Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. I would! Also the best way to provide this for the consumer market would be to offer an Eset Internet Security "Professional" version where the fee would be added to license amount. Throw in further enhancements such as global wildcard support in the HIPS to support "living off the land" attacks. Or better, build those rules in the HIPS using NoVirusThanks OSArmor rules as guide and now you have a truly "awesome" Eset product.
  2. This was true until version 3.0 was released. In prior MBAM versions, creating exceptions for MBAM in AV product and likewise creating exceptions in MBAM for AV product prevented most conflicts. Additionally with the introduction of Win 10, Microsoft "clamped down" on the use of multiple real-time solutions and only supports one active real-time solution in the Windows Security Center environment.
  3. MBAM real-time protection is substandard to that provided by Eset as shown consistently in one of the few AV lab tests it participates in: https://www.av-test.org/en/antivirus/home-windows/windows-10/april-2020/malwarebytes-premium-4.1.0-201613/ . MBAM does have some strong attributes such as detection of entrenched and hidden malware which are detected via off-line scan method.
  4. OK. "We're back on the same page again" Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset.
  5. Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute.
  6. This relates to creating MBAM exceptions when Windows Bitlocker protection is employed in a corp. network environment.
  7. If you have configured FireFox for private mode browsing, the above setting is disabled by default. You can still save web site passwords manually by clicking on the key symbol in front of the web sites URL address.
  8. This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict? Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's?
  9. You could temporarily uninstall Game Pass and see if the Eset issue disappears. If it does, you have identified the source of the problem.
  10. Depends how you look at it. Since the .dll is embedded in the .exe, it is in reality part of the .exe. Also the AV detection's on this one are a bit strange. Eset was one of the few who detected the .dll. On the other hand, Kaspersky and Checkpoint, plus now others, originally detected the .exe. Note that Eset does not detect the .exe version on VirusTotal. Detection of .dll after .exe startup is post-execution detection. As Eset points out in its write ups on post-execution detection, it is a less desirable detection method since system modifications may have occurred prior to detection. However in this case, it is N/A since the .dll is actually not being run by the .exe. Finally as I understand this bypass, it is using a .Net based .dll that only runs on .Net 2.0 or 3.5. In other words, the .dll is running actually via .Net. Therefore all the .exe version is doing is the equivalent to e.g. rundll32.exe PowerShdll.dll. So the question remains why can't Eset detect by signature the .dll code embedded in .exe as it can for the standalone .dll? I do not beleive the code in the .exe is hidden in any way by packing, encryption, or obfuscation.
  11. Do you have Eset Smart Security Premium installed? It is the only version that contains a password manager.
  12. By "forcing" a MBAM update, I meant just check for updates manually within the product. No registry editing involved. You can use MBAM as an off-line second opinion scanner. However, the free version of it does this.
  13. Are you stating the PC hanging occurs when when booting via Win 10 Fast Startup option? Note with the PC previously powered off by case power button or by manually performing an in program Win restart, Fast Startup is not performed.
  14. Eset Smart Security isn't supported for Win Server 2008. You need to install an Eset Win Server product: https://help.eset.com/efsw/7.1/en-US/system_requirements.html
  15. Marginal scan speed improvement with beta em005_64.dll. As posted previously, with existing 13.2.15 ver. em005_64.dll, the registry and WMI scan was 22 mins. With the beta em005_64.dll, scan time was 16:30 mins. Eset needs to implement registry and WMi scanning bypass option for default scan as I recommended and illustrated previously.
  16. I really see nothing in the log pointing to failure of Win Updating due to a certificate error. Normally if there is a certificate problem there, it will be shown on the attempted connection to MS update servers as shown here: https://answers.microsoft.com/en-us/windows/forum/windows_10-update/windows-10-update-error-certificate-used-for-ssl/4c9e6867-fea3-422f-ae06-fd25d26ff5b4 Most of the certificate errors in the above posted log relate to WebServices. And those reference an issue with the intermediate root certificate. Win will defer to Win intermediate root CA store for the certificate or download it as needed. With Eset SSL/TLS protocol filtering enabled, use of intermediate certificate is N/A and Eset's root CA store certificate is used instead. Is the network connection using a proxy or a VPN connection?
  17. PM it to me with instructions on how to replace existing cleaner module. I believe that has to be done in Win Safe mode as I recollect. I will rename existing module in the case I have to revert to it. I won't be able to test this morning but will do so early this afternoon.
  18. Also WMI crashes aren't "a big deal" if they are intermittent in nature. As noted in the Microsoft article referenced in my posting:
  19. Do this. Force an MBAM update. Then open Eset GUI -> Setup -> Network protection -> Troubleshooting wizard. Review blocked connections shown there as to whether any are related to the MBAM update process.
  20. I would also disable archive scanning. Eset does an excellent job at that per my testing. Scatch this. Looks like that setting only applies to off-line scanning.
  21. Only if MBAM real-time protection is disabled. Even Microsoft advises only one real-time scanner be active at any given time on Win 10. If MalwareBytes is stating otherwise, they are wrong. Also reviewing MBAM Premium features, I see this: This would imply some type of network filtering capability that could conflict with Eset's Web Access protections.
  22. Not from what I am seeing in SSL/TLS filtered communications. It is full of Store apps including the ClicktoRun updater for 2019 Home and Office. Additionally, WIn 10 two updating processes run under svchost.exe which is also being filtered.
  23. Actually, there hasn't been a Win 10 Cumulative update since ver. 13.2.15 rolled out. That happens tomorrow and then we will know if versions prior to Win 10 2004 are also borked. So far, just checking for Win Updates works fine on win 10 1909 and Eset 13.2.15 versions.
  24. It will delete the registry entry the malware added: An example of what this reg key does is given in this General Bot! malware analysis: https://www.elitepvpers.com/forum/flyff-private-server/4291006-warning-those-used-general-bot.html
  • Create New...