Jump to content

itman

Most Valued Members
  • Content Count

    5,515
  • Joined

  • Last visited

  • Days Won

    159

Everything posted by itman

  1. Also in regards to this question: The answer is yes when WD ATP is running in "passive" mode: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility
  2. In that e-mail should be your licensing key. That's all you need to re-install Eset.
  3. Believe I have finally found the solution in regards to Win Server 1803/2019: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility Assumed is the server needs to be rebooted to make the above effective. The above link also explains what "passive mode" means. Also of note is the above is a "hard" setting to passive mode as I understand it. This means that if Eset real-time protection malfunctions for some reason, there will be no auto fall-back to WD ATP as real-time protection. The only way to re-enable WD ATP real-time protections is to reset the above reg. key to a value of "0" and reboot the server. Also for Eset, auto setting the above registry key on Win Server 1803/2019 needs to be done at Eset product installation time.
  4. One possibility is this: Cheap Chinese JAWS of DVR Exploitability on Port 60001: https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/ Additional refs.: https://www.tenable.com/plugins/nessus/104144 https://www.pentestpartners.com/security-blog/pwning-cctv-cameras/
  5. Warning: The wizard creates what is referred to by Eset as "permissive" rules. In other words and for example if a process is being blocked, it will create a rule to allow all network activity from the process rather than specifying what network connection is actually being made. I always recommend prior to unblocking network traffic via the wizard, the blocked network traffic be examined and the appropriate firewall rule be created manually, or update the wizard created, specifying the particular network connection being used.
  6. As shown in this article: https://documentation.sisense.com/latest/content/disabledefender.htm#gsc.tab=0 , all that does is disable real-time protection. Most importantly, this excerpt from the linked article: Regardless, all other WD ATP protections remain in effect. When WD is disabled by Eset in Win 10, all functionality is disabled. As such, my prior posting concerns in regards to running EFS concurrent with those other still enabled WD APT protections remain. They still need to be explored with recommendations rendered.
  7. Listed on VT as Microsoft. Submit the file to Eset as a possible false positive per this posted forum FAQ:
  8. First, make sure that Eset icon is not hidden on the desktop toolbar. Click on the up arrow symbol on the toolbar. If Eset icon shows there, drag it to the desktop tool bar. If the Eset desktop toolbar icon is not hidden, the GUI can be accessed via the Win 10 Start menu. From there, select Nod32; right button mouse click on it; and pin the Eset icon to the desktop toolbar as shown in the below screen shot:
  9. OP tried to do this. Question is why Eset Uninstaller utility needs network connectivity in the first place?
  10. I will also note that my Eset forum issues are more pronounced after switching to DoH in FireFox. So it appears that whatever you are experiencing is DNS related.
  11. Most issues with FireFox posted to date in regards to Eset have traced backed to a corrupted FireFox profile. And some were "real doozie's" to diagnose.
  12. Based on what you posted in your first posting, I would say the packer used is performing activities on Android based devices specific to the OS used on the device. When run on a PC, the packer might either fail to extract altogether or just shut itself down. Note that other AV solutions on VT are also detecting something; notably WD and Fortinet. I would contact them. At least, they should be able to inform you it is a FP. If this is the case, you could then select "Ignore" in the Eset PUA detection alert. However, be aware that many manufacturers out source their software support to third parties; many in China. Supply chain based malware is a big concern currently.
  13. All I can say is "strange things go on" in regards to the Eset forum. Edited re-posting time-outs, errors when logging out of the forum, you name it. Bottom line - you will probably have to "relax" your Fortinet settings in regards to the forum.
  14. I will also add this comment. It is time both Microsoft and Eset clarify what is the correct procedure in regards to WD ATP use on Server 2019. As it stands presently, the implication is all that needs to be disabled via Group Policy is WD real-time protection. And that the other WD protections such as subscription based ATP features can run concurrently with Eset EFS. Then there is the WD behavior monitoring which includes cloud scanning. What happens if it detects malware via cloud scanning? Does the WD quarantine feature still work if WD real-time scanning is disabled?
