Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. @Marcos , I am pretty sure there is an issue with Eset regular module updating. Last Friday evening , I inadvertently signed off my PC instead of shutting it down. As expected, Win 10 scheduled task fired off at 2 AM that woke up the PC to perform Win Updates. Shortly thereafter, Eset also downloaded a full module update as confirmed by corresponding Eset Event log entry. This is the first one received since upgrading to ver. 12.2.23 on 7/18. Also a bit strange this full module update occurred when I was not logged onto the PC. The ver. number for Cleaner module was still 1195. This morning I switched to pre-release updating and finally the Cleaner module was updated to ver. 1199 per below screen shot. Also a few other modules were updated that don't appear to be pre-release vers.; i.e. no "P" suffix appended to the end of the module number.
  2. hxxp://nord-vpn.club/ * Edited to show correct reference link. Ref.: https://www.bleepingcomputer.com/news/security/hackers-use-fake-nordvpn-website-to-deliver-banking-trojan/
  3. An absolutely fascinating article: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
  4. This might also be related to "Great Firewall" activity: https://en.wikipedia.org/wiki/Great_Firewall
  5. Hopefully the laptop you are referring to is a work issued and supported device. The quickest way to infect a corp. network is to allow employee personal devices to connect to it. Also make sure that what you are doing is allowed under your employer's IT policies.
  6. @MarcosI set T-Bird e-mail to html format and it appears Eset is still not scanning incoming e-mail. I use AOL mail. IMAPS server name, imap.aol.com. Port 993. Really starting to appear to me that Eset can no longer perform MITM scanning with its root cert. for AOL mail.
  7. Either post in English or re-post in the forum Slovak language section.
  8. Follow the instructions given here: https://developers.google.com/speed/public-dns/docs/using . The details given for Windows 7 apply to all Windows desktop OS versions. Make sure you select Internet Protocol Version 4 (TCP/IPv4) setting assuming that is what your router supports.
  9. On this forum's home page, scroll down and on the right hand side locate the box labeled "FAQ." Click on the link titled "How do I use Eset Log Collector."
  10. Make sure the Eset firewall filtering mode is set to "Automatic." This will allow all outbound Internet traffic unless a specific manually created firewall exists to block the Internet outbound traffic. On this regard, make sure you haven't inadvertently created such a rule. For example, a rule present at the end of the existing rule set to block all outbound network traffic.
  11. To begin with, @Marcos instructed you to add the IP address to the existing Trusted Zone category; not created a new zone category. Delete that remote access zone you created. The existing Eset firewall rules refer specifically to the predefined Zones. Next it appears you added the IPv4 address for your laptop? What you need to add to the Trusted Zone is the IPv4 address for each remote device you are using to remotely access the laptop. Note that any IPv4 address in the 192.168.xxx.xxx range is a dynamic assigned local network address. If you are trying to connect to another device on your local network via RDP, simply add its router DHCP assigned 192.168.xxx.xxx address to the Trusted zone and your done with any further modifications. One problem that can arise is that certain routers do not always assign the same local network IP address to a device. If this is your situation, the only secure solution is to ask your ISP for static fixed IP addresses for devices you wish to use for remote connection to the laptop. Many ISPs charge extra for static IP addresses. You then assign the static IP address to each remote network device and also add those IP addresses to Eset's Trusted Zone. If your trying to connect to the laptop from a device external to your local network, proceed as follows. To determine the external IPv4 address of the remote device, you will have to be logged on to it. Then in a browser use this URL, https://whatismyipaddress.com/ , to determine the device's external IPv4 addresses. Enter this IP address into Eset's Trusted Zone on the laptop. Important: Never ever enter an external IP address into Eset's Trusted zone unless the remote device is fully trusted such as your work computer's external IP address. Do not under any circumstances enter an IP address for any device that is publicly accessible such as a public library or hotel computer. Note that the above only works in the situation where you always connect remotely to the laptop from the same remote devices and the external network those devices use never changes. If you wish to do so from any remote device anywhere, obviously the above will not work. Since you are using the Win Pro version, verify if the Win firewall already has existing rules in place to allow inbound RDP traffic. If not, you will have to create these rules. Here's an article on how to do so: https://itstillworks.com/allow-tcp-port-3389-windows-firewall-22570.html . Note the reference at the end of the article about UDP rule activation. Since you can connect remotely to the laptop with the Eset firewall disabled, it appears the above Win firewall rules are already in place. Next deactivate the existing Eset RDP rules by performing the following. Under Eset GUI Firewall, click on Advanced -> Services. Remove the check mark for Allow remote desktop in the Trusted zone . Click on OK tab to save your changes. This will in turn deactivate corresponding Eset firewall RDP rules. By default and unless manually disabled, the Eset firewall will additionally use the Win firewall inbound rules. Note that I am not sure however this applies to inbound RDP traffic. Note that by using the Win firewall RDP protection, your laptop will be vulnerable to RDP password brute force and like attacks. It is therefore strongly advised you use Group Policy and establish a 3 password attempts with lockout thereafter policy setting on the laptop.
