Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. Go into each sub-section. For example, real-time protection. The "curved arrow" default setting option is there for it in Smart Security.
  2. It is not enabled for Eset browser adds-ons/plug-ins; at least for IE11. I am on ver. 10.1.210. Suspect same applies to Outlook. Will check other areas and report back if I find more. -EDIT- None of Eset program module .dlls i.e. em0xxx_64.dll are compiled with CFG. Granted they only exist in equi.exe I believe, but that is not a protected process like ekrn.exe. Additionally, none if Eset's drivers are complied with CFG.
  3. Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii
  4. It was better today; connected right away. Also ekrn.exe connections were less but numbered around 20. Why all the ekrn.exe connections? That is what is strange to me.
  5. I have been plagued with this issue for some time. Whenever I connect to the Eset forum the first time after a cold boot using IE11, the forum takes a long time to display its web page. Like 30 secs. or so. I took a screen shot using TCPView of what is going on. What are all these ekrn.exe connections to a Cloudfront server I assume is hosting Eset forum content about?
  6. How about adding a HIPS profile option? One thing that I dislike about the HIPS is it lacks features like Comodo's Defense+ where options like Windows Update and Trusted Installer modes are provided. One can easily switch to those modes when doing like activities thereby preventing existing user HIPS rules from interfering with these processes activities. It dawned on me that the same could be accomplished in Eset, I believe fairly easily, by allowing for like profiles for the HIPS to be created. A profile in its simplest form could be just to specify Eset default HIPS rules. The user could then just switch to this profile via HIPS GUI option prior to performing Win updating and then switch back to his existing HIPS rules profile upon completion of Win updating activities. Ideally, the HIPS profile option could be specified on the Eset desktop icon GUI selection options.
  7. In regards to the recent publicized Cybellum bypass of AV vendors self-protection mechanisms, I will state this won't be the last attempt by Next Gen AI startups to discredit the establishment AV vendors. What I suggest is Eset add a new detection category along the lines of the existing PUA/PUP detection. The category will be for potentially unwanted system utility applications i.e. PUS. This should cover all Windows system utilities that are not installed by default and not applicable to retail versions of Windows. This includes not only Application Verifier but apps like PsExec, etc.. I envision this as an optional GUI setting like the existing PUA setting is. Operation would also be identical in that if the system utility was detected by hash, an alert would be generated where the user could allow or deny its execution. If denied, the utility would be removed from the system. Since these system utilities might be employed in commercial environments, I see this option applying to retail versions of Eset only.
  8. No problem on my PC. You having problems with password entry on any other web sites?
  9. In IE11, there really are no direct settings to control font usage other than to permit font downloads which is enabled. However in Win 10, fontdrvhost.exe does run in AppContainer which might not be 100% compatible w/IE11 since again, there is no issue when using Edge.
  10. You don't. You can get a new license directly from Eset or any one of its authorized distributors.
  11. My comment in regards to Adguard is do you really want it intercepting and decrypting SSL traffic? Eset's SSL protocol scanning is already doing that and examining such traffic for malware. Adguard in the past has not properly performed SSL scanning as noted here: Different certificate, same key The first thing I did was to install Adguard two times in different VMs and look at the root certificate that got installed into the browser. The fingerprint of the certificates was different. However a closer look revealed something interesting: The RSA modulus was the same. It turned out that Adguard created a new root certificate with a changing serial number for every installation, but it didn't generate a new key. Therefore it is vulnerable to the same attacks as Superfish. I reported this issue to Adguard. Adguard has fixed this issue, however they still intercept HTTPS traffic. I learned that Adguard did not always use the same key, instead it chose one out of ten different keys based on the CPU. All ten keys could easily be extracted from a file called ProtocolFilters.dll that was shipped with Adguard. Older versions of Adguard only used one key shared amongst all installations. There also was a very outdated copy of the nss library. It suffers from various vulnerabilities, however it seems they are not exploitable. The library is not used for TLS connections, its only job is to install certificates into the Firefox root store. Ref.: https://blog.hboeck.de/archives/874-More-TLS-Man-in-the-Middle-failures-Adguard,-Privdog-again-and-ProtocolFilters.dll.html
  12. Please post a "sticky" in this forum and the NOD32 one that Eset's SSL Protocol scanning feature is not compatible with any other security software that does the same and list examples of such software e.g. Ad-Aware Web Filtering Adguard install version NetNanny etc.. The wording should state that either the software must be uninstalled or the HTTPS scanning option in the software disabled. Also add such verbage to Eset's help documentation. This will help in resolved issues with SSL protocol scanning in the Forums.
  13. Plus the pin and lock symbols are missing ..................... I just fired up Edge and all these "exotic" features are present. Perhaps these graphics have something to do with DCOM storage which I have set 0 btyes or saving encrypted web pages to disk which I have disabled in IE11? If someone can ID what method these graphics are using, I could explore what settings in IE11 affect those.
