itman

HitmanPro Alert has a CryptoGuard feature that encrypts keystrokes. As such, this will most likely conflict with Eset's Secure browser keylogger protection which scrambles keystrokes.

I will also add some at wilderssecurity.com in the Eset form section have also posted this same activity recently. Appears to be related to ver. 17.0.16. I am using Firefox and ver. 17.0.16 and have not seen this issue to date.

I can confirm this. I download a sample from a malware share web site date 12/21 and Eset real-time protection immediately detected it; Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 12/23/2023 2:46:37 PM;Real-time file system protection;file;C:\Users\xxxxxxx\Downloads\d9c3810761942c6191a8e2dfb22b2178d6970bf474a908a4af1bc80b3022a774.exe;a variant of MSIL/GenKryptik.GRLZ trojan;cleaned by deleting;xxxxxxxx;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (69DEB494A366940463D41383EB019F54F593B680).;C5434C31851555523D380591C3C7A3EC884278B8;12/23/2023 2:46:16 PM

Check your Eset various log files for any blocked entires relayed to this cnmpaui.exe process. It is possible the process spawns a child process for Internet communication and Eset is blocking the child process from executing. Likewise, the Eset firewall might be blocking inbound Internet traffic to the chlld process.

It also appears that Payment_.exe is AgentTesla malware. Full analysis here: https://app.any.run/tasks/259c48d8-c759-4c81-b45b-a8aa0e0fb3b3/

You need to first locate where Payment_.exe file is stored on the Windows installation. The only way I know to do so is by using Win explorer to search your entire C:\* or Win installation drive. Once the file is located, you can use Eset Context scan option to scan the file. Note that malware often will delete its malware payload file. As such, the file may no longer exist on the Win installation drive.

Win 10/11 Security Center App & Browser Control settings control more than just SmartScreen processing. It also controls MDAG, if enabled, plus Win's very important native exploit protection per below screen shot. I know of no reason why this feature would be disabled upon a clean Windows installation;

Refer to below screen shot;

Discussed at length in this thread: https://forum.eset.com/topic/38965-eset-security-ultimate/?do=findComment&comment=176737 and others on this topic.

The Eset detection relates to the legitimate RemCom remote access tool which is often used maliciously. Additional references; https://support.alertlogic.com/hc/en-us/articles/360034494351-Windows-Server-RemCom-Tool-Remote-Shell https://github.com/kavika13/RemCom

Is there a problem with Push Notification servers today? The service keeps trying to connect and then gets dropped. This started after ver. 17.0.16 upgrade yesterday. Also, I am not receiving any Eset alerts about this;

Interesting VirusTotal analysis comment by Crowdsourced in regards to the .vbs script below;

I can access the web site w/o receiving an Eset malware detection.

Refer to this article: https://www.eset.com/int/about/technology/ .

Rather, what does it bork: https://forum.eset.com/topic/39194-eav-170160-with-browser-protection-enabled-blocks-edge/ ?

Something has changed in regards to Eset Push Notifications. I am now seeing it connect via HTTPS; i.e. port 443 versus the past use of port 8888 8883.

Temporarily disable this option and see if that solves the issue.

https://news.ycombinator.com/item?id=38063548 Might have something to do with Eset's heavy reCaptcha use.

It appears you are downloading Eset Internet Security versus NOD32. Assuming you have been issued an Eset license key, you can download the most recent version of NOD32 from here: https://support.eset.com/en/kb2885-download-and-install-eset-offline-or-install-older-versions-of-eset-products . Then activate it using the license key option.

This Steam supply chain issue might also be the culprit: https://www.bleepingcomputer.com/news/security/steam-enforces-sms-verification-to-curb-malware-ridden-updates/

For starters, do a hard reset on your router and see if that resolves the issue.

The screen shots you posted show IP address 192.168.0.10? In any case, here's Eset's knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows on how to create an IDS detection exclusion for 192.168.0.10.

Did you modify Eset default firewall rules? Refer to this thread: https://forum.eset.com/topic/39039-eset-firewall-and-steam/ . In this instance, the poster set Eset firewall to learning mode. In other words, Steam had unrestricted network access to the poster's device.

Refer to below screenshot: https://support-eol.eset.com/en/trending_eol_products.html

This won't work for this app: https://forums.lenovo.com/t5/Enterprise-Client-Management/Lenovo-Vantage-Enterprise/m-p/5016572?page=1#5181855