCs w/o issues also running Win 10 x(64) 1903?
  6. I use the registry debugger option for .exe's that can run from any directory. I set them to open as svchost.exe which immediately terminates: Eset HIP rule to block any write activity to C:\PROGRAM FILES\TIXAT\*.* would prevent anything being created in the folder. Eset HIPS rule to block any application startup in %homepath%\AppData\Roaming\*.* would prevent any program startup in that or any sub-directories. Also note this in regards to using variables in Eset HIPS rules: https://forum.eset.com/topic/15740-environment-variables-for-hips-rules/?do=findComment&comment=77806
  7. It might have something to do with the status of the specific user account. For example, the "All Users" account is considered an operating system directory and is not shown by default in Windows Explorer. I suspect that "\\" use as far as the Eset HIPS goes might only work for directories that are not hidden by default. It also might not work based on user account status. For example if the user logs in as standard user, versus a local admin.
  8. Since this is a new license, you might try this: https://www.eset.com/us/activate/ Appears this will create a new Eset account specific to this license. Also appears that a cd-key can be enter here since the web site refers to "retail code" that I assume is the cd-key.
  9. Correct. Hopefully, this new decrypter will allow for previously encrypted files that were saved to now be decrypted. Unfortunately, concerns still don't backup their files in spite of the ransomware threat.
  10. https://www.europol.europa.eu/newsroom/news/just-released-fourth-decryption-tool-neutralises-latest-version-of-gandcrab-ransomware
  11. To back up a bit, one should never see an Eset alert about external IP address sourced port scanning if they are using a router that includes a firewall. If such an Eset alert presents, it is an indication that there is a problem with the router or its current setup configuration.
  12. You're on your own with this device. Appears to be something directly shipped from China. Might be used primarily by U.K telecoms and the like.
  13. Here's the user manual for the ZTE device: https://www.consumercellular.com/Assets/documents/Manuals/ZTE Mobile Hotspot User Guide.pdf . As I suspected, the default password is "Admin." Also make sure WPS has been set up properly which also requires a password.
  14. This indicates that the ZTE Hotspot is properly configured to block any unsolicited incoming open port activity. One possibility is the ZTE device has been hacked and is allowing incoming port activity to your PC from a remote attacker. Note that GRC test would not detect this type of activity. Check if a password has been established for ZTE device. On many such devices, a default password of "admin" or the like is used. Create or change the existing password to a strong one. Then you will have to reset the ZTE Hotspot to reestablish its default values.
  15. Getting back to the OP's network setup, appears the ZTE reference is to ZTE Mobile Hotspot noted here: https://www.consumercellular.com/blog/affordable-portable-wi-fi-wherever-you-go-with-the-zte-mobile-hotspot/ . He then appears to connect to the TP-Link device. The question is what is the TP-Link device? I suspect that it's a USB adapter connected to his PC to capture the ZTE wireless communication. In other words, there is no router per se involved here.
  16. This test is only valid if the router does not have a firewall. It it does, all that it determines is open and stealth port status of the router's firewall.
  17. Appears to me either something is wrong with your router settings, or possibly your ISP's connection to it. The majority of blocked inbound traffic is due to DHCP. The first thing your PC does when it boots is to use DHCP protocol to assign an external connection address issued by your ISP servers. It does this by using the built in DHCP server in the router. When this connection can't be established, Windows will assign an internal APIPA IPv4 address in the 169.254.0.1 through 169.254.255.254 range as shown by your screen shots: https://www.webopedia.com/TERM/A/APIPA.html . Windows will keep trying to establish a valid DHCP address in periodic intervals. Hence the high block count shown. Normally, this situation will resolve itself which appears not to be happening in your case. The problem with the Eset firewall is it doesn't treat APIPA addresses as valid IP addresses for inbound traffic. Without further explanation on the other blocked activity shown in your screen shots, do a hard reset on your router. The easiest way to do so is unplug it from the power source, wait a minute, then plug it back in and wait for it to complete reinitialization. If this doesn't solve the DHCP connection issue, there is either a problem with your router or your ISP. I would start by contacting your ISP about the issue.
  18. Here's a ref. to netio.sys bluescreen issues: https://www.thewindowsclub.com/fix-netio-sys-bsod-error . Normally caused by network adapter driver issues. Eset sometime ago stopped using a network adapter mini-port filter to monitor web traffic. Verify that Windows Defender in 1903 has been disabled and NOD32 shows as the only realtime AV solution active.
  19. It's normal for apps to create files in that directory. It's also quite frequently happens that files remain in that directory after the app has been uninstalled. Since you seem overly concerned about residual files created by Eset's Online Scanner app, then remove the files. Just make sure you are removing files related to it and not some other currently installed app. -EDIT- https://support.eset.com/kb405/?locale=en_US&viewlocale=en_US
  20. See this thread for reference: https://forum.eset.com/topic/19751-eset-online-scanner-wont-remove/
  21. I believe this article sums up the differences nicely: https://wtop.com/tech/2018/06/is-windows-10-safer-than-windows-7/
  22. This might have something to do with the Eset detection: https://support.wix.com/en/article/staticwixstaticcommedia-appears-in-url-of-wix-images
  23. Refer to this article as a guide to things you can try: https://neosmart.net/wiki/system-recovery-options/ . Since you haven't been able to boot into Win 7 since the Eset uninstall, I would start with the the "Last Known Good Configuration" option.
  24. Below are links to free AV lab recent endpoint comparative test reports where Eset endpoint was included: https://www.mrg-effitas.com/wp-content/uploads/2019/06/201704-MRG-Ransomware-Test.pdf https://www.mrg-effitas.com/wp-content/uploads/2019/05/MRG_Effitas_2019Q1_360.pdf https://selabs.uk/en/reports/small_business https://www.av-comparatives.org/tests/business-security-test-march-april-2019-factsheet/ A few comments about NSS Labs. They don't charge AV vendors for testing. They earn their revenue from selling their test reports. Just because an AV vendor product is shown as being tested does not imply that the vendor previously consented to being tested. Eset in the past has publicly objected to NSS Labs test methods pertaining to their endpoint product. Despite repeated attempts by Eset to resolve their issues with NSS Labs, it has refused to even respond to Eset's communication to them on these issues. Ref.: https://www.eset.com/us/about/newsroom/corporate-blog/esets-response-to-nss-labs-advanced-endpoint-protection-test-results/
  25. That's a question you will have to ask NSS Labs about. Their response will probably be that you have to purchase the full report to find out why.
×
×
  • Create New...