Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. No. Windows Setting options become effective when the setting is either enabled or disabled. At this point, I would recommend you export your Eset settings if you made any custom changes. Then uninstall Eset. Reboot and reinstall Eset. Import your Eset settings if you previously exported them. You can also try an Eset repair which is an option presented when the uninstaller runs to see if this fixes the issue. If it doesn't, then proceed with the full uninstall/reinstall of Eset.
  2. Appears to me that the laptop that you don't have NOD32 installed on is the one where you perform your riskiest Internet activity on. For that device, I would recommend you install an Eset product on; preferably Internet or Smart Security. For maximum protection, I would recommend Internet or Smart Security be installed on all your laptop devices.
  3. If you are using Eset's Home or office network protection mode, all your local network devices are Trusted. As such, there really is no reason to disable SSDP service since Eset will allow all that type network traffic.
  4. Use of a VPN is about privacy not security; although many make like claims. Also, care should be taken in choosing a VPN provider as there have been security issues with some. The primary reason a VPN is recommended for security reasons is when remote device access is required and as an alternative to Win RDP use.
  5. If you are using Eset's firewall Public network protection, the only trusted device on your network is the device where Eset is installed on. Eset;s default firewall rules for inbound SSDP traffic; i.e. UDP protocol port 1900, only allow this traffic for trusted network devices. To stop this blocking activity from occurring, there are the following options: 1. Switch Eset network protection mode for your network to "Home or office network." 2. Disable the Win SSDP service. This is the option I employ since I use Eset's Public network protection. 3. Disable UDP on your router if it exists and is enabled. What is occurring is the router is allowing other devices on your network "to discover" your device for connectivity purposes.
  6. I forgot about a legit reason for Eset removing ransomware note files - fake ransomware: https://threatsketch.com/six-ways-spot-ransomware-demand/ .
  7. Interesting. The issue I see here and of question is why your Visual Studio projects are being stored in C:\Users\Jerry\Documents? That is certainly not a place where executable's; note a .dll is an executable, should be stored. Note that MSBuild.exe is one of the trusted Win processes abused by hackers. For more details on how this is being done, read this article: https://www.hackingarticles.in/bypass-application-whitelisting-using-msbuild-exe-multiple-methods/ . It seems more than reasonable to me that Eset would detect a .dll created by MSBuild.exe being dropped to the Documents folder as suspicious activity. Also, it is uplifting to see that MSBuild.exe is being actively monitored by Eset.👍
  8. Open Eset GUI. Select Tools -> More Tools -> Log Files -> Detections. In that log should be an entry related to this MSBuild.exe file access detection. Right mouse click on the entry and select "Copy." The paste it into your next forum reply.
  9. I need you to copy the Detection log entry; not the entire log, and post it into a forum reply. Only Eset moderators can read forum attachments.
  10. One possibility is that since you have forced the Eset command line interface to start at boot time via posting it to the desktop taskbar, this is overriding the Win 10 Startup setting. Right mouse click on pinned Eset icon on the desktop taskbar and select "Unpin from taskbar." Now repeat enabling the Eset command line interface setting in Win 10 Startup section and verify if it stays enabled. If so, reboot and verify that Eset icon now appears on the desktop toolbar as it should,
  11. Also, post the Eset Detection log entry for this for review.
  12. It's not unusual for security products to use the presence of a ransomware note as one criteria in their ransomware behavior evaluation. Therefore, just the presence of a note would be enough to trigger their anti-ransomware detection processing. Appears in Eset's case, the presence of a note is enough to capture it, upload it for analysis, and then delete it. My concern here is what happens if Eset missed the ransomware, your files are encrypted, and it later detects the ransomware note? Appears the recovery procedure is create a real-time exclusion for the note detection and then remove the note from quarantine to be able to view the note. A bit of a stretch for the average user.
