-
Posts
12,172 -
Joined
-
Last visited
-
Days Won
319
Posts posted by itman
-
-
Also this website: https://www.magereport.com/scan/?s=https://screwman.co.za shows multiple issues with Magento software used by https://screwman.co.za web site.
-
40 minutes ago, shadowflex said:
The high traffic always comes from ekrn.exe. It completely saturates my 1gbit connection to the point where I can barely do anything browser related.
When this activity occurs, open Eset GUI -> Setup -> Network Protection. Does "Recently blocked applications or devices" show a non-zero value?
-
If you search the forum, most of the postings in regards to the Tor browser are that Eset is not blocking access to it as specified. As such, I doubt your Tor browser issue is due to NOD32.
-
Trustwave has an article on how to check for magecart malware here; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/ .
-
Also since this game, Call of Duty: Modern Warfare 3 (2011), is a Win 7 era product, you have to use Win 8.1 graphics card drivers for it to work properly on Win 10;
QuoteIt works fine on 10, you just have to use 8.1 driver, not default 10, which is incompatibile. I have used 8.1 drivers from 2014 to get it working on my laptop, the newest have failed.
https://steamcommunity.com/app/42680/discussions/0/618457398977013522?l=russian#c618458030657355443
-
One possibility here is your Win 10/11 network settings are corrupted.
What I suggest is you first uninstall ESSP in Safe mode. Then uninstall the game. Reboot the PC.
Now in Win 10/11 desktop toolbar search window, type "reset' minus the quote marks. Select "network reset" from the displayed items. At this point the following screen is displayed;
When you mouse click on the Reset now button, Windows will disable your existing network connection for approx. 5 mins. while it totally resets it network processing. Then the PC will auto restart itself with Windows network processing completely reinitialized.
Now install your game. Does it work properly? If not, then the problem is not related to ESSP.
Next, install ESSP. Does the game still work properly? If it does not, the collect Eset logs as @Marcos previously instructed and attach to your next posting.
-
1 hour ago, zoltanthegypsy said:
I have some general privacy concerns about some of the logs - without really digging in to see what they include.
Eset Log Collector only collects existing Eset logs plus select system OS related data. You can post the archived output here in the forum. Only Eset moderators have access to forum attachments
-
Are you using any anti-keylogger software? Most notably, KeyScrambler which performs the same activities as Eset B&PP keyboard protection.
-
This alert appears to be originating from the Huawei phone? It has a built-in AV solution. Similar posting here: https://forum.eset.com/topic/32965-huawei-optimizer-detected-eset-mobile-security-as-a-threat/#comment-153199 where the AV was detecting Eset as malware.
You will have to contact Huawei about this detection.
-
Also, it's possible that where ever you downloaded Tor from is using a compromised Tor installer: https://www.darkreading.com/attacks-breaches/trojan-rigged-tor-browser-bundle-drops-malware .
-
13 hours ago, gary_seven said:
itman -
almost an hour and no alerts with NI disabled. Next steps?
I have Network Inspector permanently disabled since it interferes with my ISP issued router's 6rd tunnel processing. Looks like you will have to do the same.
You don't need Network Inspector. It's primary purpose is scan your network for any rogue devices that might exist.
-
4 hours ago, Slicendice said:
Attached is an example with a threat but the "file" was deleted, but it should still link to the file name and path details information.
Search for deleted file in Eset Quarantine. Path details are shown there.
Also, the Detection log entry associated with this event should show the file path.
-
20 minutes ago, gary_seven said:
Just to satisfy my own curiosity, I rebooted my laptop and, unfortunately the alert was sent again.
Network Inspector performs network validation activities at system startup time, resume from sleep mode, etc..
Again disable NI and keep it disabled. Reboot the PC. Do the alerts now appear?
-
Actually, existing Eset on-line help alludes to the fact Custom scan option is not to be used for full disk scans;
QuoteCustom scan launcher
You can use the Custom Scan to scan operating memory, network, or specific parts of a disk rather than the entire disk. To do so, click Advanced scans > Custom scan and select specific targets from the folder (tree) structure.
https://help.eset.com/essp/16.2/en-US/idh_page_scan.html?idh_scan_target.html
-
As far as I am concerned, the Eset Scan GUI processing needs to be revised.
When the user selects Computer scan option, the next screen displayed shows all the available scan profile options;
QuoteScan Type:
x Smart computer scan(Default) *
_ In-depth computer scan **
_ Custom scan
_ Context menu scan
* Archives not scanned and Smart optimization technology deployed
** Archives scanned and Smart optimization technology not deployed
Scan Scan as Administrator
If Smart or In-Depth, options are selected, the scan starts immediately. If Context menu or Custom scan selected, its associated screen is displayed next.
Additionally, Eset documentation needs to be revised to note that Custom scan is to be used only for scanning select option sub-categories and not for a full system scan.
