-
Content Count
7,776 -
Joined
-
Last visited
-
Days Won
191
Everything posted by itman
-
In regards to IP address 10. 20.1.1, are any of these domain names: catsa-concretos.com, dc-corporativo.catsa-concretos.com, mupl-dc2.mupl.muprivate.edu.au and s1.azdata.net. familiar to you? Note that IP address range of 10.0.0.0/8 relate to NAC RADB TESTING. Ref.: https://ipinfo.io/AS65534
-
Avast blog article here: https://blog.avast.com/cybercapture-protection-against-zero-second-attacks . Detail on configuration options here: https://support.avast.com/en-us/article/54/ Of note is this feature exists even in Avast free version. Time Eset "get with the program" and offer same like capability for their home use products.
-
License Manager Shows 2 Activated Products on Same Windows PC
itman replied to braunie's topic in ESET NOD32 Antivirus
Did you check your credit card history on-line and verify if you were double charged for the renewal? -
With Eset firewall disabled, the Win firewall would be active. Same rules; at least inbound ones, need to be created for the Win firewall I assume. That is unless Teams app will auto create the rules which can only be validated by someone who has it installed. The Microsoft linked article implies that installation of Microsoft/Office 365 should create these Teams related Win firewall rules.
-
Add the Eset firewall rules shown here: https://forum.eset.com/topic/23439-microsoft-teams-issues/?do=findComment&comment=125604 I believe the rules shown are for an Eset non-Windows product. I believe only one Eset firewall rule is needed for Windows in which all ports and IP addresses can be specified at once. Ref.: https://docs.microsoft.com/en-us/microsoftteams/prepare-network
-
https://docs.microsoft.com/en-us/microsoftteams/prepare-network
-
Port 23 Telnet open
itman replied to Confuzzledcarl's topic in ESET Internet Security & ESET Smart Security Premium
Have you installed any Ethernet base LANSocket devices? These plug into existing house electrical wiring and transmit network traffic through the wiring. Much to my dismay, I found the one's I have use TelNet to communicate with each other. And there really is nothing you can do about it. As long as you don't reside in let's say an apartment building with shared electrical wiring, these devices using Telnet pose no risk. Note: there are Wi-Fi versions of these LANSocket devices. These need to have their default password; usually "Admin", changed to something more secure. To do so, yo -
Unresolved Security vulnerability exploitations
itman replied to StotheR's topic in ESET Products for Windows Servers
There isn't enough information posted to determine exactly Eset is detecting. Incoming,Generic.Attack is something perhaps Eset has more knowledge as to source. All I can think of is an RDP brute force attack but I would assume Eset would post a like detection in the log. -
If this is PowerShell Empire related: https://www.hackingarticles.in/hacking-with-empire-powershell-post-exploitation-agent/ , most likely a backdoor has been created.
-
@Marcosthere's a relatively simple solution to prevent this Thunderbird Eset certificate update issue from re-occuuring. If Eset can't access Thunderbird because its currently in use, it suspends the update processing. It then generates an Eset alert instructing the user to terminate Thunderbird processing so the certificate update can proceed. Once Thunderbird is shutdown, then Eset resumes the certificate update processing. Once update processing completes, Eset generates another alert indicating it's OK to re-open Thunderbird.
-
You missed my point. Since the .exe was detected and removed by Eset, leaving the schedule task residual that ran that .exe in place would cause not later harm. I also again want to reiterate my totally disagreement with the "infected" status leveled at malwaretips.com because malware residuals exist. Rather it should be examined after the test what residuals still exist and if those are still of a malicious nature. In this category would be for example, residuals that would still allow access to the attackers C&C server and the like.
-
I Am Very Ticked Off!
itman replied to itman's topic in ESET Internet Security & ESET Smart Security Premium
Why did I anticipate this was going to be the answer? So let's analyze this. I have been an Eset customer since 2014. Not only do I pay a full license renew price, but the renewal price is considerable higher that a new license price. So it appears Eset's sales strategy is "to sock it to" their existing customers so they can lower the price to entice new customers. This might be for me "the last straw that permanently broke the Eset use back." Also considering the amount of time I spend on the Eset forum helping others, I should receive a free Eset license each year! -
Since what I posted has worked for at least two individuals with this problem, I will state what the Eset problem is. First on select Eset installations, a new Eset root certificate was created as a result of this new network protection module update. Why this happened only on some devices, Eset needs to investigate. What I did observe on the day of the network module update was that an Eset module update was attempted on my device upon first system startup that day. This was odd to me since I have never observed an Eset module update running at boot time. At this time I checked my Eset E
-
@Kathryn in your case, here's what I recommend: 1. Delete existing Eset certificate in Thunderbird Authorities certificate store. 2. Important! Close Thunderbird app. 3. Follow this procedure: https://support.eset.com/en/kb7728-unable-to-access-or-receive-emails-in-thunderbird-with-eset-product-installed which should repopulate Eset's current certificate into Thunderbird. 4. Open Thunderbird. Access Thunderbird Authorities certificate store and verify that the Eset certificate exists and its the one with a valid date from Nov. 30. At this point, you should no longer ha
-
Very glad you posted this detail. On my Win 10 Eset installation, my current Eset installation root certificate has a valid from date of 4/13/2020. This same certificate is the one installed in Thunderbird. I also recently received the new Eset Internet protection module - ver. 1416. In other words, no recent Eset root certificate updating has occurred. I have no issues as far as Thunderbird goes. Therefore, I draw the following conclusions: 1. There is a possible issue with this new certificate Eset recently issued. 2. It is possible that Thunderbird is now
-
Actually, this is not true. As your posted Autoruns screen shot shows although the scheduled task still exists, execution of it will error out since the file its trying to execute has been deleted by Eset.
-
I assume this is the .exe that was responsible for creating the scheduled task and registry entries. I don't know if you are running WD with default settings which is a 30 sec. cloud scan time or, have manually modified it to the max. 60 secs.. In any case, the scan time was sufficient to reveal the noted system modification activities. I have made past postings in this forum that it would be "wonderful" if Eset could somehow interface with WD's block-at-first-sight processing. It sits as a front-end to WD's main real-time engine just like the AMSI interface does. Doubt Microsoft would a
-
To add to what @Marcoshas previously posted, I have encountered past incidences in Thunderbird where multiple Eset certificates existed in Thunderbird's Authorities certificate store. What I advise if this situation exists is the following. First open Eset GUI and navigate to SSL/TLS settings. Under the Root Certificate section, select View certificate. Note particulars about the Eset certificate such as Valid From Date, etc.. Next, return to Thunderbird's Authorities certificate store and delete all Eset certificates other than the current Eset certificate noted previously. My spec
-
Against my better judgement, I used Eset N.A. eStore to renew my current Internet Security license for two years. This was last Friday - Black Friday - and I paid $79.99. Today I became aware of this e-ad: https://www.eset.com/us/cyber-weekend-2020/ showing the price as $47.99! I interpret this ad to be effective Nov. 27, Black Friday, the date of my purchase. Worse if I go to the same eStore web site: https://www.eset.com/us/home/internet-security/ the price still shows $79.99! Believe I am owed a refund of $32 plus the difference in sales tax.