Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. I had that issue when my EIS installation upgraded to ver. 14.1.21. It disappeared when EIS was subsequently upgraded to ver. 14.1.22.
  2. Of note: https://www.beyondtrust.com/blog/entry/ransomware-5-prevention-strategies On the shared resource, ensure UAC is set to max. level. Ransomware might be using a "living of the land" hidden admin elevation technique.
  3. Based on the alert shown, the encryption is failing because the device's motherboard either doesn't have a TPM module or the module ver. is not compatible with what is required for the encryption method selected.
  4. Could be a problem with your existing license. Eset wouldn't update if the license is not valid. Check your Eset Events log for any entries related to this updating activity. Post a screen shot of those entries if they exist.
  5. I also have 8GB memory installed on a very old system. Below is what FF uses with 4 tabs open: So you're using approx. double the amount of memory I am. However, note that FF memory usage is dependent upon what those tabbed web pages are displaying. Yes. I also see from your screen shot that AntiLogger is running. There could be real-time scanning conflicts with it and Eset. Additionally, it appears MalwareBytes real-time scanning is also running. There are known conflicts with it and Eset real-time scanning. Bottom line - your system resources might be depleted fr
  6. Since the default rule exists, delete any like custom rule you created.
  7. In past Eset versions, there used to be a default equi.exe rule. I believe the issue here is use of firewall Interactive mode. Do as I instructed and see if it eliminates the issue.
  8. Not convinced with this explanation. I see WMI errors resulting from Eset system startup WMI scanning of a few select areas. Appears even a single access causes an error.
  9. Check you existing Eset firewall rule set and verify that a rule exists for C:\Program Files\ESET\ESET Security\equi.exe. If one exists, verify it is set to allow inbound and outbound traffic. Otherwise, manually create a new rule for it. Move this equi.exe rule to the bottom of existing default firewall rules. You can use the default existing ekrn.exe rule as a guide for equi.exe rule creation. I believe this should stop the equi.exe alert after a new app rule is created firewall Interactive mode.
  10. Reinstall\repair Win 10 20H2 to get Microsoft Security Center fully functional. If your desire is to fully disable Microsoft Defender, it appears this solution: https://www.sordum.org/9480/defender-control-v1-6/ still works for Win 2004 and 20H2. Note it is not recommended to permanently uninstall Defender since it serves as a back up AV real-time solution in case Eset's real-time protection was disabled somehow or malfunctioned.
  11. If you actually removed Windows/Microsoft Security Center, that is the reason for the alert. It is a critical component of the Win 10 OS and needs to be installed and be functional. It not only controls Windows/Microsoft Defender and firewall use or non-use when a third party anti-virus solution is installed, but many other critical internal security components such as ; Win account, app & brower (exploit), and device security protection. It also monitors device performance and health status.
  12. Open Window Task Manager or Process Explorer if you have downloaded it previously. Keep an eye on your CPU usage %; especially when you have a browser open. Possibly, whatever you downloaded previously VPN wise might have installed a coin miner.
  13. Another thing to note in regards to SSL protocol use in Thunderbird. Below is a screen shot of all the SSL v3 ciphers that Thunderbird supports. I am starting to believe that Eset in ver. 14 is deferring to existing Win ciphers when it re-encrypts e-mail traffic and that is the issue. Eset's root cert. uses sha256RSA.
  14. This would be normal behavior in firewall Interactive mode if an existing app hash value changed and a previous firewall rule existed for it. However, equi.exe is Eset signed so there might be a bug there. You're going to keep getting the alert until you respond to keep existing firewall rules which I would select, or to create a new firewall rule for the app. You can also manually verify that equi.exe in C:\Program Files\ESET\ESET Security is also Eset signed indicating it is legit.
  15. This posting is a bit dated but I believe still applicable: https://serverfault.com/questions/656488/imap-tls-connection-to-dovecot-fails . This gist of the posting is if Dovecot e-mail server you're connecting to in Thunderbird does a TLS downgrade for some reason, it will fail resulting in the server connection failing.
  16. It is becoming apparent that for some unknown reason, Eset ver. 14 is not respecting local e-mail server SSL/TLS settings in an e-mail client. However, it appears that you are using Dovecot as your local e-mail server: https://www.dovecot.org/ . This is Linux/Unix based. Are you accessing this via the Win 10 Linux interface?
  17. Believe we are getting closer to the source of the issue here. My suspicion has been for a while that Eset in the latest ver. is disabling all SSL protocol scanning. The reason it is not showing up in browser blocking activity is that SSL has been disabled by default in most browsers for some time.
  18. I have received this alert periodically in other past versions of EIS. I could never really figure out what was the source of the alert. However, I do have allow the "Allow modification of signed (trusted) applications" disabled. Since I have the Eset firewall filtering mode set to default "Automatic" mode, application modification alerts should never appear since this feature is only applicable when the firewall is set to Interactive mode. My best guess is Eset has hidden internal rules in regards to application modification of their own processes and occasionally there is a "hiccup
  19. Microsoft Defender ATP has a UEFI malware scanner: https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/ . You will have to have Win 10 Pro+ installed and then purchase a monthly subscription for ATP protection. Kaspersky also has a UEFI malware scanner: https://www.extremetech.com/computing/315860-kaspersky-finds-sophisticated-uefi-malware-in-the-wild To my best knowledge, no security product exists that can remove UEFI/BIOS malware. Also note that MD ATP and Kaspersky AV solutions do exactly what Eset's UEFI p
  20. Eset off-line installers can be downloaded from here: https://support.eset.com/en/kb2885-download-and-install-eset-offline-or-install-older-versions-of-eset-products . Note: the ver. 14 located here is 14.0.21. It should auto update to ver. 14.0.22 shortly after installation. Or, you can force it to upgrade via in-product manual update option.
  21. Yours is a special case in that you are only having issues with your local e-mail server. You also never answered my previous question in regards to this server: If you have that set up for IMAP; i.e. non-encrypted traffic, you should be using either None or STARTTLS as security connection type.
  22. Try restoring to a file share reference by IP address. Believe that is where the issue lies.
  23. Where did you download Eset software from originally? Was it from the site where you purchased the original license key from? If so, appears to be what you downloaded was a cracked version of Eset.
  • Create New...