Jump to content

itman

Most Valued Members
  • Content Count

    8,077
  • Joined

  • Last visited

  • Days Won

    195

Everything posted by itman

  1. This article: https://www.wikihow.com/Block-YouTube covers blocking youtube on different types of devices.
  2. This article gets into more detail on ARP poisoning: https://www.comparitech.com/blog/vpn-privacy/arp-poisoning-spoofing-detect-prevent/ . The article section to note is How To Detect ARP Poisoning -> Command Prompt: The important point to note in the Eset KB article on ARP cache poisoning is: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows Another source for Eset's ARP cache Poisoning detection is a malfunctioning router where auto DHCP processing is assigning the same IP address to two or more devices. Exampl
  3. If Eset protocol filtering turns out to be the issue, you can enter, one by one, the above shown remotepc executable's as exclusions to Eset's protocol filtering until all the conflicting .exe's have been excluded.
  4. Appears you have enabled "Log all blocked operations" in HIPS advanced setup section. That option should not be enabled because of possible misinterpretation of log entries as is occurring here.
  5. I assume you mean secure boot? Here's how to disable that: https://www.thewindowsclub.com/disable-secure-boot-in-windows . Note the following:
  6. The problem here is MicroCenter has a separate registration process process noted here: https://community.microcenter.com/discussion/2997/how-to-activate-and-install-eset-antivirus-trial-on-your-powerspec-computer . They require entry of the following information which is not required when purchasing a license directly from Eset. If the State drop down box doesn't allow for state code selection, you will have to contact MicroCenter tech support for assistance in resolving this
  7. Although it doesn't specifically mention wildcard support in Parental Control URL exceptions, Eset accepted the following URL specifications: *.youtube.com/* *.facebook.com/* Create these as a Block exceptions and then test. If this doesn't work in Parental Control, you will have to add the above as entries in Internet Protection -> Web access protection -> URL Address Management -> Address list -> Edit -> List of blocked addresses.
  8. Also and notable is Kaspersky VPN does not host DNS servers in the Philippines; or Indonesia for that matter: https://anonymster.com/reviews/kaspersky-vpn-review/
  9. Based on the below, remotepc is using port 443 exclusively: https://login.remotepc.com/faq_firewall As such, this has to be a NOD32 SSL/TLS protocol scanning issue. Did you disable it on a test device as requested? If this disabling doesn't solve the issue, uninstall Eset on the test device. If the issue continues with NOD32 uninstalled, the issue is not related to NOD32.
  10. BitDefender's TrafficLight has been a joke ever since they introduced the feature. "Each to their own" as the saying goes.
  11. My device was updated to ver. 22871 this morning at boot time. Note this: This is the time the signature database was updated at Eset. It takes time to roll this update out to all the relay servers Eset uses throughout the world. Also there might be a temporary outage at the relay server servicing you.
  12. I did a big of research on this issue. It appears anything to do with this domain, 0x1f4b0.com, is probably malicious. Here's an anyrun.com sandbox analysis for hxxps://005.0x1f4b0.com: https://any.run/report/c9270df0bb81eefa3f3f18c3627123bd0c325861b7ff652d58826a61bc9c853b/f4895086-cbc0-4be8-8d3b-c8b14daf0d45 . Verdict -malicious. Also any attempt to access 0x1f4b0.com in FireFox is blocked by uBlock Origin Easy Privacy filter. The fact that this domain was appended to your Eset Network Connections tool display indicates to me that your VPN connection is hacked. Again, uninstal
  13. According to this article: https://www.idropnews.com/how-to/how-to-install-and-uninstall-wot-for-safari-on-mac/56503/ , it is. Well, I guess it is no longer supported: https://support.mywot.com/hc/en-us/articles/360035501393-Safari-Extension-Update
  14. Uninstall Kaspersky VPN and see if this resolves all these network issues you are concerned about.
  15. I guess I should also note that other AV solutions appear to have issues with VPN split tunneling. I saw a web posting that AVG/Avast doesn't support it. Eset should at least research this and post a KB article stating they also don't support it if that is the case.
  16. NOD32 doesn't include Network Protection as Internet/Smart Security versions do. As such, it wouldn't be related direct network connection monitoring activites. I would temporarily disable SSL/TLS protocol scanning in Eset Internet Protection section and see if that resolves the issue with this remotepc.com app.
  17. I will also add I scanned macmetalarchitectural.com at quttera.com. It downloaded over 80 files from that site and scanned all of them and didn't detect anything.
  18. Refer to the netstat output you posted. Note all the ksde.exe references; especially in regards to IPv4 localhost connection. Ksde.exe is either Kaspersky Anti-virus: https://www.file.net/process/ksde.exe.html , or Kaspersky VPN Secure Connection software. For the present, I assume it is the later. I assume all the weird Eset network connection display of IPv4 addresses is due to the use of Kaspersky VPN Secure Connection operation. Note that this VPN feature is usually implemented as part of a Kaspersky security software installation. The Kaspersky web site however notes it can be i
  19. Open an admin level command prompt window and enter: netstat -anob This will give you a better idea what you current network connections status is. I have no clue why the above Eset network connections are showing what it is. It is normal to see two network connections for a process for the same port when both IPv4 & IPv6 are enabled. However, the IP addresses in the listening state should be 0.0.0.0 and ::. Also suspect is all ports being shown except for svchost.exe port 135 entry.
  20. If you are using Firefox as your browser, it will by default open .pdf files using its internal PDF reader. No need to download and use Adobe's PDF Reader. Once the .pdf is open in FireFox, you should be able to directly print it w/o issue.
  21. Nfcu.org opens automatically in Eset Banking and Payment Protection hardened browser window on my Win 10 device. If access to nfcu.org can not be had in the browser, the issue might lie in Eset BP&P. You may have to manually add nfcu.org to BP&P Protected websites list and set it to normal browser mode until this issue is resolved.
  22. Here's how I would recommend an Eset PUA detection be evaluated. If the PUA detection source is from a download or installed software, first assess the source. If it was from a trusted publisher's associated web site, it is probably safe to exclude the detection. If the source is a cracked software download or from an untrusted download source, I would delete the download and/or uninstall the cracked software. The easiest way to get malware currently is to use cracked software.
  23. That's the date associated with first analysis of elevate.exe I assume. Yes. Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously.
  24. Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly. It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it.
×
×
  • Create New...