itman

Note: enter the 10.0.0.xxxx in place of the %ipaddress% parameter in the following: https://smallbusiness.chron.com/hostname-ip-address-47400.html

Another alternative to prevent uTorrent crud redirects is to use a good ad blocker in your browser. Below is a screen shot of uBlock Origin extension in FireFox blocking rudy.adsnative.com using one of its default filter lists.

Don't believe this is resident malware related. It is possibly uTorrent redirect activity. One great example why Eset classifies uTorrent as a PUA. Here's an older thread on like issue: https://forum.eset.com/topic/19652-constant-blocked-address-alerts/ . If you insist on using uTorrent, your best option is to add rudy.adsnative.com to Eset's Web Access Protection's List of blocked addresses. For better protection, enter the URL as "*.adsnative.com/*" less the quote marks. This will block everything related to adsnative.com. Your best overall solution is not to use uTorrent but one of the safe alternatives to it.

Then I would say Eset phishing protection is fully functional. As far as the AMTSO Desktop test site goes, they were hacked a while back and some tests, PUA and Cloudcar, aren't functional at all. As such, I would say Chrome's non-detection of the AMTSO phishing test would be related to this status and not directly related to any issues within Eset.

Looks like legit outbound traffic to me. Trying to monitor svchost.exe outbound traffic is pretty much an effort in futility. IP address, 23.203.62.19, is Akamai which is used extensively by Microsoft.

This is not possible in this situation. When the system boots, Windows is automatically going into auto repair mode. As such, one can't access the recovery environment menu to boot into safe mode. Try to boot from Win 8.1 DVD or USB drive if bootable media was previously created. You should be able to access the recovery environment from there. Refer to step 3). in this article on how to boot into safe mode via Win 8.1 recovery environment: https://www.digitalcitizen.life/5-ways-boot-safe-mode-windows-8-windows-81 Also make sure you make note of this from the article: As an alternative method, you can try the technique described in step 2). of the article. This interrupts the Auto Recovery process allowing you to get into safe mode.

You have to contact Google directly since that is whom you have the license subscription with. Only they can cancel this subscription.

Works fine for me with BPP module 1166 and FF 70.0.1 on Win 10:

Did you click on the link in the screenshot titled "Subscriptions in Google Play?" I believe that is where you need to cancel it from.

You also posted this issue over at bleepingcomputer.com malware help section. If anything materializes from that analysis, post back on the finding.

I am using FireFox on ver. 13.0.22 with zip issues. There is a bug in the latest Firefox release that is impacting some users: https://www.bleepingcomputer.com/news/software/mozilla-provides-workaround-for-firefox-70-not-loading-sites/

Do you have Eset installed on this network in any capacity? If not, you're in the wrong forum. You should be contacting Microsoft about this ransomware.

Forget rollback. Just switch back to regular updates if you prefer.

Switch to pre-release updates and see if that helps.

Does Eset detect the two real phishing links I posted?

A versus B articles are banned on a number of security web sites. There are good reasons for this as this linked article illustrates. To begin, this article is nothing more than a disguised marketing article for BitDefender. I went through all the BitDefender vs X comparisons and in every one, the final verdict was BitDefender. Obviously missing is a BitDefender vs Kaspersky comparison since Kaspersky would have won that one. The most glaring error in all the analysis is that only one AV lab test results were used as a determination basis. It so happens that Eset has traditional been a low scorer in the protection category in the AV-C real-time test series. That is if you consider the 98 - 99% range low scoring. In the other AV Lab test comparatives Eset participates in; Malware Research Group and SE Labs, it is a consistent top scorer both in protection and performance. Finally I agree also with the previous comments in regards to BitDefender performance. It has shown consistent performance issues for some time on a number of devices based on like negative comments by a number of users. Also in dedicated ransomware testing, BitDefender's protection has been shown to be lacking.

Eset is not alone in flagging of uTorrent: https://www.extremetech.com/computing/267410-microsoft-begins-flagging-utorrent-as-malware

Anything that accesses uTorrent.exe will trigger the PUA alert. In this instance, it was HitmanPro. At this point, the only was to stop the alert is to create a real-time exclusion for uTorrent.exe by file hash or Eset detection: https://help.eset.com/eis/13/en-US/idh_detection_exclusions.html

Check if uTorrent is running as a child process of RuntimeBroker.exe. I am starting to believe Augur is flagging the Google store version. -EDIT- Also make sure you run uTorrent.exe. Starting to believe Augur detection is only upon process startup.

I am starting to see a common denominator as far as these Augur detentions of uTorrent. That is uTorrent is running from the AppData\Roaming directory. @Marcos, check where uTorrent is running from on your installation. One possibility is Augur has been trained to apply more aggressive detection methods for anything running from the user's AppData directory. Makes sense to me since the user AppData directory is a favorite spot for malware to run from. Also a bit odd in this particular detection was that runtimebroker.exe was running uTorrent from the AppData\Roaming directory. That also might "have caught" Augur's attention. Of note in regards to runtimebroker: https://www.groovypost.com/howto/runtimebroker-exe-process-windows-8-running/ In other words, a Win 10 Store downloaded app.

@Marcos, here's the user manual for the test tool: https://dl.surfright.nl/Exploit Test Tool Manual.pdf . It's for ver. 1.6 of the tool. However aside from new tests added in later test tool versions, the operations involved in testing are the same. You can save me some work by seeing how Augur performs against these tests. Of course, Augur first has to allow the tool to run.

I was referring to neither. As previously stated, it is the test tool designed to test HitmanPro Alert although it can be used to test any security software. Here's a video by the developer of OSArmor using it to test his product: https://www.youtube.com/watch?v=2fUBOVbAHcE . Appears Sophos has discontinued the tool's download availability. I can't find it anymore on their web site. -EDIT- Found an older version of the tool here: https://www.softpedia.com/get/Security/Security-Related/Exploit-Test-Tool.shtml

Refer to @Marcos previous above reply.

This was answered by @Marcos in another thread. Eset does participate in AV-Test Commercial/Endpoint comparative testing: https://www.av-test.org/en/antivirus/business-windows-client/ . Since Eset Endpoint Internet Security is essentially the same as Eset Internet Security, they appear to have wanted to save a few bucks. If anything, EIS has more protection mechanisms than EES. -EDIT- Other AMTSO member AV labs where Eset is tested are: https://www.av-comparatives.org/ https://www.mrg-effitas.com/test-library/ https://selabs.uk/en/reports/consumers https://www.virusbulletin.com/testing/results/latest/vb100-antimalware

You should be able to excluded the app via file hash or detection name. Refer to this online help article: https://help.eset.com/eis/13/en-US/idh_detection_exclusions.html