Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. Open Eset GUI. Select Help and support. Per the below screen shot, verify that Eset license is activated:
  2. For maximum protection, I would set both Potentially Unwanted and Unsafe application settings to Balanced.
  3. Win 10 x(64) 20H2, EIS 14.0.22 Yesterday I noticed that EIS had created a firewall profile for Teredo. My question is why? Teredo has been disabled in Win 10 for some time. Additionally verified this was the case per below screen shot: I find it a bit disconcerting that Eset can create a firewall profile for a non-existent network connection.
  4. Did you install WinPcap? https://support.eset.com/en/kb6717-install-eset-rogue-detection-sensor-on-a-different-computer-than-eset-security-management-center-server-7x
  5. According to this: https://help.eset.com/essp/14/en-US/enc_intro.html?enc_encrypted_removable_drive.html if you enabled the option: "Decrypt automatically on this Windows account" when you created the password for the USB drive, all the files on that drive should be automatically decrypted when the USB drive is connected to the device where the password was created. As such, you should be able to access all files on that drive as you wish as long as it's connected to the device where the password was created.
  6. I am running latest version of FireFox as my default browser on Win 10 x(64) 20H2 and having no issues with B&PP.
  7. Contact Eset North America: https://www.eset.com/us/about/contact/ about adding new seats to your existing license. That is only offered in Smart Security version. It's up to you to decide if they are of value to you.
  8. I believe you are referring to what is stated here: https://support-eol.eset.com/en/trending_win_10.html . Simply put, it states that older versions of Eset might not be compatible with Win 10 starting in the first half of 2021 due to changes Microsoft is making to Win Update processing. As far as existing Eset home products goes, this applies to any Eset versions older that 13.2. Also if you are currently running an Eset version this applies to, you should already be receiving Eset alerts to upgrade your existing Eset version. I also suspect that these Microsoft Win Update changes w
  9. Just noticed this. See below screen shot. Rules show leading comma in front of path name on aggregate rules screen. Within the rule, path name does not have the comma character. Also appear this doesn't affect any rule functionality.
  10. So exactly what is the problem? As @peteytposted, Eset is compatible with all supported Win 10 versions. As such, you can delay Win 10 updates as long as you wish. Eset gets its Win 10 update status information from the Microsoft web site catalog. If Eset's notification that Win 10 updates are available is the issue, you can disable that notification in Eset GUI User Notifications section.
  11. The problem with MARS ransomware is the sources that analyze ransomware and develop decrypters haven't been able to find a sample of it. Ref.: https://id-ransomware.blogspot.com/2020/10/mars-ransomware.html Note per above reference, Eset does detect MARS. This further supports the theory of an attacker RDP incursion into the local network. Then disabling Eset to run the ransomware.
  12. There is no direct correlation between Eset and Windows Updates. An exception would be for Win 7 where specific updates must be installed since Microsoft no longer supports SHA1. This is not to say that some Win Update could bork Eset but the likelihood is extremely remote based on past history. Most of the Eset new release issues arise due to some Win configuration on select devices. These are usually the result of either intended or non-intended user OS or app setting changes from default values.
  13. The answer to that is yes. Hacking Win firewall rules for example is rather trivial since they are stored in the registry in clear text. Add to this, disabling the Win firewall is no big deal.
  14. Also be aware that by adding all those external subnet IP addresses to the VNC server device's Eset Trusted zone, all existing Eset default firewall rules that specify Trusted zone criteria such as existing NetBIOS rules will also allow all those existing external subnet IP addresses. In other words, connection exclusively by the VNC ports you specified would be overridden.
  15. Eset gives you "the most bang for your bucks" in this category. Interesting to see how fast someone filled the void by NSS Labs demise which used to do like analysis for $$$$$: https://www.av-comparatives.org/reports/endpoint-prevention-response-epr-test-2020/
  16. Here's a feature comparison between Eset home use products: https://support.eset.com/en/kb318-features-available-in-windows-eset-home-products . You will have to refer to either Internet or Smart Security documentation for further details on features contained in both that are not contained in NOD32.
  17. Since this is an inbound firewall rule, remove all Local section IP addresses and the Trusted Zone reference. Only thing required in the Local section is ports 5800 and 5900. This will allow inbound access to the local defined subnet/s for this device from all external subnets defined in the Remote section. Also remove the Trusted Zone reference and any port references in the Remote section. Ref.: https://forum.eset.com/topic/2235-eset-blocking-ultra-vnc-please-help/?do=findComment&comment=12772 I will also note that it appears you want to allow all inbound/outbound communic
  18. There are numerous UAC bypasses that accomplish this: https://cqureacademy.com/cqure-labs/cqlabs-how-uac-bypass-methods-really-work-by-adrian-denkiewicz Additionally, there are methods to elevate to Admin or even System privileges from a standard user account.
  19. If this is in regards to Win 10 Home versions, RDP is disabled by default. It can be installed in the Home versions but a bit of work is needed to do so: https://www.thewindowsclub.com/how-to-use-windows-10-remote-desktop-in-windows-home-rdp . So if you are using a Win 10 Home version with default RDP settings, the answer is you don't have to worry about external network based RDP brute force attacks. However in your case, either you are using Win 10 Pro or manually installed RDP in Win 10 Home. Is this setting: Don’t Allow Remote Connections to this Computer bulletproof as
  20. Somehow I missed the first paragraph you posted. As such, you are correct they are basing their statistical analysis on VT results. On the other hand, I still believe the analysis has merit since high impact malware should be detected rather quickly by signature by AV solutions. Of course there are other factors involved such as frequency of the malware and its geographic dispersion which would influence submission frequency to VT. Also as you noted, not all security mechanisms are implemented for select products at VT and sandbox scan time is limited.
  21. I also would be satisfied if two features from EDTD Proactive Protection referenced here: https://help.eset.com/edtd/en-US/index.html?proactive_protection.html were included in the Home versions as optional settings in Cloud Protection. Neither of these would involve cloud scanning by Eset. The first setting would be Detection threshold. The second setting would be Proactive protection. Proactive protection would have the following options: 1. Suspend process execution. An alert window would be displayed showing process detail including file location. Tab options available
  22. No offense meant here but if you start obsessing over Win 10 event logs, you will most likely end up going bonkers. That event log and for that matter all Win event logs, have nothing to do with determining Eset operational status.
  23. Those are code integrity errors. If the entries are in regards to eamsi.dll, you can disregard them. Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5038
  24. "The other side of the protection coin" is if most home users need the responsiveness provided by EDTD. I would say the answer to that is no. Normal LiveGrid sandbox analysis times appear to be on par to those stated by Avast; a couple of hours. Again, the only thing Eset needs to do is block process execution until this determination is had. This does bring up the question of just how many "suspicious" detection's are being submitted to LiveGrid for analysis. Based on my Eset installation, the answer is very few. As such, providing EDTD capability w/o extra cost to the purchaser should n
  25. The PUA detection was for a JavaScript on a web site you accessed when using Chrome. One possible explanation for non-cleaning is the JavaScript actually resides on the web server hosting the web page. Eset obviously does not have access to that web server. If the alert was a one time occurrence, I wouldn't worry about. Just stay away from the web site that is the source of the alert.
  • Create New...