Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. Did you verify that the Regular Automatic Update task in the scheduler is running every hour?
  2. OP never explicitly stated he had Eset installed. I suspect that he was just looking for the tool. If Eset was installled, an on-demand scan should have been able to detect WMI malware since it now scans WMI entries.
  3. Restoring a file from Eset Quarantine does not require a password. Are you stating that Eset GUI settings are password protected? Ref.: https://support.eset.com/en/kb3195-restore-a-quarantined-file-in-eset-windows-home-products
  4. MSBuild.exe can be used maliciously: https://attack.mitre.org/techniques/T1127/001/ . If you are deploying PlugX within the app, this might be what is triggering the Eset detection.
  5. Based on what is shown in this article: https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/hotspot-netsh-wlan-start-hostednetwork/9ebe358b-b28f-4a2d-b06a-c6333782aadd , you have to manually set this connection to shared status. Did you do this? Also of note from this article:
  6. This first thing to check is if Eset updates are failing for some reason. Check Eset's Event log for any like entries in this regard. The next thing to check is Eset's scheduled update setting. Open Eset GUI. Then Select Tools -> More Tools -> Scheduler. Verify that the Update task for Regular Automatic Update is enabled and its frequency is set to the default internal of 1 hour per the below screen shot. Also take note of current Next Run and Last Run values. These will show if Eset's signature updating is indeed running as currently scheduled. Note: I have modified my f
  7. Did you also disable SSL/TLS protocol scanning - see below screen shot - as @Marcos requested?
  8. Most likely something to do with the Win firewall rules the product creates at installation time.
  9. I would contact ThompsonReuters tech support. They might be able to shed some light on where the issue might be with Eset NOD32. It isn't network related since NOD32 does not have a firewall.
  10. I also don't understand the issue here. I assume you're stating that that app has a 10 sec. delay upon opening. Is that a problem? Unlike a browser that is opened many times per day, I assume an app like this is opened just a few times per day; e.g. user logon time.
  11. I agree. Best Buy and MicroCenter also sell the same version here in the U.S.. One possibility is that they changed the installer to enable Gamer mode in real-time protection. The default setting is paused.
  12. You can disable the Eset firewall as shown in the below screen shot. Disable time options are shown including permanent disabling - not recommended:
  13. It appears most of your malware submissions are originating from cracked software? No one should be using cracked software these days. They have become the favorite vehicle to deliver ransomware. Also much of this software uses trusted installers which run at system privilege level making it difficult for anti-virus software to detect the malware. Personally, I wish Eset would flag all cracked software as PUA at the minimum detection level.
  14. At far as VT detections go, note the following which has been mentioned multiple times in this forum. Most AV products installed there do not have all their protection mechanisms enabled. Overall, VT is primarily employing static detection methods in the products used; i.e. signature detection. Therefore just because a given product doesn't detect a malware sample at VT, does not imply the product won't detect when installed on a device.
  15. One thing I am puzzled about is that Eset with default settings is supposed to warn and not block certificates with trust issues which is not happening:
  16. Firefox most certainly does: https://support.mozilla.org/en-US/kb/secure-website-certificate . I would assume the same for Chrome and Edge. This article gets into more detail: https://www.ssl.com/article/how-do-browsers-handle-revoked-ssl-tls-certificates/ . Their test in regards to RSA DV certs. yielded the following: As long as FireFox has OCSP enabled which is the default for certificate checking, it will detect a revoked intermediate cert.. Chrome doesn't detect because of bugs it appears: Edge will detect as long as its default settings haven't been modified:
  17. Did you do as @Marcosinstructed here: https://forum.eset.com/topic/27115-eset-140-dont-allow-software-download-from-microsoft-store-9x8007dd0a-urgent/?do=findComment&comment=127990 ?
  18. On a PC having connection issues, scroll down to this section, "3. Disable Automatically Detect Settings," in this article: https://www.techbout.com/err-tunnel-connection-failed-error-in-chrome-39692/ and do what is recommended. See if this resolves the issue.
  19. What Eset account are you referring to? The eStore account you set up when you purchased your license from the Eset Germany web site?
  20. Something is not right here in regards to this certificate status. I went to the GlobalSign web site here: https://support.globalsign.com/ca-certificates/intermediate-certificates/domainssl-intermediate-certificates , and downloaded this cert.. I really don't believe GlobalSign would still list a revoked cert. on their web site. Further confirmed by viewing the cert. itself: Additionally note that the thumbprint of this cert. does not match that of that shown by the independent scan of the URL by SSLLabs: It appears to me that this URL, https://intranet.agricom
  21. I will also note that this URL, https://www.agricom.cl/ , is OK. Appears to me that access is being attempted to an intranet domain of above via the Internet?
  22. Since there have been past complaints about Eset blocking IOBit web sites and software to boot, note the following also from the bleepingcomputer.com article. Obviously, the attacker used this vulnerability to exploit the IOBit web site.
  • Create New...