itman
-
Posts
12,149 -
Joined
-
Last visited
-
Days Won
319
Posts posted by itman
-
-
In my case, just getting Eset networking to function properly with my IPv6 network processing has always been a major hassle. My ISP's network uses 6rd tunneling to transmit IPv6 traffic on its IPv6 network. The IPv6 tunnel broker addresses are loaded on the WAN side of its issued gateways with connectivity to these addresses done via corresponding IPv6 multicast addresses assigned on the LAN side of the gateway. Also implied is DNS64/NAT64 is being deployed for IPv6 DNS processing. Once 6rd IPv6 processing has been fully initialized, two local subnet IPv6 DNS server addresses; both identical in value, are assigned.
The first Eset bork of the above with HTTP/3 scanning enabled is when I open Firefox with DoH enabled w/maximum protection. Shortly thereafter, one of the two local subnet IPv6 DNS server assigned addresses is dropped resulting in loss of IPv6 Internet connectivity. I still have local subnet IPv6 connectivity.
The second Eset bork occurs at IPv6 lease renewal time. Of note is the gateway uses mDNS for lease renewal activities. Shortly thereafter, one of the two local subnet IPv6 DNS server assigned addresses is dropped resulting in loss of IPv6 Internet connectivity. I still have local subnet IPv6 connectivity.
-
27 minutes ago, byxil said:
I would like to exclude from network scanning that device that has a fixed IP on the LAN
In current Eset versions, you can't set exclusions to Network Traffic Scanner.
28 minutes ago, byxil said:What is the procedure for opening a technical support request?
Open Eset GUI -> Help and Support -> Technical Support.
-
-
Based on this;
QuoteSecurity researchers at cybersecurity company Sophos explain that the abused MSI graphics driver offers I/O control codes directly accessible by user-mode processes, which violates Microsoft’s security guidelines on kernel memory access.
This makes it possible for attackers to read, write, or execute code in kernel memory without using shellcode or an exploit.
I would say they is no safe way to allow this vulnerable driver to remain installed on the system regardless of where it is stored at.
-
It's strange that Eset Network Traffic Scanner would block a ping from a device on a trusted network to another device on the same network. One possibility is Eset is monitoring for a ping flood attack: https://www.imperva.com/learn/ddos/ping-icmp-flood/ .
In any case if this is a major issue for you, I would open a tech support request about it.
-
1 hour ago, byxil said:
I tried, but there is no new entry in "Resolve blocked communication.", the value remain zero.
I guess we can assume that the Eset firewall is not blocking the inbound ping activity.
You will have to go through Eset logs; Detections, Filtered web site, HIPS, and Network Protection to determine if any entries exist related to this ping activity.
-
1 hour ago, tese01 said:
I have another question about the MSI Afterburner and RTSS programs. After installing these programs, I received alerts from Eset about the RTCore64.sys threat.
Based on this: https://hardforum.com/threads/major-security-vulnerability-in-msi-afterburner.2030538/ , the latest ver. of Afterburner is not vulnerable. I assume it installs a new version of RTCore64.sys driver. If Eset doesn't alert about it after latest Afterburner installation, you're good to go.
-
All the following URL's show PUA in Firefox;
https://prod-master.il2sturmovik.net
-
1 hour ago, Laplacian said:
denied all communication on that port in ESET firewall configuration, and the scan still shows it is open.
Eset firewall use has no bearing on if a port is open or closed. The router controls this.
My best guess is you have a device on your network that has port 53 access capability. Eset Network Inspector should show you which device; other than the router, that has this capability.
-
1 hour ago, tese01 said:
Was this driver installed with Windows or with other software?
Refer to this article: https://connect.tobii.com/s/article/TTL-InpOut?language=en_US . Also, other app software might use this driver
Appears compattelrunner.exe was scanning the system for installed software as it does and when it encountered inpoutx64.sys, this caused the Eset detection.
The bottom line is this driver is used by system parallel ports. The only thing I know that uses those are old printers.
-
2 hours ago, byxil said:
I have my router as a private network
On the Private profile, Eset's firewall trusts all connections on the local subnet; e.g. 192.168.1.0/24.
If you review Eset default firewall rules and scroll down to the rule title "Allow ICMP communication in the Trusted zone," all ICMP communication is allowed. This leads me to believe it's ICMP activity from the the VPN connection that is being blocked.
Ping from the HA server again. Immediately thereafter open Eset GUI -> Network Protection. Refer to the section titled "Resolve blocked communication." The count shown should be a non-zero value. Mouse click on Resolve blocked communication section. Shown should be the blocked ICMP communication and you can have the Eset firewall auto create a firewall rule to allow the ICMP traffic.
-
Does your Eset active network connection show as Public profile?
