Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. BitDefender's TrafficLight has been a joke ever since they introduced the feature. "Each to their own" as the saying goes.
  2. My device was updated to ver. 22871 this morning at boot time. Note this: This is the time the signature database was updated at Eset. It takes time to roll this update out to all the relay servers Eset uses throughout the world. Also there might be a temporary outage at the relay server servicing you.
  3. I did a big of research on this issue. It appears anything to do with this domain, 0x1f4b0.com, is probably malicious. Here's an anyrun.com sandbox analysis for hxxps://005.0x1f4b0.com: https://any.run/report/c9270df0bb81eefa3f3f18c3627123bd0c325861b7ff652d58826a61bc9c853b/f4895086-cbc0-4be8-8d3b-c8b14daf0d45 . Verdict -malicious. Also any attempt to access 0x1f4b0.com in FireFox is blocked by uBlock Origin Easy Privacy filter. The fact that this domain was appended to your Eset Network Connections tool display indicates to me that your VPN connection is hacked. Again, uninstal
  4. According to this article: https://www.idropnews.com/how-to/how-to-install-and-uninstall-wot-for-safari-on-mac/56503/ , it is. Well, I guess it is no longer supported: https://support.mywot.com/hc/en-us/articles/360035501393-Safari-Extension-Update
  5. Uninstall Kaspersky VPN and see if this resolves all these network issues you are concerned about.
  6. I guess I should also note that other AV solutions appear to have issues with VPN split tunneling. I saw a web posting that AVG/Avast doesn't support it. Eset should at least research this and post a KB article stating they also don't support it if that is the case.
  7. NOD32 doesn't include Network Protection as Internet/Smart Security versions do. As such, it wouldn't be related direct network connection monitoring activites. I would temporarily disable SSL/TLS protocol scanning in Eset Internet Protection section and see if that resolves the issue with this remotepc.com app.
  8. I will also add I scanned macmetalarchitectural.com at quttera.com. It downloaded over 80 files from that site and scanned all of them and didn't detect anything.
  9. Refer to the netstat output you posted. Note all the ksde.exe references; especially in regards to IPv4 localhost connection. Ksde.exe is either Kaspersky Anti-virus: https://www.file.net/process/ksde.exe.html , or Kaspersky VPN Secure Connection software. For the present, I assume it is the later. I assume all the weird Eset network connection display of IPv4 addresses is due to the use of Kaspersky VPN Secure Connection operation. Note that this VPN feature is usually implemented as part of a Kaspersky security software installation. The Kaspersky web site however notes it can be i
  10. Open an admin level command prompt window and enter: netstat -anob This will give you a better idea what you current network connections status is. I have no clue why the above Eset network connections are showing what it is. It is normal to see two network connections for a process for the same port when both IPv4 & IPv6 are enabled. However, the IP addresses in the listening state should be and ::. Also suspect is all ports being shown except for svchost.exe port 135 entry.
  11. If you are using Firefox as your browser, it will by default open .pdf files using its internal PDF reader. No need to download and use Adobe's PDF Reader. Once the .pdf is open in FireFox, you should be able to directly print it w/o issue.
  12. Nfcu.org opens automatically in Eset Banking and Payment Protection hardened browser window on my Win 10 device. If access to nfcu.org can not be had in the browser, the issue might lie in Eset BP&P. You may have to manually add nfcu.org to BP&P Protected websites list and set it to normal browser mode until this issue is resolved.
  13. Here's how I would recommend an Eset PUA detection be evaluated. If the PUA detection source is from a download or installed software, first assess the source. If it was from a trusted publisher's associated web site, it is probably safe to exclude the detection. If the source is a cracked software download or from an untrusted download source, I would delete the download and/or uninstall the cracked software. The easiest way to get malware currently is to use cracked software.
  14. That's the date associated with first analysis of elevate.exe I assume. Yes. Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously.
  15. Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly. It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it.
  16. I also found this article on VPN split tunneling in Windows: https://www.comparitech.com/blog/vpn-privacy/vpn-split-tunneling/ . Scroll down to this section titled: How to split tunnel on Windows. In this section is described how to verify if split tunneling is enabled for your VPN connection using PowerShell commands. Also described is how to enable split tunneling if it is not enabled. One possibility here is the Eset installation in some way disabled split tunneling on the SurfShark VPN connection for some unknown reason. Therefore, the first thing you want to do is verify if spli
  17. One other setting to check in Eset GUI. In Firewall settings, verify that "Protection type of new networks" is set to "Use Windows setting" per the below screen. It should be since this is the Eset default setting.
  18. I would also contact SurfShark tech support in regards to a workaround in regards to Eset Internet Security use. I would imagine that this issue has cropped up previously in other AV Internet security products employing a firewall.
  19. @Marcoswhat I would like to see added to HIPS rule options is an add/write registry option. As it now stands, the only way this activity can be monitoring is to select "All registry operations." There are instances where I want to just monitor registry add/write activity.
  20. The issue as you posted appears to be this Whitelister feature of Surfshark VPN. As I interpret this feature, a "dual fork" network connection scenario is being created. Whitelister specified apps are bypassing the VPN and using the Win default network connection. A lot depends of how SurfShark handles this. I suspect that this rerouting of Whitelister app network traffic is being done internally by the surfshark.exe program. In other words all Eset "see's" network-wise is the Surfshark VPN connection. Also whereas Eset will allow for and if required create multiple known network con
  21. Correct and I do apologize. It works for example using import; i.e. regedit.exe, via opening a .reg file Where I screwed up and can see others doing the same is I added a key named "Test" via regedit interactively, Eset HIPS allowed it. Of course if you try to rename the key, Eset will detect that. Since I allowed the rename, any other subsequent activity that uses regedit, such as opening a .reg file against that key, will be allowed for current session.
  22. Then why doesn't write activity detection in this registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\* , work?
  23. I believe what you are stating is Eset HIPS has preset internal rules/whitelist/etc. that allow for monitoring write activity in select registry keys only. That is not acceptable. I should be able to monitor write activity in any registry area I desire.
  24. You're kidding here I hope. Here's a nasty one - Snatch ransomware: https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
  25. In the Eset firewall you created, change the protocol setting to any and retest.
  • Create New...