-
Posts
12,335 -
Joined
-
Last visited
-
Days Won
327
Everything posted by itman
-
Game Hosting
itman replied to rauskijr's topic in ESET Internet Security & ESET Smart Security Premium
Have you properly configured your router? Standard procedure for game use is a port has to be opened on the WAN side of the router to allow access to your server. This is commonly referred to as a "pinhole." Many routers have preset settings for commonly used games that can be deployed. Check with the game manufacturer. Many have guidelines on how to configure the router for its game use. Note also that opening of any port on the router border edge is considered a security vulnerability. -
installation failed this may be a result of malware activity
itman replied to Alberto Poggi's topic in ESET NOD32 Antivirus
Make sure all Win updates have been applied. In particular: -
User Interface will not display
itman replied to ivan.perez's topic in ESET PROTECT On-prem (Remote Management)
Refer to the screen shot you posted. A Start Mode of Minimal will only allow notifications to be displayed. Appears the Manual setting is what you desire: https://download.eset.com/com/eset/apps/business/ees/windows/latest/eset_ees_7_userguide_enu.pdf -
Network Wizard Aggravation
itman replied to itman's topic in ESET Internet Security & ESET Smart Security Premium
A few other details on what the specific issue is in regards to Eset issues with UPnP. To begin, I use the Public profile. There are no issues with UPnP when I cold boot or restart the PC. No Network Wizard detections about blocked UPnP traffic. Since the Public profile is in use, Eset appears to silently block any incoming UPnP or something on this order. The issues with UPnP manifest when return from Win 10 sleep mode occurs. The Eset firewall goes spastic at this point is the best way to describe it. I get constant incoming UPnP blocks from the other Ethernet devices on my network. I don't know if the issue is Win 10 or Eset. In any case, the firewall should have the capability to follow users block rules w/o constant Network Wizard recording of this blocked activity. -
Network Wizard Aggravation
itman replied to itman's topic in ESET Internet Security & ESET Smart Security Premium
Sorry but I don't buy this. The user should always have absolute control. Is there anyway to disable Network Wizard? -
To begin, I like that the Network Wizard alerts of blocked activity. What I do not like is when I create a specific firewall rule to block that activity and the Network Wizard keeps alerting me of the same blocked activity. My opinion is if a user rule exists to block something that rule should override any Network Wizard detection of the same activity. For example if I create a rule to block inbound port 1900 UPnP activity after Network Wizard initial detection, I should not have the Network Wizard recording that this blocked rule has been triggered. It is my understanding that the Network Wizard only triggers when no existing firewall rule exists? -EDIT- Maybe this is the problem. I changed a previous Network Wizard allow created rule from block status. Is it possible the Network Wizard knows what rules it has created and will always monitor those regardless of block/allow status?
-
I have had constant issues with Eset blocking UPnP traffic from other Ethernet connected devices on my network when using the Public profile on the device where Eset is installed. Only solution I have found is to disable the Win SSDP service.
-
Install in windows 7 ultimate 64bit
itman replied to Lakshi's topic in ESET Internet Security & ESET Smart Security Premium
Way back in 2017 it was shown to be unsafe: https://www.pcworld.com/article/3173791/stop-using-sha1-it-s-now-completely-unsafe.html It was officially deprecated as an Internet encryption standard last May: https://tools.ietf.org/id/draft-lvelvindron-tls-md5-sha1-deprecate-01.html -
A message from malware writers to ESET found in Emotet
itman replied to Marcos's topic in Malware Finding and Cleaning
Actually these use a Windows "living of the land" trusted executable to perform hidden privilege escalation. This ransomware variant to date has been delivered via e-mail archived attachment. So macro use is a definite possibility. As far as I am concerned, anyone that has not by now permanently disabled Office macros deserves to get nailed by malware. -
ESET never ending scan loop
itman replied to Dodfr's topic in ESET Internet Security & ESET Smart Security Premium
One possibility is that Eset's default scans are not running as they should be. As shown by the below Scheduler screen shot, these scans should only run for a very short duration: -
ESET never ending scan loop
itman replied to Dodfr's topic in ESET Internet Security & ESET Smart Security Premium
Ekrn.exe is constantly running. Also high ekrn.exe CPU usage does not mean absolutely that this usage is scan related. -
A message from malware writers to ESET found in Emotet
itman replied to Marcos's topic in Malware Finding and Cleaning
Note that to drop an .exe to C:\ in Win 10, you need full admin privileges. So either a UAC bypass was deployed or user is tricked into manually elevating. -
A message from malware writers to ESET found in Emotet
itman replied to Marcos's topic in Malware Finding and Cleaning
It's definitely ransomware. -
A message from malware writers to ESET found in Emotet
itman replied to Marcos's topic in Malware Finding and Cleaning
Looks like someone is trying to impersonate equi.exe. Detailed analysis here: https://www.hybrid-analysis.com/sample/5d178be58d8588c9b7460343f6c8a6fa8d0fd554df6450ab0beec905052371a0?environmentId=100 Interesting that Eset doesn't detect it. -
ESET never ending scan loop
itman replied to Dodfr's topic in ESET Internet Security & ESET Smart Security Premium
If Eset is running a scan of any type, you will see the Eset desktop icon animated. If you hover your mouse pointer over the icon, it will show a popup of what scan is running. If the Eset desktop icon is not animated, the ekrn.exe activity you are observing is not related to scan activity. -
A message from malware writers to ESET found in Emotet
itman replied to Marcos's topic in Malware Finding and Cleaning
The malware code comment can be interpreted two ways. The first is as commented upon in this thread. That is the malware author has issues with bypassing Eset's protections. The second interpretation is the opposite. The malware author has no issues bypassing Eset. Without clarification from the malware author, it is impossible to determine what he meant by the code comment. -
ESET never ending scan loop
itman replied to Dodfr's topic in ESET Internet Security & ESET Smart Security Premium
The only thing I can think of is Smart Optimization has been disabled under real-time scanning options. Refer to the below screen shot and verify that it is check marked; i.e. enabled. This setting causes Eset to bypass process startup and file scanning of processes/files previously scanned and deemed safe. -
Cleaning behavior is odd
itman replied to AMbit's topic in ESET Internet Security & ESET Smart Security Premium
To begin, you originally posted: We assume you are referring to a manually created scheduled scan. There is no option there to control cleaning other the option not clean per the above posted screen shot. A manual scan initialed via the Eset GUI "Computer Scan" option likewise has no options. What I believe you are referring to is the "Malware scans" settings accessed via Advanced Settings option. Those configuration options only apply to the scans specifically referenced in that section as far as cleaning option is concerned. Again as posted in the above screen shot, you must specifically state the No cleaning option for scheduled or on demand scanning. -
Cleaning behavior is odd
itman replied to AMbit's topic in ESET Internet Security & ESET Smart Security Premium
No. The ThreatSense settings apply to real-time scan behavior. Do as @Marcos posted previously and you will have no cleaning issues with your manually created scheduled scan. -
I will also add that there is a locked screen RDP bypass vulnerability affecting Win 10 1803+ versions plus Server 2019 that has never been patched as far as I am aware of. You can read what this vulnerability is and recommended mitigations for it here: https://www.kb.cert.org/vuls/id/576688/
-
This recent article related to this specific STOP ransomware variant might be informative: https://malwaretips.com/blogs/remove-mbed/ Of note:
-
You might also want to read this thread on how STOP ransomware is distributed: https://forum.eset.com/topic/20926-for-individual-users-this-is-one-ransomware-you-should-pay-attention-to/?tab=comments#comment-101795