  14. I turned off ActiveX filtering and tracking protection for this site. Both of these were enabled previously in IE11 running on Win 10 home x64 1607. Still don't see the squiggle symbol you highlighted.
  15. Appears Fanboy's TPL is blocking the icon you are referring to? I don't see it.
  16. Add a #nn number to each posting so that it can be cross-referenced in replies. Ditto for adding an imbedded https: link in same that can be copied for cross-referencing.
  17. Yes, it just checked and now see that .png and .jpg files are allowed.
  18. Yes, it appears the allowed attached file list just changed recently. Without screen shot upload capability, it makes helping/commenting on the forums much more difficult. More so in my case since I don't use any of the web upload sites.
  19. I just tried to add a .png file to a NOD32 forum reply and noticed picture type file extensions e.g. .png, .jpg, etc. are no longer allowed?
  20. Probably by commenting out this reg key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3 I wouldn't recommended It.
  21. As far as scanning of encrypted browser communication goes, it is one of those "you're damned either way" situations. There have been well documented issues with security vendors methods of scanning SSL traffic. On the other hand with the recent introduction of concerns offering free root certificates with minimal security background checks on the requestor, the risk of web site malware has grown exponentially. So it is up to the end user to decide which is the greater risk and act appropriately. If your concerned about Eset's SSL scanning integrity, you can test it using the QUALS Client SSL test here: https://www.ssllabs.com/ssltest/viewMyClient.html . Note: first do this test with Eset SSL protocol scanning disabled and use the results as the browser baseline SSL capability. Then activate Eset's SSL protocol scanning, repeat the test, and compare the two results. Using IE11, I saw no differences with Eset's SSL protocol scanning enabled.
  22. This suggestion will save Eset some money. So hope that gets the Eset "powers to be" attention. Adding locked-down Internet banking protection was a welcomed addition. However, the approach taken to implementing it by Eset was misdirected. Looking though the recent forum activity, all I see is posts about banking protection not working right. The problem is that trying to implement and maintain this feature for all browsers is problematic and expensive to say the least. Chrome for example is in a constant state of revision. Ditto for the other browsers. What Eset should have done is follow Bitdefender's lead when they implemented the free version of SafePay. That is use an existing browser, Bitdefender used Chromium, and modify that browser for secure e-commerce purposes. When a person wanted to perform e-commerce activities, they would use this modified browser. Eset would then only have to maintain a single browser for any OS enhancements that would impact its functionality. It also goes without saying that this specialized browser could contain security enhancements that would be impossible to incorporate in a general purpose browser. Additionally since this Eset browser would be a standalone product but integrated with all currently supported Eset versions, it could be offered for download for such users.
  23. Probably the worst new feature added to ver. 9 is the Network Troubleshooting Wizard; namely the logging of blocked connection activity. I know the intent of the feature was well intentioned. However based on the number of postings in the Forum on normal and benign blocked activity, appears Eset has created a reporting mechanism totally unsuited for the average non-technical user.
  24. How about adding the ability to perform SSL certificate pinning validation without enabling SSL protocol scanning? Believe this would be easy to do by using the existing excluded SSL certificate processing. Allow the feature to be enabled when SSL protocol scanning feature is disabled. Users would manually select SSL certificates as done presently using the "excluded/pinned certificate" option. Eset would add an option for certificate pinning checking only. This option could only be enabled if SSL protocol scanning was disabled. When Eset detects the certificate pinning option enabled, it would know to perform the web site to root CA certificate thumbprint validation check only. This would enable Eset to provide EMET like certificate pinning protection w/o having SSL protocol scanned. That way users could still be protected against man-in-the-middle and phishing attacks on HTTPS web sites. Also this option should be added to ver. 8 and above.
  25. hxxp://www.eset.com/int/about/technology/#advanced-memory-scanner "Advanced Memory Scanner complements Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of malicious processes and scans them once they decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain when everything else fails." I assume you had something like Emsisoft's Behavior Blocker in mind when you made this request. Just wanted to mention the purpose of AMS and what it does. hxxp://static3.esetstatic.com/fileadmin/Images/INT/Docs/Other/ESET-Technology-Overview.pdf Edit: This PDF literally explains the ins and outs of the software itself and what happens behind the scene on the back-end systems. Every customer/user that is interested in this kind of geek information (it is very informative) should take time and read through the whole PDF. Sorry for the late reply. I have not been on the forum in a while. I didn't think I was going to get a reply to my post. Thank you for the .pdf manual. I will have to look more at AMS, but I don't think it is the same as something like Emsisoft's BB. Marcos said AMS only triggers a memory scan here. https://forum.eset.com/topic/5283-behavior-blocker/So the question is if it only triggers a memory scan then is it only looking for already blacklisted executables. The equivalent to Emsisoft's behavior blocker in Eset is advanced heuristics using DNA signatures with internal sandboxing. It is part of the Threat Sense real-time engine. As far as which is more effective, only testing with some previously unknown malware will determine that.
  • Create New...