Jump to content

itman

Most Valued Members
  • Posts

    12,102
  • Joined

  • Last visited

  • Days Won

    319

Everything posted by itman

  1. I would start by ensuring all ports on the WAN site of the router are closed and preferably in stealth status. Stealth status means the ports are "invisible" to anyone doing external port scanning against your router. Next, I would check out if you have a device on your internal network for some reason trying to access this device in an unstateful manner. The Eset firewall is stateful. It will only allow inbound TCP packets that are associated with a prior outbound transmission.
  2. Also, check out this forum dedicated to ransomware detection and resolution: https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/
  3. Make sure your server OS has all security updates applied. Of note is Bluekeep worm patches and these just announced like worm vulnerabilities: https://forum.eset.com/topic/20484-patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-11811182/
  4. I solved the problem by simply not having any scheduled scans. Personally, I believe many using Eset are "scan crazy." Since Eset's real-time protection scans files upon creation and again at execution time, additional off-line scanning really is not necessary. For those that insist on daily scanning of all drives, a good alternative is to use the "Idle time" scan option. This will result in files being continuously scanned when the device is in an idle state.
  5. https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
  6. A very strong warning here. I just performed a detail scan of this web site using Quttera. It found a whopping 19 malware instances; all Javascript based: https://quttera.com/detailed_report/watchdoctorwhoonline.com
  7. Forgot about that one. It's a new option added in ver. 12.2.23 I beleive.
  8. The site is using a Cloudflare; i.e. DNS provider, root cert. with dozens of named urls on it. See no way that Eset will be able to exclude this site.
  9. Then it appears you are out of luck. Do not permanently exclude those two IP addresses since it will expose you to malware risks from multiple web sites.
  10. Do the following at your own peril. If you later get infected, do not expect forum help. 1. In the Eset GUI, select Advanced Setup. 2. Under Web and Email -> Protocol Filtering -> Excluded IP Addresses, add these two IP addresses; 52.2.15.20 and 54.165.76.66. Save your changes. At this point, you should be able to connect to the web site. Connect to the web site. If you cannot connect to the web site, delete the prior added IP addresses and do not perform the following steps. 3. In the Eset GUI, select Advanced Setup. Under Web and Email -> Protocol Filtering -> SSL/TLS -> List of known certificates, click on Edit. 4. Click on the Add tab. 5. In the Add certificate screen, click on the URL tab. At this point the web site certificate data should populate Certificate name, issuer, and subject fields. 6. Change Scan action selection to Ignore. Click on OK tab on that and any subsequent displayed screen to save your changes. Extremely important. Repeat steps 1. and 2. and delete the prior two IP addressed added. Verify again that the IP addresses have been deleted. This must be done since these IP addresses relate to Amazon servers hosting multiple domain names.
  11. Yes if they were not previously blocked by an ad blocker. In this instance, Eset's SSL/TLS scanning detected the malicious ad prior to the web page being rendered in the browser. Hence, the use of any ad blocking being N/A since that occurs during the web browser page rendering processing. If you exclude the URL from Eset's Web Access protection by adding it to the Allowed list, you are in essence playing a malware game of "Russian roulette" and hoping that any malicious web page content will be detected by your ad blocking software.
  12. UblockO is great for ad and like blocking. Just note that it won't prevent you from getting infected by other JavaScript and like malware from sources not detected by UblockO.
  13. I knew that. I was referring to the other modules.
  14. Looks like everything is updating fine. My concern was the lack of a separate module update entry in the event log. Looks like Eset is now instead pushing non-def. and anti-spam module updates as part of the normal periodic def. updating.
  15. Nothing is found. Also see my above edited comment.
  16. I have had ver. 12.2.23 installed for almost a month. Just realized and verified via event log that I have not had one module update download. Has something changed in this regard? -EDIT- I have had module updates however. Appears Eset now pushing these in the definiiton update downloads? Also these module updates appear to be pre-release vers.; i.e. .x suffixed, although I don't have pre-release updates enabled.
  17. A penetration testing concern tested Windows Defender controlled folders for bypass capability last year: https://www.nyotron.com/wp-content/uploads/2018/04/Nyotron-Windows10-Report-April-2018.pdf . To dispel a few myths, WD controlled folders held its own against common code injection techniques against its default allowed processes, Such was not the case for any user created whitelisted processes. However and pointed out in the article, most users would probably not create any. Such was not the case however in regards to advanced code injection techniques such as APC based code injection, WMI based, and Word Macro based. The question is how Eset's HIPS mitigated protected folders would fare against the same. Then there is the case of malware based privileged escalation techniques. Well if employed and directed against WD controlled folders, assume all your files will be encrypted. Since this article was written prior to Win 10 1903 WD tamper protection feature, maybe the article noted system modifications would not be possible. I certainly hope so for users relying on WD controlled folders protection.
  18. It's possible it somehow got uninstalled due to the Win 10 reset. Try to reinstall it using this as a guide: https://support.eset.com/kb6209/#PasswordManager
  19. Based on this analysis: https://www.hybrid-analysis.com/sample/8ef1f20c814e4f1295cd95bdda8fd01004950ffb5d901dc9a5d52b1746899f48?environmentId=100 , it is possible you might have a compromised YouTubeDownloaderSetup.exe installer.
  20. The simplest solution for this assuming you're not using a proxy connection is to do what U.S.-CERT recommends: https://www.us-cert.gov/ncas/alerts/TA16-144A In Win 10, turn off all proxy settings as shown in the below screen shot: As far as browsers go, almost all are set by default to use OS proxy settings.
  21. Are you stating that when using Chrome and accessing different bank web sites, some will open the protected Eset B&PP browser screen and some do not?
  22. Not exactly. You will only see this wording, "connection verified by a certificate issuer that is not recognized by Mozilla," if you click on the lock symbol in Firefox. This same wording will appear for every HTTPS web site you connect to unless it is internal excluded from Eset's SSL/TLS protocol scanning or has been manually excluded. Again refer to this previously posted link: https://www.msoutlook.info/question/613 Specifically this: Also this: The problem here has nothing to do with Eset's certificate or the use of it. There appears to be an issue with the certificate the e-mail provider server is using. You need to contact your e-mail provider about this issue. Specifically, you need to find the name of the new URL for the e-mail server they are using and enter that into Outlook. Everything on their web site is in German which I don't understand. It appears you are using a client e-mail URL that references a prior used server and are being redirected to the current server/s the e-mail provider is using.
  23. Excluding port 8009 as suggested will for all practical purposes have negligible effect security-wise.
×
×
  • Create New...