Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. The Application Modification feature only works if the Eset firewall is set to Interactive mode. If an app is modified for which an existing firewall rule exists for that app, the feature will trigger an alert. Really don't know Eset has not updated their documentation about this restriction.
  2. What does the first part of the alert state; the text displayed in yellow, state in English please.
  3. I am wondering if the issue here is the same Microsoft account is being used for both devices. MyEset might be using that somehow internally to ID devices. You might have just figured out a way to bypass Eset's license validation processing.🤭
  4. You might want to refer to this article: Also of note: https://www.sophos.com/en-us/press-office/press-releases/2021/01/sophos-identifies-source-of-mrbminer-attacks-targeting-database-servers.aspx -EDIT- In regards to the above "similar techniques" referenced is all employed some form of brute force attack element against the server and/or exploiting of system vulnerabilities. Since it appears sqlserver.exe in your situation is directly initiating the Trojan download attempt, I assume some type of code injection is being performed against it. Again, this assumes that
  5. Based on the posted my Eset screen shot, it appears you purchased one Eset NOD32 license for two PCs; not two 1 PC Eset licenses. If you bought two 1 PC Eset licenses, the key for each license would be different.
  6. What about sqlbase.exe since this is the malicious parent process? Does that show in SysInspector? BTW - I believe a malicious sqlbase engine was installed. Also it appears you found the malicious versions sqlbase.exe and sqlconn.exe since they are sitting on your desktop. Is the issue these keep reappearing on the infected devices? Also submit sqlservr.exe on one of these devices with issues to VirusTotal for a scan.
  7. For registry subordinate keys under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\", you need to code the following, "HKEY_LOCAL_MACHINE\SYSTEM\*\". For example: HKEY_LOCAL_MACHINE\SYSTEM\*\Services\USBSTOR\Start
  8. For starters on an infected device check if the following exists: %WINDIR%\\FONTS\\SQLCONN.EXE
  9. Make sure the settings highlighted in the below screen shot are enabled:
  10. I assume the device names with Eset installed are Suzanne, Angel, and Shuriken-PC? If so, delete all other devices shown other than these three.
  11. Avast paid products include a sandbox feature. Eset consumer products do not.
  12. You can set up the Comodo firewall so that everything runs in an isolated environment: https://www.youtube.com/watch?v=vktNQCwB2UY . You then just set up exclusions for your trusted apps. Video author states on the various security forums that no 0-day malware has been able to bypass her custom Comodo setup.
  13. As far as desktop notifications go, refer to the following per Eset on-line help: I have mine set to "Diagnostic" and have no issue with Eset HIPS rule desktop notifications appearing.
  14. Eset's System Cleaner feature primary function is to reset Windows settings back to default values. The "Cleaner" reference in my opinion is misleading. Also as the Help for this feature states, it should not be run w/o Eset tech support instruction to do so. System Cleaner's primary purpose is to remove system modifications made by malware. However, many also perform custom modifications to Windows system settings and those will be removed when System Cleaner is run.
  15. Eset Push Notifications option uses process ekrn.exe, TCP protocol, and remote port 8883. Verify that outbound network traffic for this is not being blocked by whatever firewall you are using.
  16. There is no sandboxing used since Eset doesn't have one in contrast to its major competitors. At least, a stand alone sandbox employing virtualization. Eset employs an internal sandbox in regards to the hueristic scanning done by its real-time protection.
  17. I believe the red "X" symbol is just a visualization of what is stated in the shown text. That is the Network drive is in a disconnected state. A disconnected Network drive is not in an online status and therefore cannot be mapped.
  18. OK. Eset really doesn't have a publication on Web Access processing. So I will post the following. Eset scans all incoming Internet traffic for malicious status that is HTTP/HTTPS based; not just browser based network traffic. It does this using the existing Windows Filtering Platform that allows for network packet analysis. In regards to encrypted HTTPS traffic, Eset decrypts it using its installed Win root CA certficate for inspection purposes. Additional Web Access protections include: 1. A scanner to scan browser based JavaScript's. 2. Anti-Phishing protection. 3.
  19. Everything you want to know about Eset is contained in this whitepaper: https://www.eset.com/fileadmin/ESET/US/docs/about/ESET-Technology-Whitepaper.pdf
  20. Eset has a command line based scanner: https://support.eset.com/en/kb3417-eset-command-line-scanner-parameters-eclsexe-5x-and-later . The scan code can be created in a script and the script scheduled to run via Win Task Manager. However, I am not sure this will scan network drives. Possibly by setting the scheduled task to run with highest privledges; i.e. System.
  21. Did you check Eset's HIPS log for entries that might shed some light on what issues the HIPS was having with Chrome?
  22. I assume these are Ethernet Powerline adapters? Make sure they are powered up and have completed self-syncing prior to booting any PC connected to them. I believe all the issues you described are a result of not having a fully functional Internet connection when Windows started up. FYI - my Ethernet powerline adapters are on 7/24. Additionally, properly syncing these devices is a "real bear." I was having all kinds of network connection issues until I found a posting on the manufacture's web site on how to force sync these devices. It involved plugging both adapters into a power strip and
  23. This is also noted in regards to uninstalling Eset. It has a settings Export feature that will save all current Eset settings. As such, Eset can be uninstalled then painlessly re-installed with all previous customization's restored via Eset settings Import feature.
  24. If the objective is to eliminate a specific Eset threat detection alert, the proper way to do so is via real-time protection threat exclusion.
  • Create New...