Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. Yes, it could be a redirect from another web site. If you had uBlock Origin extension installed in FF, Peter Lowes list would have blocked access to that domain.
  2. Creating an Eset firewall rule for WindscribeService.exe to block any inbound/outbound traffic for UDP port 443 should do the trick. On the other hand, I believe Eset's SSL/TLS protocol scanning is monitoring all inbound TCP/UDP traffic regardless of port used. Assumed here is QUIC traffic has to pass through the Windows Filtering Platform. The point to be determined is if Eset can decrypt QUIC packets.
  3. Of note is the following: This implies that the router must also support incoming QUIC traffic.
  4. https://blog.apnic.net/2019/03/04/a-quick-look-at-quic/ As I see it a malware app would have to be installed on a device that uses the QUIC protocol. So in reality it is no different from a malware app using TCP. Bottom line - if no malware app is installed in the first place, their is nothing to be worried about. As you mentioned I believe browser-wise, Chrome is the only one using QUIC and its an experimental feature there that can be disabled. I also believe older routers with firewalls will have an issue with this protocol since they will block external UDP traffic on port 443.
  5. Per Eset online help: https://help.eset.com/eis/13/en-US/idh_config_epfw_scan_http_address_list.html?idh_dialog_epfw_add_url_addr_mask.html
  6. To supplement @peteyt reply, no commercial concern with pay up front for a "supposed" bypass. First the concern must have a policy in place that they will pay a bug bounty. Eset does not. Next, this policy will state what conditions under which a bounty will be paid and what the bug submission requirements are; i.e. P.O.C. format, findings, and the like. All bounty payments are further made at the full discretion of the vendor as to whether the bug submission meets the bypass criteria established by the vendor. I will further add that public disclosure of security flaws is not illega
  7. The problem with uPCU concept is many commercial concerns have policies in place that dictate all software updates be tested for operational issues prior to being deployed en mass to the corporate network. The OS might have locks on system areas Eset updates.
  8. FYI: https://support.eset.com/en/kb6400-virtual-private-networks-vpnswhat-are-they-and-does-eset-offer-one
  9. Here are the system requirements for Eset Linux Server: https://help.eset.com/efs/7/en-US/system_requirements.html . Although Fedora is not specifically listed, the KB articles states:
  10. For future reference in adding URLs to Eset's URL Address Management lists, to fully block/allow all sub-domains associated with an URL, enter the URL for example as; "*.drjart.com/*", less the quote marks .
  11. USA support based in San Diego, CA: For business technical support only, call: +1 (619) 630-2400 6:00am - 5:00pm Pacific Time [GMT-8], Monday - Friday https://www.eset.com/us/about/contact/
  12. NOD32 is supported for Win 7 SP1: https://support.eset.com/en/kb37-compatible-operating-systems-for-eset-home-products-home-users
  13. You might "want to play around" with the below Eset e-mail setting: https://help.eset.com/eis/13/en-US/idh_config_emon_clients.html If taken literally, only the "No action" and "Delete email" options will generate an alert.
  14. As far as I am aware of, Eset alerts always display on the desktop. When one appears again in the Outlook window, drag the alert window to where I suggested and see if future alerts remain there.
  15. These are "opaque" alerts. In other words, the alerts fade away and disappear on their own. You can move the alert window to the lower desktop area such as right edge above the toolbar. This way you will receive a visual display of malware activity being detected and mitigated but it should not interfere with whatever you have currently displayed on the desktop.
  16. First some details on Nanacore: https://success.trendmicro.com/solution/1122912-nanocore-malware-information If you were using Eset Internet or Smart Security and accessing your bank's web site via Banking & Payment Protection option, your keystrokes would have been scrambled rendering keystroke capture ineffective against any installed keylogger. Additionally both the above products scan incoming client-based e-mail for malware. Do note that when using web-based e-mail, caution should be exercised in how attachments are handled. Many will auto open attachments and show t
  17. Will add this MIME application/octet-stream string can be any of the following file types: Binary file * binary disk image bin Java class file class Disk Masher image dms executable file exe LHARC compressed archive lha LZH compressed filea lzh https://www.lifewire.com/file-extensions-and-mime-types-3469109
  18. FYI - https://kb.iu.edu/d/agtj Appears the best that can be done is to create an application.bin file. Which is basically worthless since it needs a specific app to read it. As noted in the linked Indiana Univ. article, this file is most likely an e-mail attachment and identity can be established via:
  19. Also and important, note that Cisco Meraki network perimeter security appliances for example have Web content filtering granularity to the level where specific Torrent traffic can be blocked. However, they footnote this capability with the following statement: https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Blocking_P2P_And_File_Sharing
  20. -EDIT- Try what is shown in this Eset online help article first: https://help.eset.com/ees/7/en-US/how_block_file_dwnl.html. That is enter, *.*.torrent and */*.torrent in URL blocked address list. However, read this article: https://www.techworm.net/2020/04/download-torrent-site.html. By blocking .torrent downloads, you are only blocking the "seeding" file and not the actual downloaded files. Also note: -END EDIT- The only way to do this would be to block access to torrent web sites by domain name filtering via URL address management. Here's a list of approx. 30 of them and I
  21. Per Eset online help: https://help.eset.com/ees/7/en-US/idh_config_parental_rule_edit_dlg.html?idh_config_epfw_scan_http_address_list.html The problem here as I see it is torrent files are download outside of a browser. I believe URL management only controls access to files opened in a browser.
  22. Did you create an entry in the "List of blocked addresses" and place an "*" there? If so, all URLs will be blocked except those specified in the "List of allowed addresses." By default, the "List of blocked addresses" is empty. As such, nothing is blocked by Eset other than its real-time detections. If you only want to absolutely block 20 specific URLs, just add those to the "List of blocked addresses."
  23. One solution here is to create a firewall rule to allow all outbound traffic. Set its logging severity level to Warning. Move the rule to the bottom of the existing rule set. This will create a Network protection log entry for every outbound request the rule is triggered for. Create the rule just prior to shutting down the PC for the night. When you do a cold boot the next morning and the desktop appears and the system settles down, review the Network protection log for entries generated by the above rule. You can then create permanent firewall rules for the processes associated with thes
  • Create New...