Jump to content

itman

Most Valued Members
  • Content Count

    6,466
  • Joined

  • Last visited

  • Days Won

    174

Everything posted by itman

  1. There appears to be an Eset network protection component invoked in this issue since there is no issue with EIS in GTA V single-player mode. You can install NOD32 instead of EIS and determine if the multi-player mode issue manifests with it installed. If it does not, at least the EIS at fault component has been identified.
  2. One thing that hasn't been tried is to take Advanced Machine Learning (AML) protection out of consideration. AML was introduced with Eset ver. 13. Set AML Malware and Suspicious Applications settings for Reporting and Protection to "Cautious" per the below screen shot. The Cautious setting corresponds to no AML protection for these settings.
  3. Note that a real-time scan exclusion is not the same as a SSL/TLS Protocol scanning exclusion.
  4. It has in the past: https://steamcommunity.com/app/271590/discussions/0/613956964591355899/?ctp=2#c594820656469302670 However back in 2015, Eset was using a network adapter mini-port filter whereas now it uses the Windows Filtering Platform.
  5. Try this: https://minecraftirc.net/support-articles/known-incompatible-software/ Once necessary firewall rules have been created, you can switch the firewall back to Automatic mode.
  6. Eset is very "tight lipped" about what its drivers are used for; just like about almost all of their internal protection mechanisms. My prior testing with Eset yielded that the Eset helper driver is a component of their real-time scanning protection. It's primary purpose is to inject an Eset .dll into select processes when suspect malware activity is detected. This processing is also infrequently invoked and requires continuous monitoring by Eset real-time protection compnent. Since Eset Online Scanner is off-line scanning for malware primarily via signature means, real-time components that would deploy this driver are never invoked. Finally, Eset newer real-time deep behavior inspection and advanced machine learning components have superseded by need for .dll injection monitoring. As far as rootkit detection goes, they are somewhat of a moot point on Win x(64) based systems due to its built-in kernel patch protection. Additionally, most rootkits manifest at system startup time. Therefore, Eset Online Scanner won't detect this activity unless the malware creator was careless enough to place the rootkit in a disk or memory area readily accessed by both the OS and Eset, and Eset has an existing signature for the rootkit. My advice is purchase a paid license for either NOD32 or Internet Security which will fullt deploy all Eset protection mechanisms.
  7. Also, this error code relates to a networking configuration error. Refer to this for applicability to your network environment and a possible solution: https://www.kapilarya.com/error-0x800704cf-the-network-location-cant-be-reached
  8. This might be related to Memory integrity protection in Win 10. Normally, it is not enabled by default. You may have manually enabled it or it was auto enabled for some reason. Do the following. Open Windows Security Center -> Device Security -> Core isolation. Mouse click on "Core isolation details." If Memory integrity setting is set to "On," reset it to "Off." I believe a system reboot is required to make the setting change effective. Now test if this resolves the issue. I also at this point can't see how this Windows protection could be affected by Eset Internet Security in an way. -EDIT- Microsoft has confirmed there is an issue with ver. 2004 on PCs with Memory integrity enable and is currently preventing the Feature Upgrade being offered to them: https://www.neowin.net/news/microsoft-blocks-windows-10-may-2020-update-on-pcs-with-memory-integrity-enabled
  9. I picked this one up over at the Minecraft forum and its the last thing I am going to recommend to try. Once all the necessary firewall rules have been created for GTA, you can set Eset firewall back to Automatic mode. That said, I am done with this thread. https://minecraftirc.net/support-articles/known-incompatible-software/
  10. Should be able to duplicate by simply installing HEIF Image Extensions from Win Store: https://www.microsoft.com/en-us/p/heif-image-extensions/9pmmsr1cgpwg?activetab=pivot:overviewtab . It's a freebee. Then scan its app directory entry.
  11. Then the HEIF Image Extension app is not installed. This explains why you can't uninstall it. This directory, Microsoft.HEIFImageExtension_1.0.31072.0_x64_8wekyb3d8bbwe, appears to be related to your prior ver. 1909 Win Store installation. You should be able to remove it manually using PowerShell: https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_store/how-to-manually-uninstall-a-store-app/963863e4-4c0b-4565-af90-f5bc7ecf3f47
