Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. In regards to IP address 10. 20.1.1, are any of these domain names: catsa-concretos.com, dc-corporativo.catsa-concretos.com, mupl-dc2.mupl.muprivate.edu.au and s1.azdata.net. familiar to you? Note that IP address range of relate to NAC RADB TESTING. Ref.: https://ipinfo.io/AS65534
  2. Avast blog article here: https://blog.avast.com/cybercapture-protection-against-zero-second-attacks . Detail on configuration options here: https://support.avast.com/en-us/article/54/ Of note is this feature exists even in Avast free version. Time Eset "get with the program" and offer same like capability for their home use products.
  3. What Eset component is blocking the program from running? If it's the real-time protection component, you will have to add an exclusion for the program.
  4. Did you check your credit card history on-line and verify if you were double charged for the renewal?
  5. If you wish to use HMPA with Eset, HMPA real-time protection needs to be disabled, As such, HMPA can be used as a second opinion scanner. On the other hand, you can save yourself some money and just download and run HMP as a second opinion scanner when you suspect malware that Eset hasn't detected.
  6. With Eset firewall disabled, the Win firewall would be active. Same rules; at least inbound ones, need to be created for the Win firewall I assume. That is unless Teams app will auto create the rules which can only be validated by someone who has it installed. The Microsoft linked article implies that installation of Microsoft/Office 365 should create these Teams related Win firewall rules.
  7. Add the Eset firewall rules shown here: https://forum.eset.com/topic/23439-microsoft-teams-issues/?do=findComment&comment=125604 I believe the rules shown are for an Eset non-Windows product. I believe only one Eset firewall rule is needed for Windows in which all ports and IP addresses can be specified at once. Ref.: https://docs.microsoft.com/en-us/microsoftteams/prepare-network
  8. https://docs.microsoft.com/en-us/microsoftteams/prepare-network
  9. Have you installed any Ethernet base LANSocket devices? These plug into existing house electrical wiring and transmit network traffic through the wiring. Much to my dismay, I found the one's I have use TelNet to communicate with each other. And there really is nothing you can do about it. As long as you don't reside in let's say an apartment building with shared electrical wiring, these devices using Telnet pose no risk. Note: there are Wi-Fi versions of these LANSocket devices. These need to have their default password; usually "Admin", changed to something more secure. To do so, yo
  10. There isn't enough information posted to determine exactly Eset is detecting. Incoming,Generic.Attack is something perhaps Eset has more knowledge as to source. All I can think of is an RDP brute force attack but I would assume Eset would post a like detection in the log.
  11. I have no issue accessing that web site on Win 10 20H2 using FireFox and Eset IS ver. 14.0.22:
  12. If this is PowerShell Empire related: https://www.hackingarticles.in/hacking-with-empire-powershell-post-exploitation-agent/ , most likely a backdoor has been created.
  13. @Marcosthere's a relatively simple solution to prevent this Thunderbird Eset certificate update issue from re-occuuring. If Eset can't access Thunderbird because its currently in use, it suspends the update processing. It then generates an Eset alert instructing the user to terminate Thunderbird processing so the certificate update can proceed. Once Thunderbird is shutdown, then Eset resumes the certificate update processing. Once update processing completes, Eset generates another alert indicating it's OK to re-open Thunderbird.
  14. You missed my point. Since the .exe was detected and removed by Eset, leaving the schedule task residual that ran that .exe in place would cause not later harm. I also again want to reiterate my totally disagreement with the "infected" status leveled at malwaretips.com because malware residuals exist. Rather it should be examined after the test what residuals still exist and if those are still of a malicious nature. In this category would be for example, residuals that would still allow access to the attackers C&C server and the like.
  15. Why did I anticipate this was going to be the answer? So let's analyze this. I have been an Eset customer since 2014. Not only do I pay a full license renew price, but the renewal price is considerable higher that a new license price. So it appears Eset's sales strategy is "to sock it to" their existing customers so they can lower the price to entice new customers. This might be for me "the last straw that permanently broke the Eset use back." Also considering the amount of time I spend on the Eset forum helping others, I should receive a free Eset license each year!
  16. Since what I posted has worked for at least two individuals with this problem, I will state what the Eset problem is. First on select Eset installations, a new Eset root certificate was created as a result of this new network protection module update. Why this happened only on some devices, Eset needs to investigate. What I did observe on the day of the network module update was that an Eset module update was attempted on my device upon first system startup that day. This was odd to me since I have never observed an Eset module update running at boot time. At this time I checked my Eset E
  17. @Kathryn in your case, here's what I recommend: 1. Delete existing Eset certificate in Thunderbird Authorities certificate store. 2. Important! Close Thunderbird app. 3. Follow this procedure: https://support.eset.com/en/kb7728-unable-to-access-or-receive-emails-in-thunderbird-with-eset-product-installed which should repopulate Eset's current certificate into Thunderbird. 4. Open Thunderbird. Access Thunderbird Authorities certificate store and verify that the Eset certificate exists and its the one with a valid date from Nov. 30. At this point, you should no longer ha
  18. Within Eset Network protection settings, verify for the active known network established that protection type is set to Home or office network.
  19. Very glad you posted this detail. On my Win 10 Eset installation, my current Eset installation root certificate has a valid from date of 4/13/2020. This same certificate is the one installed in Thunderbird. I also recently received the new Eset Internet protection module - ver. 1416. In other words, no recent Eset root certificate updating has occurred. I have no issues as far as Thunderbird goes. Therefore, I draw the following conclusions: 1. There is a possible issue with this new certificate Eset recently issued. 2. It is possible that Thunderbird is now
  20. Actually, this is not true. As your posted Autoruns screen shot shows although the scheduled task still exists, execution of it will error out since the file its trying to execute has been deleted by Eset.
  21. I assume this is the .exe that was responsible for creating the scheduled task and registry entries. I don't know if you are running WD with default settings which is a 30 sec. cloud scan time or, have manually modified it to the max. 60 secs.. In any case, the scan time was sufficient to reveal the noted system modification activities. I have made past postings in this forum that it would be "wonderful" if Eset could somehow interface with WD's block-at-first-sight processing. It sits as a front-end to WD's main real-time engine just like the AMSI interface does. Doubt Microsoft would a
  22. To add to what @Marcoshas previously posted, I have encountered past incidences in Thunderbird where multiple Eset certificates existed in Thunderbird's Authorities certificate store. What I advise if this situation exists is the following. First open Eset GUI and navigate to SSL/TLS settings. Under the Root Certificate section, select View certificate. Note particulars about the Eset certificate such as Valid From Date, etc.. Next, return to Thunderbird's Authorities certificate store and delete all Eset certificates other than the current Eset certificate noted previously. My spec
  23. Against my better judgement, I used Eset N.A. eStore to renew my current Internet Security license for two years. This was last Friday - Black Friday - and I paid $79.99. Today I became aware of this e-ad: https://www.eset.com/us/cyber-weekend-2020/ showing the price as $47.99! I interpret this ad to be effective Nov. 27, Black Friday, the date of my purchase. Worse if I go to the same eStore web site: https://www.eset.com/us/home/internet-security/ the price still shows $79.99! Believe I am owed a refund of $32 plus the difference in sales tax.
  • Create New...