  12. By standard user account, I assume you literally mean just that and not the default local admin account. This is done obviously for security reasons. You can alter standard user account privileges using Group Policy. See this article for reference: https://community.spiceworks.com/topic/333331-how-do-i-enable-remote-desktop-for-local-standard-user
  13. You need to first establish what the IPv4 address of the remote device you are trying to connect to via RDP. Then add that IP address to Eset's Firewall -> Advanced -> Zones - edit. Then select Trusted Zone, then the Edit tab. Add the IPv4 IP address there. Click on the OK tab and any other OK tab shown to save your settings.
  14. If this is Win 10 Home version, remote RDP is not supported. You need to purchase a Pro+ version of Windows.
  15. @Marcos did some more testing and found what the issue is. I have Thunderbird set to receive e-mail only in text format. Appears Eset is no longer scanning incoming T-Bird text e-mail. I can live with that since the only thing allowed in text based e-mail are live URL links as far as I am aware of. However, further research needed in this area by Eset. Clicking on those links will force the Win default browser to open and display the web page there. I assume Eset would block anything malicious upon attempted web page access. My other concern was attachments to text e-mail which are also not scanned as verified through testing. I really don't know for fact if those were previously being scanned? However upon opening or attempted saving of the attachment, Eset does detect the malware and deletes the source T-Bird e-mail w/attachment. Eset however does not delete the currently displayed e-mail w/attachment. Correction - Eset does not delete the e-mail or attachment within T-Bird.
  16. Well the below screen shot notes that the ThreatSense engine appears now to only support Outlook or LiveMail e-mail formats. Thunderbird emails use the .mbox extension. Appears Eset previously performed a conversion to .EML format and that was either inadvertently omitted, or done so intentionally. In either case I need to know pronto if this will be fixed or Eset e-mail scanning no longer supports Thunderbird.
  17. Things are worse than I thought. I sent myself an e-mail containing the Eicar test string. Not only did Eset not prior scan the e-mail in Thunderbird. When I opened the e-mail, Eset didn't detect it.
  18. Tried everything I could think of to get T-Bird e-mail scanning to work w/zip results. Need to know if Eset no longer supports e-mail scanning for T-Bird.
  19. @Marcos it appears Eset e-mail scanning is no longer scanning Thunderbird IMAPS incoming e-mail. I turned on ThreatSense detailed logging and have zip log entries related to e-mail.
  20. https://blog.knowbe4.com/byod-really-means-bring-your-own-risk
  21. Reflecting a bit, this issue existed prior to ver. 12.2.23 and started around the time Eset HTTPS ports added the, 0-65535 range to ver. 12.1. "My gut is telling me" this might have hosed the IMAPS and POPS ports usage by Eset's e-mail scanner. Will experiment with excluding the IMAPS ports there and see if that resolves the issue.
  22. It was the first thing I tried. No dice. Nothing further was displayed. Additionally, I tried resetting the statistics. Still no e-mail category. The real question is if Eset is still scanning Thunderbird e-mail which I am having serious doubts about.
  23. Now this is interesting. I just noticed my Win 10 clock time was hosed after rebooting. Got set to 4 hours ahead. Had to re-sync my clock time.
  24. I connect via 1 GB fiber Ethernet. Due to the fact my PC is connected via household wiring via powerlink adapters, my top connection speed is around 250 MB. The Sysrescue virus database download took approx. a minute.. What was odd is the first 40000 KB was almost instantaneous and it slowed after that. Might be due to some Linux network buffering issues or the like. Extrapolating my download speed results to lets say a 30 MB connection. the database download should take in the range of 8 - 10 minutes. This also assumes a full 30 MB download speed w/no ISP throttling going on.
  25. Personally, I don't buy this. There are multiple free HIPS like products on the market that have extensive wildcard support. This capability is far from "rocket science."
  • Create New...