Jump to content

itman

Most Valued Members
  • Content Count

    6,762
  • Joined

  • Last visited

  • Days Won

    178

Everything posted by itman

  1. I assume your device is using a Wi-Fi connection? If so, perform the following. Check if "random MAC address in Windows 10 for Wi-Fi adapter" is enabled per shown in this article: https://winaero.com/blog/enable-random-mac-address-in-windows-10-for-wi-fi-adapter/ . If so, this might be an explanation for Eset's new connection alerts. If this setting is enabled and you desire to use this MAC randomizing feature, I would change Eset's "Protection type of new networks" setting shown in an above posting to "Use Windows settings." Suspect this will stop the Eset new connection alerts.
  2. I believe this is a Microsoft "techno-babble" issue. These Win 10 non-security updates are classified in the Microsoft Update Catalog as Recommended updates versus Optional updates. However, Microsoft in its KB articles will note that they show under the Win 10 Update Settings section of Optional Updates. A true Optional update is Silverlight, etc..
  3. Per Robtex lookup: Obviously this is an Edge browser/update connection. It really is a mystery why this type of normal outbound Internet traffic is being picked up as a new network device connection. One possibility is your prior postings show port 445 and SMB protocol is being used when these new network device connections appear. Use of that port/protocol should be restricted to local network connections only. What is becoming evident is normal Win outbound communication that should be using HTTP/S ports 80/443 is instead using SMB over TCP port 445. Eset interprets this as a new network connection resulting in a like alert. Are you using a proxy server or anything that is filtering Internet traffic using port 445?
  4. Is 10.0.0.220 your router's IP address? That's what it looks like to me. Next, in regards to the MAC address of your router. I assume it is not 10-11-22-AB-CD-EF. It really appears that some type of MAC spoofing: https://en.wikipedia.org/wiki/MAC_spoofing is being performed against your router. This is what is triggered the Eset alert since as far as Eset is concerned, this is a new device to it. As the Wikipedia article notes: As such, it really is starting to look like you have a malicious driver installed. Additional possibilities are: The strong possibility is Win 10 is doing the above MAC address randomization and Eset is misidentifying this activity as a new network connection. BTW - this has nothing to do with Eset Home Connection Monitor per se. It's Eset Network Protection that is detecting a new network connection.
  5. If this is the alert: Click on "View device" to see device details about the new connection.
  6. Also refer to this Eset CHM Knowledgebase FAQ: https://support.eset.com/en/kb6268-eset-connected-home-monitor-faq . Browse to this section, What do the icons on the devices in Connected Home Monitor mean?. What icon is showing for this device?
  7. The first question is if Eset is showing a firewall alert when one of these connections is established? Try setting Eset new network detection to "Ask user" as shown below. Hopefully this might shed some light on the device being used.
  8. First at the end of the video, it appears real-time protection is still disabled. Next, there was no attempt to update to latest ver. 13 release. My best guess is that would have failed. The crack version did do a product update, but it only received the lastest ver. 12 release it appears.
  9. IP address 172.253.63.199 is Google: Pondering this a bit more, "my money is on" this is Bluetooth device connection. Eset HCM is detecting it whenever the device establishes a connection on your Wi-Fi router. When the device disconnects from your router, the connection disappears. The source device could be within your premises. Or if your Wi-Fi connection on the router is not properly secured, it can be any device within range of your Wi-Fi router such as your neighbors or a Wardriveby: https://en.wikipedia.org/wiki/Wardriving
  10. You can download the portable version of this: https://www.nirsoft.net/utils/wireless_network_watcher.html i.e. ZIP file download, and see if the COMSYS device shows.
  11. It also appears that the CIMSYS reference might be related to a driver for BlueTooth devices: https://escrutgers.com/cimsys-bluetooth-15/ In Windows, open Control Panel -> Hardware and Sound -> Devices and Printers and see if anything related to CIMSYS is shown. Likewise using Device Manager, look for unknown devices and what driver those devices are using.
  12. Assumed here is the CIMSYS reference is to some type of network hardware device that existed at some time. As noted here: https://macaddress.webwat.ch/vendor/CIMSYS_Inc , there was a driver for whatever this is. Note that the driver download link is no longer valid. This does not however imply that somehow the driver is currently being used maliciously. You might want to check your Windows driver directory for any recent driver; i.e. .sys, file creations and anything related to CIMSYS.
  13. Additional reference here: https://community.fing.com/discussion/2486/blocking-a-previously-blocked-device
  14. As far as this goes: Refer to this thread: https://forum.netgate.com/topic/152536/arp-00-11-22-ab-cd-ee-is-using-my-ip-address/2
  15. My best guess is this is related to Facebook tracking: https://www.henrirantanen.fi/2019/01/05/stop-facebook-tracking/ . Troublesome is the port 445 SMB2 protocol reference which could imply some type of worm use to harvest data from the entire network. The first step here is to see of port 445 is open on the router. Go here: https://www.grc.com/shieldsup and run the Common ports test. Report back on the status of port 445.
  16. Appears that your lack of fluency in the English language lead you to believe my reference was directed specifically to your country. It was not. It was a generic reference to if you frequent in web places where hackers reside, your presence does not go unnoticed. Remember that hacking including licensing cracking is done by criminal syndicates these days. They don't take it lightly if someone tries to expose their activities.
  17. As @Marcos posted, you have to contact the seller where you purchased your license from about this problem. Also you never mentioned to date if that license was purchased from an authorized Eset retail source. You also posted in another forum thread about how you have discovered a "perfect" Eset license crack. It may very well be that in your romp through "the land of crackers," you ticked off the wrong source and you are now paying the price for doing so.
  18. Appears ver, 13.2.16 is on all the off-load download sites. I'm still on ver. 13.2.15 using pre-release updates. Forcing updating doesn't download ver 13.2.16.
  19. I am on pre-release updating and still on 13.2.15. I suspect 13.2.16 is just a regional version of current release. 13.2.16 can be downloaded here: https://www.eset.com/int/home/internet-security/download/ . Version 13.2.16.0 Fixed: Bug that causes application freeze in limited scenarios However, Eset English language off-line download web site still shows 13.1.15: https://support.eset.com/en/kb2885-download-and-install-eset-offline-or-install-older-versions-of-eset-products
  20. Are you stating that every time you perform a license reset and upon entry of the new license key, that license key ends up being installed on devices other than your own?
  21. Eset IDS exceptions are created per work station as follows: https://support.eset.com/en/kb7052-create-ids-exclusions-on-client-workstations-in-your-eset-endpoint-product-6x For ESET Security Management Center, refer to this to create IDS exclusions for client workstations: https://support.eset.com/en/kb7054-create-ids-exclusions-for-client-workstations-in-eset-security-management-center-7x For Eset Remote Administrator, refer to this: https://support.eset.com/en/kb6624-create-ids-exclusions-in-eset-remote-administrator-6x
  22. To begin, Eset doesn't permanently delete files; it places them in Quarantine. They can always be restored from there after setting real-time scan exclusions for the files for whatever Eset detected. This is not recommended unless the files have also been verified by another malware scanning authority such as VirusTotal. Eset scans by default are set to "Remedy detection if safe, ask otherwise." Safe in this context means file removal would not adversely affect system operation. Refer to the below screen shot on how to modify default scan cleaning behavior:
  23. What is the untrusted cert. Eset is showing in the alert? What I am wondering is if Eset root CA certificate used for SSl/TLS protocol scanning has somehow expired on these endpoints.
×
×
  • Create New...