-
Posts
12,102 -
Joined
-
Last visited
-
Days Won
319
Everything posted by itman
-
-
Interactive firewall mode poll
itman replied to Marcos's topic in ESET Internet Security & ESET Smart Security Premium
I question the wisdom of the Trusted Publisher option. Certificates can be spoofed. Unless Eset is actually verifying the process is validly signed; note this could be for every process run with the same Pulisher in the case of Trusted Publisher only evaluation criteria, the option should be eliminated. -
Proxy GUI error
itman replied to tman555's topic in ESET Internet Security & ESET Smart Security Premium
Assuming ESSP Firewall Filtering mode is set to Automatic which is the default setting, the Win firewall is not your issue. -
Proxy GUI error
itman replied to tman555's topic in ESET Internet Security & ESET Smart Security Premium
The first alert states "The license will expire soon." Is this a trial license? The second alert states "Operating system updates available." As far as the limited cloud access warning goes; -
Proxy GUI error
itman replied to tman555's topic in ESET Internet Security & ESET Smart Security Premium
What is the second Eset notification for? I suspect one or more of your Eset protection mechanisms are disabled. Open the Eset GUI and verify no alerts are shown. -
Invalid signature when detection was triggered
itman replied to Quizzical9796's topic in Malware Finding and Cleaning
FYI; https://pentestlab.blog/2017/11/06/hijacking-digital-signatures/ -
Invalid signature when detection was triggered
itman replied to Quizzical9796's topic in Malware Finding and Cleaning
One possibility is this hack method: https://attack.mitre.org/techniques/T1036/001/ . You will need to closely examine the signatures of the files that are generating these Eset detections. -
No. By default, the Eset firewall will block inbound UPnP; i.e. protcol UDP port 1900, on the network connection default Public profile. I assume IP address 192.168.1.1 is your router. Some routers enable UPnP traffic for connectivity checking purposes. It is also a potential security risk. You have two choices; 1. Disable UPnP via its Router GUI setting. 2. Unblock the UPnP traffic via Eset Network Wizard which will create a firewall rule to allow the network traffic. -EDIT- Prior to allowing this UPnP traffic through the Eset firewall, it is imperative you verify the router performs UPnP. If it doesn't, assume the router has been hacked and do not allow this traffic through the Eset firewall.
-
I would say at this point that your router/gateway is screwed up. It is either malfunctioning or has been hacked. Perform a hard reset of the router/gateway and hopefully, that will straighten things out.
-
I believe I know what happened but don't know why it occurred. It appears you, your ISP, or whomever configured you local network has set the default gateway IP address on your local network to fe80::1 which is unusual; https://blogs.infoblox.com/ipv6-coe/fe80-1-is-a-perfectly-valid-ipv6-default-gateway-address/ Additionally, fe80::1 works for IPv4 gateway assignment; https://www.reddit.com/r/ipv6/comments/ne7w8c/fe801_is_a_perfectly_valid_ipv6_default_gateway/ Something happened on your PC local network that caused the default gateway address to be set to 127.0.0.1 which is the IPv4 localhost default address which caused Eset to go bonkers. One possibility this is occurring is when Eset firewall processing set up your network connection, it had trouble identifying your network parameters such as assigned router IPv4/IPv6 gateway addresses and defaulted to using network adapter MAC address. This would explain the fe80::1 usage.
-
Correct I mis-posted; https://www.av-comparatives.org/faq/ A long discussion of this topic in this thread: https://forum.eset.com/topic/12569-question-about-avc-real-world-test/ I do know AV-C tests always contain a few samples Eset misses. Also, Eset results are better on other AV lab tests: https://selabs.uk/reports/endpoint-security-eps-small-business-2023-q2/ https://www.mrg-effitas.com/wp-content/uploads/2023/08/MRG_Effitas_360_Q2_2023.pdf https://avlab.pl/en/recent-results/ Bottom line - you can't fully evaluate an AV product effectiveness based on one AV lab test.
-
Also, open a command prompt window. 1. Enter this command, nslookup journal.stikosa-aws.ac.id Take a screen shot of the output. 2. Enter this command, nslookup google.com Take a screen shot of the output. Post both screen shots.