  12. Also appears this app's actual path is C:\Users\xxxxx\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\...... ; at least on Win 10 Home ver. 1909 it is. It is also an optional Win Store download. This makes what you are showing for ver. 2004 a bit suspicious. But who knows? Maybe MS made it mandatory in ver. 2004? Or perhaps you installed it previously?
  13. That's odd. Enter the full path name manually then; e.g. C:\Windows\SystemApps\Microsoft.HEIFImageExtension_1.0.31072.0_x64_8wekyb3d8bbwe\x86\maheif_store.dll
  14. Create a performance scan exclusion for this file entry per the below screen shot. Hopefully, this is the only item Eset initial scan hangs on:
  15. You will have to obviously have to contact your company's IT security admin for the license key. Doubtful he will provide you this. He will have to remote access the device and activate the license. FYI - the admin might not be "very enthralled" with your Eset upgrade installation. He should be interested on how you were manually able to uninstall Eset.
  16. Somewhat related is it appears NODE.js has an API that will create a .lnk reference to an .exe in Startup directory which will bypass Win 10's capability to prevent such activity: https://github.com/j201/windows-shortcuts
  17. Referring to the above linked AnyRun analysis of this malware, the interesting entries are: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update-win.js.lnk C:\Users\admin\AppData\Roaming\update-win.js C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\* Modifications made in the CustomDestinations registry key allowed for running update-win.js via wscript.exe at system startup time via .lnk reference bypassing initial AV detection.
  18. Did you try this using Trend's Web Console? https://docs.trendmicro.com/en-us/enterprise/officescan-xg-as-a-service-online-help/officescan-agent-dep/officescan-agent-ins/agent-uninstallation/uninstalling-the-age.aspx
  19. You should have received an e-mail from Eset when you activated your old license. The sender is noreply@orders.eset.com. In the body of the e-mail your license key should be clearly displayed. One problem here is probably how you have you e-mail configured. Appears it is set not to display attachments in-line. This is why everything is showing as an attachment versus in the body of the e-mail. Temporarily configure your e-mail to display attachments in-line and everything in attachments for the Eset license confirmation e-mail entry should be displayed in the body of the e-mail entry.
  20. Refer to Eset Knowledge Base article on how to fix your expired Password Manager License issue: https://support.eset.com/en/kb7363-license-expired-in-eset-password-manager
  21. Believe I found the culprit: https://any.run/report/8d33d5c74a877dc2030ec36b79db8630e20dc476e3374d24b65dee6222d7d498/934cb24f-6b03-4d87-9f32-a038caa1790b . And its using Cloudflare servers nontheless! Eset didn't initially have a sig. for this one: https://www.virustotal.com/gui/file /8d33d5c74a877dc2030ec36b79db8630e20dc476e3374d24b65dee6222d7d498/detection , but does now. I would run a full Eset scan as Admin and see if Eset detects anything. Appears the startup mechanism is a .lnk file dropped in the Win startup directory. On Win 10, .lnk files are not supposed to run from the Win 10 startup directory. Ahh ......... it's not really a .lnk file but a JavaScript one; update-win.js.lnk. -EDIT- also a great example of why Win Explorer View settings should be configured to always show hidden files.
  22. Referring to Help & Support screen shot you posted above, click on "Details for Technical Support" under the Technical Support section.
  23. Eset ehdrv.sys is Eset's Helper driver. The Event log entry is being generated due to Win driver protection which will prevent a kernel mode driver from loading from any directory other than C:\Windows\System32\Drivers directory. I assume this is just some residual code from Eset installed product that was inadvertently left in the Online Scanner version. I would just ignore the Win Event log entries related to it.
  24. First, what is a backend API app: https://www.quora.com/What-is-an-API-backend-process Next there is a high likelihood that this activity is related to some mobile app/device on the local network: https://devblogs.microsoft.com/xamarin/add-a-backend-to-your-app-in-10-minutes/ Additional ref. here: https://hackernoon.com/mobile-api-security-techniques-682a5da4fe10 Finally, if Eset URL blocking alerts are originating from wscript.exe, this is highly suspicious unless one created a script to perform like activity. Assuming one is not using wscript.exe, I would create a HIPS rule to block anything from starting C:\Windows\System32\wscript.exe and C:\Windows\SysWOW64\wscript.exe. Make sure logging is enabled on the rule and its level is set to Warning. Your Eset HIPS log entries will inform you as to what process is attempting to start wscript.exe. You can then work backwards in diagnostics from this point. Ensure you disable logging for this rule afterwards so your HIPS log doesn't fill up with related block entries.
×
×
  • Create New...