-
Slovakia observes daylight savings time. As such, update times effective 3/31 should be UTC/GMT +02:00;
QuoteIn Slovakia, the standard time is Central European Time (UTC+01:00).[1] Daylight saving time is observed from the last Sunday in March (02:00 CET) to the last Sunday in October (03:00 CEST).[2][3] This is shared with several other EU member states.[4]
-
To run commands/scripts/etc. that require admin privileges, the execution object must be started with that privilege. For example to run powercfg -h from a command prompt window, it must opened with admin privileges;
-
1 hour ago, Ahmeduchiha said:
The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work.
You can try AdGuard Uninstaller tool to remove both AdGuard Adblocker and VPN;
QuoteAdvanced method
In case regular uninstall doesn't work for any reason, you can try to use an advanced method. First of all, you need to download the uninstaller tool created by our developers. Extract the archive to any folder on your PC and run the Adguard.UninstallUtility.exe file, and allow the app to make changes to your device.
https://adguard.com/kb/adguard-for-windows/installation/
If Eset still doesn't detect properly afterwards, you will have to reinstall it.
-
On 3/28/2024 at 11:55 AM, Super_Spartan said:
last night my VPN which is hide.me can't connect until I either disable NOD32 temporarily or disable the Network Traffic Scanner, once it is connected and I enable NOD32 the VPN will continue to work
Add exclusion to Web Access protection per;
QuoteIf the application in question is not a browser or email client, you can completely exclude it from Web access protection (doing this for the browser or email client would leave you exposed). Any application that had its communication filtered in the past should already be in the list provided to you when adding an exception, so manually adding one should not be necessary.
https://help.eset.com/eea/10.1/en-US/solving_problems_protocol_filtering.html
The exclusion being;
8. Antivirus / Firewall
QuoteIf you’re using any Firewall/Security/Anti-virus software(s) on your computer, please disable them temporarily and see if that clears the problem? If it does, you will need to add an exclusion for hide.me VPN client file below into your Firewall/Security/Anti-virus software(s).
C:\Program files (x86)\hide.me VPN\hide.me.exehttps://hide.me/en/knowledgebase/why-a-vpn-connection-could-not-be-established/ -
Does the below apply to you per above linked Eset KB article?
Quote* Auto-renewal subscriptions will be automatically renewed with the upgraded product unless you manually downgrade the product before the next billing date (which commonly is 10 days before the subscription expiration date). Therefore, it is required for auto-renewal subscription owners who want to cancel this upgrade to do so at least 11 days before the subscription expiration date.
If your license expiration is within 10 days of expiration and auto-renewal is in effect, you can't downgrade the product. Your Eset Home Account will show if auto-renewal is in effect.
Best you contact your Eset authorized distributor is Spain about the situation.
-
17 hours ago, Ahmeduchiha said:
Adguard Adblocker for windows you will notice that ESET unable to detect the website.
Did you disable WFP use in Adguard Adblocker as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ ?
My advice is don't use anything installed AdGuard related with Eset. Their installed products overall are not compatible with Eset. Alternatives are to use Adguard browser extension or use uBlock Origin browser extension and activate AdGuard TPLs within it.
-
13 hours ago, Ahmeduchiha said:
ESET can't block the website and it does not show ESET SSL certificate.
No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false.
Did you disable Eset's SSL/TLS protocol scanning?
-
Since you are persistent in your desired use of this app, the only solution I know of is to disable Eset Browser Privacy & Security feature since it is what is alerting about this .dll.
Browser Privacy & Security is not an essential security protection. Its primary purpose is to examine browser search results and warn via icon notification about a suspect web site. As far as I am aware of, there is no way to create exceptions to Browser Privacy & Security.
-
16 minutes ago, Ahmeduchiha said:
Adguard can overwhelm ESET and bypass it's protection
Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?
-
1 hour ago, ecovalence said:
There is no "Submit sample for analysis" option in Tools.
-
1 hour ago, Ahmeduchiha said:
I don't know if use Wintun is the same as WFP or it's different filtering approach.
Turn on WinTun option. Reboot PC. Retest at AMTSO Phishing test site.
Ref: https://adguard-vpn.com/en/blog/adguard-vpn-v2-2-for-mac-and-windows.html .
Note that AdGuard documentation does not specifically state that WFP use is disabled when WinTun driver is used. But, the implication is the tunnel driver is bypassing WFP use.
-
Again ......
QuoteBy default AdGuard VPN uses the regular WFP driver
https://adguard-vpn.com/kb/adguard-vpn-for-windows/overview/
Eset also uses Windows Filtering Platform and this is where the conflict exists.
Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.
EIS 17.1.9.0 and HTTP/3 Scanning
in ESET Internet Security & ESET Smart Security Premium
Posted
As far as QUIC processing goes, I connected to a web site, Nkiri.com, known to use QUIC. All I observed was tunneled TCPv6 network traffic.