  15. Assumed you did this via Group Policy. I assume you left other WD protections active.
  16. Which means that it can't be managed in regards to third party AV installation. WD needs to be uninstalled via the MS article options for Server 2016. Also one way to determine which AV is actually installed would be to verify if "Controlled Folders" exists since it only applies to WD
  17. According to this video, it does appears that Server 2019 does use Windows Security Center: https://www.youtube.com/watch?v=dy3srtihjwU The difference with client versions is WCS doesn't show on the desktop toolbar?
  18. Here's the Microsoft article on how to disable/uninstall WD on server installations. Of note is it specifically references Server 2016 only: Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016
  19. To begin with, what is being detected by Eset is a potentially unwanted application; i.e. PUA; not a virus. The Eset alert appears to indicate the source to be MBAM real-time engine which really doesn't make any sense. Note that MBAM has a like detection for this PUA: https://blog.malwarebytes.com/detections/pup-optional-fusioncore/ . What we have here is a classic example of why two AV real-time solutions should not be running concurrently. It appears MBAM detected the PUA first and locked/quarantined the file or something similar. Eset then detected the PUA but identified MBAM as the source process due to the above stated activity. If the alert "Clean" option was selected, it might in all likelihood delete the MBAM service process resulting in a real mess. MBAM real-time scanning option needs to be disabled. You can then use it as a second opinion on-demand scanner.
  20. Does Windows Security Center exist on your SRV 19 installation? If it doesn't, I see no way for third party AV's to disable WD since WSC is their interface mechanism to WD settings.
  21. I did come across the following in the EFS 7 User Manual: https://download.eset.com/com/eset/apps/business/efs/windows/latest/eset_efsw_7_userguide_enu.pdf Again the reference to WD ATP. Perhaps the above also applies to Windows Server 2019? My best guess it does. Since Eset makes such a reference, it is assumed that it does not manage WD on Server 2016+ installations as done for endpoint installations. -EDIT- See later posting in this thread: https://forum.eset.com/topic/22535-windows-defender-cloud-protection-stays-enabled/?do=findComment&comment=109348 for correct way to disable WD ATP on Win Server 1803/2019 installations. This also implies that on Win Server 2016+ versions, there is not auto fallback to WD real-time protection in the event of an Eset real-time protection malfunction. Finally, I believe the above quoted MS recommendation is a bit bogus. Obviously, MS would not recommend you use anything other than the WD + WD ATP combo. So, I would say this is an Eset recommendation. Here's how you uninstall Win Defender on Win Server 2019: https://www.digitpage.com/remove-windows-defender-using-powershell-server-2019/ .
  22. Disabling the admin share SMB protocol option will block all SMB protocol connection attempts. This is OK for a stand-alone PC but could case issues with any devices that are part of a local network that need to share devices or files. Now I would enable the "Deny old (unsupported) SMB dialects" option, but only after testing it has no negative effects on a LAN. For the other Deny SMB options, one should consult Eset online help on what those apply to. Also note that Microsoft implies in its article that SMBv1 is used on Exchange Server vers. prior to 2013. If this is the case, the Deny old (unsupported) SMB dialects option if enabled, could cause problems.
  23. No, it is not fine. For Virus and Threat Protection, it should show "No action needed." Additionally when Virus and Threat Protection is opened, what is shown should be that per the below screen shot. I also am not familiar with EFS and it is possible that WD real-time runs concurrent with Eset's; but seriously doubt it : Another possibility is an issue with loading of Eset's ELAM driver on the server. In this case, the OS will automatic enable WD's real-time protection and run it concurrently with Eset's real-time protection. If this was the case, I would think that Security Center would show that WD was the real-time protection.
  24. I believe Windows Defender Cloud Delivered Protection refers to WD Advanced Threat Protection which is only standard on Enterprise versions. On Win Pro+ versions is it an optional extra cost subscription. If this is the case, check if Windows Defender AV is also enabled since WD ATP only works with WD anti-virus enabled. This ATP element might be why Eset didn't disable WD anti-virus.
  25. https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-disable-smbv1-to-block-malware/
×
×
  • Create New...