-
-
2 minutes ago, Marcos said:
Actually I reproduced it using a custom scan -> in-depth profile.
Err ...... I would expect so since this issue started with this scenario.
Modify default scan profile for the default scan to In-depth and run a default scan as I instructed here: https://forum.eset.com/topic/38442-long-scanning-time-after-laptops-falls-a-sleep/?do=findComment&comment=174265 .
-
44 minutes ago, Marcos said:
Yes, we have pinpointed it to the Cleaner module, in particular, to recent changes in the registry value parser which ineffectively parses certain registry values with many tokens and that unnecessarily prolongs the scan time.
If it was related to an Eset module, one would expect the same erratic Custom scan In-depth profile behavior to manifest when using the In-depth profile for a default scan which is not the case.
Some other undisclosed scan behavior is occurring when a Custom scan is being used which needs to be fully disclosed. For example, the registry option should not be selected when performing a Custom scan.
-
1 hour ago, Purpleroses said:
How do you do a on demand scan rather then a custom scan?
On-Demand scan option is the default when you select "Scan my computer" via Eset GUI.
If you wish to change it from the default Smart profile scan, you would first have to enter Advanced setup mode in the GUI. Then select Malware Scans option. At this point, the On-demand scan options are presented. Change Selected profile option to In-Depth and save your changes. Exit Advanced setup mode and now select Computer scan -> Scan my computer.
Once the scan is completed, you can repeat the above and change profile option back to Smart mode if you so desire.
-
Below are the scan log entries from two test scans I ran today. Both scans ran for approximately the same time till I terminated then.
Custom scan using In-depth profile - Eset still scanning registry entries at time of scan termination;
Time;Scanned folders;Scanned;Detected;Cleaned;Status
10/24/2023 10:28:43 AM;Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\;E:\Boot sectors/UEFI;E:\;G:\Boot sectors/UEFI;G:\;H:\Boot sectors/UEFI;H:\;3990;0;0;Interrupted by userOn-demand scan using In-depth profile - Registry scanning completed and Eset scanning WMI entries at time of scan termination;
Time;Scanned folders;Scanned;Detected;Cleaned;Status
10/24/2023 2:27:42 PM;Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;E:\Boot sectors/UEFI;C:\;D:\;E:\;WMI database;System registry;16036;0;0;Interrupted by userNote the difference is scan parameters generated by Eset.
-
1 minute ago, Marcos said:
When running an in-depth scan, both fileless registry entries and referenced files on the disk are scanned without using cache and regardless of the whitelist status which is why in-depth scans take hours.
Re-read what I just posted.
There is no issue with In-depth profile registry scanning when done from the On-demand scan option. Therefore the issue is not with the In-depth scan profile since the same profile is supposed to be used in a Custom scan.
-
As far as I am concerned, I know what the issue is. First, a review of Smart and In-depth profile ThreatSense parameters as shown in the On-Demand scan option. The difference between the two profile options is;
Smart scan - Archives are not scanned. Smart Optimization is enabled.
In-depth scan - Archives are scanned. Smart Optimization is disabled.
The registry scan time for both profile options is the same; approx. 2 min..
Now for the Custom scan option.
The Smart scan profile results in regards to registry scan time is the same as that for On-Demand Smart scan - approx. 2 mins. The In-depth registry scan time is well, in hours. What Eset is doing in the registry scan is beyond me and I don't really care at this point.
If you wish to perform an In-depth scan, do so from the On-demand scan option selecting the In-depth scan profile.
-
18 minutes ago, Marcos said:
Cancelling a registry scan may take minutes if a big file referenced in the registry is being scanned at the moment.
As I posted previously, ping.exe (22 KB) was being scanned when I attempted to cancel the scan in non-Admin mode. No problem at all cancelling the scan in Admin mode.
-
11 minutes ago, Marcos said:
As for enabling Smart optimization in the In-depth scan, I meant this:
FYI to others. The setting exists under ThreatSense -> Other settings for On Demand In-Depth scan profile,
ESET GUI stops responding and network usage is 100%
in ESET Internet Security & ESET Smart Security Premium
Posted
I believe the problem here is the Eset default firewall rule for "Allow access to shared files and printers." This rule will only allow remote access to IP addresses listed in the firewall Trusted zone. The problem is your existing Eset network connection/s were established using the Win firewall profile which by default is the Public profile. The Eset Public profile does not create any local network IP addresses for the Trusted Zone.
What you will have to do is create an equivalent Est default "Allow access to shared files and printers" rule specifying the IP address for the three mapped network drives in the Remote host setting. Then move the new rule prior to the existing "Allow access to shared files and printers" rule.
Alternatively, you can use the Eset Network Wizard to unblock all existing blocked communication by selecting "Resolve blocked communication" and manually unblocking everything shown as blocked. The Wizard will create necessary Eset firewall rules to allow the network activity. Note that the burden is on you to verify that this activity is legit network communication.