Jump to content

itman

Most Valued Members
  • Posts

    12,102
  • Joined

  • Last visited

  • Days Won

    319

Everything posted by itman

  1. I question the wisdom of the Trusted Publisher option. Certificates can be spoofed. Unless Eset is actually verifying the process is validly signed; note this could be for every process run with the same Pulisher in the case of Trusted Publisher only evaluation criteria, the option should be eliminated.
  2. Refer to the below screen shot. If you disable the highlighted setting in Eset Banking & Payment Protection settings, the green frame around the browser window plus the icon notification that Eset is operating in B&PP mode will not appear;
  3. Assuming ESSP Firewall Filtering mode is set to Automatic which is the default setting, the Win firewall is not your issue.
  4. The first alert states "The license will expire soon." Is this a trial license? The second alert states "Operating system updates available." As far as the limited cloud access warning goes;
  5. What is the second Eset notification for? I suspect one or more of your Eset protection mechanisms are disabled. Open the Eset GUI and verify no alerts are shown.
  6. FYI; https://pentestlab.blog/2017/11/06/hijacking-digital-signatures/
  7. I was referring to the multiple Deny rules you created. The Allow rule would be positioned above the wildcard Deny rule so that it would execute first.
  8. This has always been a problem with Eset firewall rules. It would be solved by allowing wildcard "*" specification in path specification as the HIPS currently does; e.g. W:\*\Python3.10.6\python.exe.
  9. One possibility is this hack method: https://attack.mitre.org/techniques/T1036/001/ . You will need to closely examine the signatures of the files that are generating these Eset detections.
  10. My own opinion here is Eset should commission SE Labs to perform ransomware testing as CloudStrike did: https://selabs.uk/reports/enterprise-advanced-security-ransomware-crowdstrike-2022-oct/ .
  11. Nvidia web helper is GeForce Experience which I purposely never allow to be installed whenever I update my nVidia graphics card drivers. I have never seen 127.0.0.1 used in conjunction with nvcontainer.exe. Suspect that has something to do with GeForce Experience running.
  12. If its ekrn.exe where the 127.0.0.1 connection shows, it is normal activity. Eset firewall proxy's network traffic using localhost. Also svchost.exe - IP Helper service uses 127.0.0.1. Finally, Firefox also uses 127.0.0.1 to proxy network traffic.
  13. Based on this posting; https://www.reddit.com/r/ProtonMail/comments/xsaspx/what_domainsip_addresses_used_by_proton_mail/ The issue is Eset SSL/TLS protocol scanning. Exclude the .exe associated with the Proton Mail Bridge app from SSL/TLS protocol scanning and see if that resolves the issue.
  14. Also as I suspected, CVE-2023-4863 affects Microsoft software including Windows itself; https://www.govcert.gov.hk/en/alerts_detail.php?id=1107 It is therefore imperative that Windows Sept. Cumulative update plus Office and 365 app updates be performed immediately.
  15. Add Opera to the list of affected browsers; https://blogs.opera.com/desktop/2023/09/opera-102-0-4880-51-stable-update/
  16. Also, this vulnerability just doesn't affect web browsers; https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
  17. You can use either "*" or "?" special characters: https://help.eset.com/essp/16.2/en-US/idh_config_epfw_scan_http_address_list.html . test??.com should do the trick.
  18. Bad assumption. Update your Chrome/Edge or Firefox browser to latest version which will apply the needed security patch.
  19. No. By default, the Eset firewall will block inbound UPnP; i.e. protcol UDP port 1900, on the network connection default Public profile. I assume IP address 192.168.1.1 is your router. Some routers enable UPnP traffic for connectivity checking purposes. It is also a potential security risk. You have two choices; 1. Disable UPnP via its Router GUI setting. 2. Unblock the UPnP traffic via Eset Network Wizard which will create a firewall rule to allow the network traffic. -EDIT- Prior to allowing this UPnP traffic through the Eset firewall, it is imperative you verify the router performs UPnP. If it doesn't, assume the router has been hacked and do not allow this traffic through the Eset firewall.
  20. I would say at this point that your router/gateway is screwed up. It is either malfunctioning or has been hacked. Perform a hard reset of the router/gateway and hopefully, that will straighten things out.
  21. I believe I know what happened but don't know why it occurred. It appears you, your ISP, or whomever configured you local network has set the default gateway IP address on your local network to fe80::1 which is unusual; https://blogs.infoblox.com/ipv6-coe/fe80-1-is-a-perfectly-valid-ipv6-default-gateway-address/ Additionally, fe80::1 works for IPv4 gateway assignment; https://www.reddit.com/r/ipv6/comments/ne7w8c/fe801_is_a_perfectly_valid_ipv6_default_gateway/ Something happened on your PC local network that caused the default gateway address to be set to 127.0.0.1 which is the IPv4 localhost default address which caused Eset to go bonkers. One possibility this is occurring is when Eset firewall processing set up your network connection, it had trouble identifying your network parameters such as assigned router IPv4/IPv6 gateway addresses and defaulted to using network adapter MAC address. This would explain the fe80::1 usage.
  22. Correct I mis-posted; https://www.av-comparatives.org/faq/ A long discussion of this topic in this thread: https://forum.eset.com/topic/12569-question-about-avc-real-world-test/ I do know AV-C tests always contain a few samples Eset misses. Also, Eset results are better on other AV lab tests: https://selabs.uk/reports/endpoint-security-eps-small-business-2023-q2/ https://www.mrg-effitas.com/wp-content/uploads/2023/08/MRG_Effitas_360_Q2_2023.pdf https://avlab.pl/en/recent-results/ Bottom line - you can't fully evaluate an AV product effectiveness based on one AV lab test.
  23. I also checked a few web sites using GZip in Firefox that Eset is perform SSL/TLS protocol scanning. They all show the Content-Encoding: gzip header. The mystery is why Content-Encoding-Over-Network: gzip header is being used on your web based app.
  24. Also, open a command prompt window. 1. Enter this command, nslookup journal.stikosa-aws.ac.id Take a screen shot of the output. 2. Enter this command, nslookup google.com Take a screen shot of the output. Post both screen shots.
×
×
  • Create New...