Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. First, here's a write-up on the feature: https://www.askvg.com/tip-enable-https-only-mode-for-websites-in-mozilla-firefox/ Next, I enabled the feature in Firefox. There is no problem with accessing my bank's web site if I open B&PP via desktop icon. However if I try to access my bank's web site via a normal Firefox browser session, I get the same Eset help web page redirection as described. Of note is B&PP uses a separate Firefox profile than the one used in normal Firefox mode. So I also set; dom.security.https_only_mode to true in that profile. Still a no go
  2. Make sure you Potentially Unsafe Applications set to at least Balanced level per below screen shot. By default, those settings are set to Off. Potentially Unwanted Applications should be set to default Aggressive setting. Also on your client devices, ensure that browsers are not configured to automatically allow extensions/add-ons to be added.
  3. Then Eset is properly installed. That is Eset firewall and real-time protection are registered properly in Wndows Security Center. This also means that both Windows firewall and Defender are turned off. As such, this area is not a factor in your sluggish system performance.
  4. FYI: https://docs.microsoft.com/en-us/microsoftteams/prepare-network
  5. Change the rule to TCP & UDP versus TCP and see if that helps. Ref: https://www.speedguide.net/port.php?port=8200 Note: UDP is not a stateful protocol. This means that inbound UDP traffic can be sent w/o previous outbound traffic as is the case for TCP protocol. If the Eset firewall saw inbound UDP traffic, it would block it by default w/o previous outbound UDP traffic.
  6. Open Eset GUI. Mouse click on "Advanced setup." Go to the Update section and change "Update type" to Pre-release update as shown in the below screen shot. Mouse click on the OK tab to save this setting change and also on any other OK tab settings that follow. At this point, Eset will perform an in-product update using the pre-release module versions. Once this completes, test again if you can now connect to GoToMeeting.
  7. According to GoToMeeting FAQ: This would translate to a Eset firewall rule to allow both inbound and outbound TCP traffic for g2mcomm.exe. Note you have to specify the full path name where g2mcomm.exe is located. Additionally; Since the Eset firewall in default Automatic mode allows all outbound traffic, these above apps don't require a specific Eset firewall. Ref.: https://support.goto.com/meeting/help/how-do-i-configure-gotomeeting-to-work-with-firewalls-g2m090002
  8. I will wait for a while and then get back to you on this. What I posted previously just happened again. This time I let WD update itself and its definitions. I then rebooted. Then when I checked WSC real-time AV status, it was hosed in that nothing showed as real-time protection. However, I then received another Eset HIPS alert: Time;Application;Operation;Target;Action;Rule;Additional information 11/16/2020 10:23:41 AM;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MsMpEng.exe;Start new application;C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0
  9. I had something similiar to this happen yesterday morning. It is the first time this has happened when using Eset on Win 10; approx. 5 years. Out of the blue and doing nothing out of the ordinary on the PC, I received an alert from Windows Security Center that there was a problem with real-time protection. Note this was sometime after system startup. Since I monitor registry run keys modification with Eset HIPS rules, I started receiving alerts from Win 10 in regards to setting up Win Defender in WSC; Time;Application;Operation;Target;Action;Rule;Additional information 11/15/2020 1
  10. Fortinet performed a deep analysis of Eking - aka Phobos - ransomware here: https://www.fortinet.com/blog/threat-research/deep-analysis-the-eking-variant-of-phobos-ransomware . No real surprise in that this sample was a Word .doc assumed e-mail attachment w/a malicious macro included. Also this sample ran the macro at document close time. Further research yielded that a favorite source for Eking ransomware is Proton sourced e-mails. Of note: A couple of examples: https://id-ransomware.blogspot.com/2017/10/phobos-ransomware.html
  11. It also appears that at leastone security vendor, Broadcom, supports the reserved ports feature by using the deprecated ReservedPorts registry key in their CA Client Automation product. Note that this use would be exclusive to the product internally and is in effect, "invisible" to Windows: https://knowledge.broadcom.com/external/article/25869/how-do-i-reserve-ports-on-windows.html
  12. This has nothing to do with either the Eset or Win firewall as @Marcos has pointed out. Reserving ports in Windows hasn't been implemented since Vista days: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/reserve-a-range-of-ephemeral-ports
  13. See this posting: https://forum.eset.com/topic/26291-real-time-file-system-protection-non-functional/?do=findComment&comment=124370
  14. Here's the details on MARS ransomware: https://id-ransomware.blogspot.com/2020/10/mars-ransomware.html . Eset and other AV vendors detect it; at least the original version of it.
  15. This might be the reason: https://forum.eset.com/topic/20224-eis-installation-issue/?do=findComment&comment=98469
  16. Note: If you're using Google as your search engine, Eset for some reason is not alerting to web sites it blocks. It does however appear to block and log the attempt. I reported this bug some time ago. However if you were able to access the above link, something is wrong with your Eset installation or its settings:
  17. It most certainly is shown in EasyPrivacy list in uBlock Origin. Do you have that TPL enabled? Another reason might be the following from the above linked article I posted: I used to use Nano Adblocker for this. Since it has been sold and the controversy surrounding that, I have totally removed it from FireFox. Instead, I am using AdGuard Base and AdBlock Warning Removal List TPLs and they appear to be working based on my posted detection.
  18. Until Windows Security Center fully initializes, the alert shown and similar ones are normal. Eset starts up immediately at boot time and all its security mechanisms are in effect and fully protecting you. What needs to be explored is why WSC is taking so long to initialize. Using Win Task Manager, open its Startup tab. If a lot of apps are shown there, one or more of those are most likely the reason for the slow initialization of WSC.
  19. As far as what is Taboola: https://geeksadvice.com/block-taboola-ads/ As shown in the article, removal of any adware resulting from Taboola is a royal pain in the butt. As such, better to err on the safe side and block everything associated with Taboola.
  20. If you're using the uBlock Origin browser extension, it will also block it prior to Eset doing so. So the URL must be a "baddie."
  21. Also of note is the only svchost.exe instance that Eset is injecting on an extended basis after system startup is WMI:
  • Create New...