Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. I already posted a mitigation to Chrome for this: https://forum.eset.com/topic/27097-web-control-behind-a-proxy-not-showing-blocking-page-for-https-sites/?do=findComment&comment=128003 . OP said it didn't help. OP stated previously its occurring with all browsers.
  2. Here's something to ponder. I assume you are referring to notebook/laptop devices here? If the device is offsite, it's obviously not using the office network proxy. How are these devices configured Eset-wise in regards to proxy settings? Is this setting enabled which I assume it is: This would also explain why the client devices offsite have no Internet connectivity issues; they are not using a proxy. If client Eset device has an issue with using office proxy, it will fallback to a direct connection to Eset servers. This will fail due to office network settings requiring use of a
  3. Have you tried to create rules on these firewalls to allow all inbound/outbound traffic from ekrn.exe?
  4. This error code is due to a Win installer failure: https://itstillworks.com/install-idm-ubuntu-10040228.html . No apps can be installed until it is resolved.
  5. Review this: https://help.eset.com/protect_admin/80/en-US/remove_computer_from_management.html to ensure remove steps are performed in the correct sequence.
  6. To begin, the Eset Computer scan log only shows files Eset could not scan or ones where malware was detected. Open Eset Computer scan log. Select the scan log entry and open it. Scroll down to the bottom of the log entry details which will show total number of files scanned per the below screen shot:
  7. I assume this means your sending all outbound HTTPS traffic using port 8443? Of note per the prior Eset KB linked article:
  8. This rather long article gets into some details of the Kaspersky ban not widely known. Excerpt below: https://www.buzzfeednews.com/article/ilyazhegulev/russia-kaspersky-antivirus
  9. Yes, there was. It will take me some time to find the exact investigation details I found a while back. Overall, the ban was initially put in place due to FSB certification requirements already noted: https://www.zdnet.com/article/dhs-issues-directive-to-pull-government-use-of-kaspersky-lab-software/
  10. Some of the ASR rule protections are incorporated into the various Eset protection mechanisms; namely the HIPS. Some of the ASR protection rules are not; for example, "Block execution of potentially obfuscated scripts." Eset scans such scripts but will only block their execution if known malware exists or highly suspicious activity is being performed. Other ASR rules such as "Block Office applications from creating executable content" can be had in Eset by creating custom HIPS rules for like activity.
  11. Least it be forgotten, Kaspersky software was banned from all U.S. government installations with subsequent sales banning by major U,S. retailers for its association with the Russian government. Subsequent detailed investigations showed this was justified. Assumed and hopefully, Eset does not perform any software development activities in Russia. However that would not prevent product tampering in some form by a distribution source within Russia itself. At the minimum installation source data could be harvested and forwarded.
  12. The following would imply it does have Russian government connections: https://tadviser.com/index.php/Company:Leta_IT-company
  13. Of note is this appears to be the official Swedish Eset subsidary: https://mforum.se/mf_profil/eset__scandinavian_security_service_/10489http://www.eset.se Also an Eset trial license can only be activated once: I also believe this also applies to subsequent attempts to use additional trial licenses on a given device or individual user which appears to be what is attempting to be done here.
  14. You received an ACT.5 activation error on your previously purchased 6 month licenses. If you received the same error on this newly purchased 6 month license, note the following: Here's a reference to other Eset activation error codes and issues: https://support.eset.com/en/kb7297-resolve-act-or-ecp-errors-during-activation-home-users As far as I am aware of, Eset does not issue 6 month licenses. The minimum license period is one year. If you purchase an Eset license from other than an Eset authorized retail partner, you do so at you own
  15. I just just checked out the JULA web site in Sweden. They are indeed a "hardware" e.g. tools, etc., web site. Why they would be selling computer security software is beyond me. Here is Eset's web site for Sweden: https://www.eset.com/se/ . As far as I can determine, they are the only authorized e-tailer in that country. My best guess is these 6 month licenses you purchased were some type of special promotion or the like. I also suspect that they had an expiration date associated with them; possibly one year from purchase date regardless if license was installed or not. You will
  16. Based on your posting here: https://www.linuxmintusers.de/index.php?topic=66999.0 , you uninstalled Eset and the problem went away. So at this point, we've established Eset Linux is the issue.
  17. Appears that it is possible to update Vista to SHA-2 capability using Win Server 2008 R2 update. Ref.: https://borncity.com/win/2019/07/29/windows-vista-no-more-unofficial-updates-due-to-sha2/
  18. Here's an interesting tidbit. When I tried to download crypt.exe in FireFox: the download showed 0 bytes and was indeed empty. Scratching my head a bit, I then noticed that the download icon had a red dot I had never seen before. Opening it showed that Firefox blocked the download since it contained a virus. No alert from FireFox on this one however. Interestingly, I could download the .zip package w/o issue that contained crypt.exe. Thanks but no thanks on use of this puppy for anything.
  19. Also depending on the parent used to run crypt.exe, its malicious detection rate dramatically increases as noted here: https://www.virustotal.com/gui/file/5f46ba46f76623fcf4facd8fa2acecec1fa985651dd4c3982da7784310c47a90/relations
  20. I just referred back to a link: https://id-ransomware.blogspot.com/2020/10/mars-ransomware.html , I posted earlier in this thread. As of the end of Dec., 2020, no one yet has been able to harvest a MARS ransomware sample. Without a sample, it is impossible to positively determine the initial attack vector for this ransomware. What is known is the source is predominately e-mail based ; as most malware is. Are Eset recommended HIPS and firewall rules against ransomware link below - especially those in regards to e-mail clients - being deployed? https://support.eset.com/en/kb6119-confi
  21. Again, your missing the point. An app being signed does not guaranty that it is not malware. Numerous signed malware instances have been documented.
  22. I use both the HIPS and firewall rules and have observed no performance degradation on my very dated PC. A bit of history first in regards to Eset recommended HIPS and firewall rules noted in links 1 & 2. These were recommended prior to Eset Endpoint products implementing advanced ransomware protection that existed in its consumer products. This advanced protection now exists in the latest Eset Endpoint versions. As such, it is debatable if these custom HIPS and firewall rules are still needed on Eset consumer and Endpoint products. Also these rules especially if set to the speci
  23. Are you positive your network connection is active while in lock screen mode? Are other apps auto updating in this mode?
  24. Also read this posting: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-to-read-this/
  25. The reason why its not an issue for the Win firewall is Windows lets apps dynamically create firewall rules. This in effect overrides the purpose of using Interactive mode in the first place.
  • Create New...