  13. There are a lot of things wrong with this e-mail. First, it "appears" to be a purchase for ESET Mobile Security for Android. As you stated, you did not purchase anything from Eset. Next, the license is only for 30 days which interestingly is the same period as Eset's trial period. Next is the footnote text of the e-mail referencing you as a business customer with multiple links shown for Eset business products downloads. However, ESET Mobile Security is an Eset Home version product. Finally and most potentially dangerous is the attached .zip file. As far as I am aware of, Eset would not send licensing data in as a .zip e-mail attachment.
  14. It is on my EIS 13.2.18 build along with System and everything else running on PC it appears:
  15. A workaround to this issue is to open the Amex web site in normal browser mode. How to do this is to open the Eset GUI and select Advanced setup. Then perform what is shown in the below screen shot. After the change, mouse click on the OK tab and any subsequent shown one to save you change. Note: If you still can't complete your transaction in normal browser mode, the issue is indeed with your browser and not Eset B&PP.
  16. Amex uses something called SafeKey to push what appears to be a secured browser window to enter the 2FA previously sent code. Eset B&PP might not "play nice" with this feature if the OP has it enabled: My bank also uses 2FA but the code entry field already exists on the logon screen.
  17. If you're referring to the frame.io web site, see the below screen shot. Eset doesn't block the site. On the other hand uBlock Origin had 20 detections on the logon web page alone. Might be why Eset allowed the site on my Eset installation.
  18. I would ask conjars.org why this code exists in their provided Maven pom.xml file. It is possible they are not even aware of it.
  19. Given the update issues you have had, it might be advisable to create a backup of network settings on the client devices you are supporting. This can be done via Admin level command prompt: netsh -c interface dump > C:\NetworkSettings.txt If a future Eset update borks the network settings, they can be restored via: netsh -f C:\NetworkSettings.txt
  20. Here's a complete article on Eset's RDP bruteforce blocking; https://www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/ Of note in this article is the non-Eset based installation best practices that also need to be implemented.
  21. This is exactly what I meant. Glad to see a clean install of ver. 13.2.18 is running w/o issue.
  22. This is a script to generate ad based popups. It is also designed to evade ad blockers such as AdBlock. Appears to me Eset just blocked the script on the web page and there was nothing really to clean. It is also possible the script is designed to prevent capture by security solutions and just deleted itself from the web page when captured. If this occurred on some random web site and is not recurring, I wouldn't worry further about it. There are extension/add-on versions of this script which is a more serious matter.
  23. BTW - Eset is going to try to update on those image restored devices. Are you blocking the update? You could also try manually downloading ver. 13.2.18 and installing on top of one these trouble devices as an experiment. Then observe if this also trashes the network connections; doubt it will.
  24. This is a weird one. Are you running Win 10 2004? One of its initial issues was audio drivers. Can't fathom how Eset HIPS would affect any driver updating. In fact, one of my pet peeves against Eset is the HIPS lets any driver load. -EDIT- Will also add, I have manually updated my Realtek network adapter driver with one downloaded from the Realtek web site w/o a peep from Eset. Now I haven't tried to do a driver update on the latest Eset 13.2.18 ver..
  25. Eset has a default firewall rule for svchost.exe that allows all outbound TCP & UDP protocol traffic to remote port 53. Verify that your existing firewall rule set does not have a rule that exists prior to the default firewall rule that also specifies remote port 53. It is possible that somehow such a rule was created inadvertently by you or while running in firewall Interactive mode. Additionally, Eset via internal proxy monitors outbound port 53 traffic. It is therefore imperative that no outbound port 53 traffic be blocked prior to the existing default firewall rule for ekrn.exe. If such a rule exists blocking outbound port 53 traffic, delete it or move it after the existing default rule for ekrn.exe. -EDIT- Note: a sure way to bork your DNS traffic is to fool around with Eset's default DNS firewall rule. Let's say you feel the rule is insecure. So you disable it and add your own DNS rule lets say specifying your ISP or third party DNS server IP addresses as remote IP addresses. As noted above, this busts the default ekrn.exe rule which is filtering DNS traffic via proxy. The end result is all your outbound DNS traffic is blocked.
  • Create New...