Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. No. Those categories don't exist in Parental Control. Only content related categories; e.g. 12+, can be selected.
  2. I guess someone will have to run a test to determine if these browser based VPN's; here's another one; https://chrome.google.com/webstore/detail/stay-secure-with-cybergho/ffbkglfijbcbgblgflchnbphjdllaogb , can bypass Eset parental control blocking. Technically speaking, Eset's SSL/TLS protocol scanning is being performed on all ports. I guess it would depend on what VPN protocol is being used in these browser based VPN's. Appears Eset is only filtering TCP traffic.
  3. As far as bypassing parental controls, there are numerous apps to do so. Here's one for Chrome; https://chrome.google.com/webstore/detail/gom-vpn-app-to-bypass-blo/eelphgpfmjhndihoopgadghfonahifel . Any device a child has access to needs to be locked down. That includes installation of browser extensions.
  4. Of note is Microsoft had issues with the SSU component of the last cumulative update: https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb4601392-for-blocking-security-updates/
  5. If I remember correctly, your issue was WMI was abending? It was not the WMI error logging issue.
  6. When you run Eset's default scan, it is using the Smart scan profile. In this mode, Eset won't re-scan files already scanned. Also this scan profile scans WMI and registry entries. I don't believe these entries are included in the scan file count. When you run a Custom scan and select the In-depth scan profile, all files will be scanned. https://help.eset.com/eis/14/en-US/idh_config_scan.html?work_avas_ondemand_profiles.html
  7. I will also add that .lnk references in Win autorun locations such as startup directories, registry run keys, or the like are as a rule, highly suspect.
  8. This article might be of interest on how different browsers perform certificate validations: https://www.ssl.com/article/how-do-browsers-handle-revoked-ssl-tls-certificates/ . I also don't know if there is a resolution to this inconsistency in certificate verification. Google pretty much locks down access to Chrome internals. FireFox uses both CRL and OCSP by default unless OCSP has been manually disabled. The self-test SSL.com performed shows that FireFox with OCSP enabled is superior to Chrome in certificate checking ; at least on Window OSes.
  9. Based on OP's recent postings, I assume this disabling of Eset is to allow the questionable software he is using or trying to install to run unimpeded.
  10. I also don't know why Eset flags this cert. since it validates fine: No, this cert. shows revoked via OCSP server status. QUALS SSL status report here: https://www.ssllabs.com/ssltest/analyze.html?d=sagfunc5abbde991b39cdc0aos.cloudax.dynamics.com
  11. Here's the deal as far as FireFox goes; I don't use Chrome. When I enter this URL, https://saglobal-sandbox1ceacc237d6aa5aedevaos.cloudax.dynamics.com/ , I am redirected to this URL, https://login.microsoftonline.com/saglobal.com/wsfed?wa=wsignin1.0&wtrealm=spn%3a00000015-0000-0000-c000-000000000000&wctx=rm%3d0%26id%3dpassive%26ru%3d%2f&wct=2021-02-17T14%3a35%3a06Z&wreply=https%3a%2f%2fsaglobal-sandbox1ceacc237d6aa5aedevaos.cloudax.dynamics.com%2f , which results in the below web page being displayed. The sign on display format is the same as the one given when signing on
  12. I would check the router for all existing Wi-Fi connections. A while back a rogue one was set up on my router. Still don't know how that one happened. Eset's Connected Home monitor should show all router connections.
  13. Any web site with a revoked certificate in any form should be avoided period.
  14. Open up Eset GUI and verify the exclusion you created actually exists. You may not have saved it correctly. Remember to always mouse click on "OK" button and any subsequent one that appears when exiting any Eset GUI section. Also verify that you selected the correct certificate to exclude Also per the QUALS link I posted previously, it is not just the web site cert. that is bad. The Intermediate cert. it is chained to is also bad. This is most likely why Eset is still throwing a cert. alert for the web site:
  15. This bugger might also be Phorpiex Botnet malware, also know as Tldr, given its current widespread dissemination. Checkpoint has a great detailed analysis on it from which I will only note the worm spreading part: Another worm infection method this malware uses is: https://research.checkpoint.com/2020/phorpiex-arsenal-part-i/ This malware also includes a NetBIOS based worm: https://research.checkpoint.com/2020/phorpiex-arsenal-part-ii/
  16. in regards to your use of Chrome, it does. Exclude the web site's certificate from Eset's SSL/TLS protocol scanning. No need to totally disable SSL/TLS protocol scanning.
  17. Sophos has a write up on drivemgr.exe worm here: https://docs.sophos.com/central/MTR/selfhelp/en-us/central/MTR/learningContents/lc_LNKRemediationWorkflow.html . In their write up, it's being spread via a .lnk file that runs at startup via a Win autorun entry. This would explain why it keeps reappearing. Sophos also has a "SourceOfInfection" utility that can be used to identify network device where the .lnk autorun entries exist. Unfortunately, it appears it doesn't work on Win 10 or newer Win Server OS versions. Also appears its only of value if a Sophos AV solution is deployed since it
  18. No problem here on my Win 10 20H2 desktop using FireFox. Is the revoked cert. alert from the browser or from Eset? Which browser are you using when the alert appears? Did you use the same browser on the laptop where no issues exist?
  19. When you get this Unprotected Wi-Fi alert from Eset again, try to determine which Wi-Fi network connection it is flagging. My gut is telling me, this is not your WPA2 Wi-Fi connection set up on the router that you normally connect to.
  20. Do you have BonJour installed? As far as this event log entry: Appears Bonjour attempts to inject mdnsNSP.dll into every running process: https://apple.stackexchange.com/questions/132336/windows-why-does-bonjours-mdnsnsp-dll-inject-itself-into-every-process . Eset's ekrn.exe process won't allow that due to certificate restrictions employed on it. I don't even know if Bonjour runs properly on Win 10. You can either ignore the event log entry or uninstall Bonjour.
  21. I will also make this comment. If it isn't obvious yet, any download containing sadeempc.com references, direct or indirect in it, most likely is malicious. Sadeempc.com is a known malware hosting web site. Also a brief analysis by me noted a lot of crack downloads containing sadeempc.com references in them. Cracked software downloads are currently the primary method malware is being distributed. Refer to my postings on this subject in the forum's General Discussion section.
  22. As far as Eset's Connected Network settings as noted, each device's network adapter connection Protection type must be "Home or Office" per the below screen shot:
  23. Win 10 in regards to file share use is folder/directory permission based. Are you sure you set up these folder sharing parameters correctly on all your PC's:
  24. Depends on which browser you are using. There are two ways certificates are checked. 1. Certificate Revocation List; i.e. CRL. View this as a static method in that the browser in essence maintains a blacklist of revoked certificates. This list is periodically updated by the browser. Chrome uses this method by default. 2. OCSP responder servers; i.e. OCSP. View this as a dynamic method. These servers are queried whenever a web site certificate needs to be validated. FireFox uses this method by default. It is somewhat obvious the OCSP sampling as it is referred to is superior
  25. Today a few minutes after system startup, I observed two outbound connections from equi.exe. I have never seen outbound traffic like this before. Is this normal equi.exe behavior?
  • Create New...