Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. Perhaps the confusion is the startup scans are set to run ASAP if missed? I agree that I never recollect that that normal update scans were ever set to run ASAP. Doing so could actually cause multiple like scans to be running at the same time in certain circumstances.
  2. Exactly. The first thing recommended in the MalwareBytes article was to reset syncing. This was also recommended in a linked MalwareBytes article noted in the original article. They even show you how to do so for Chrome in the linked article. Their recommendation is to set push notifications minimally to the "Ask" level. Or alternatively, to the "Block" level - your choice.
  3. Check out this posting: https://forums.malwarebytes.com/topic/255048-acescript-chrome-extension-showing-up/
  4. No. Windows Setting options become effective when the setting is either enabled or disabled. At this point, I would recommend you export your Eset settings if you made any custom changes. Then uninstall Eset. Reboot and reinstall Eset. Import your Eset settings if you previously exported them. You can also try an Eset repair which is an option presented when the uninstaller runs to see if this fixes the issue. If it doesn't, then proceed with the full uninstall/reinstall of Eset.
  5. Appears to me that the laptop that you don't have NOD32 installed on is the one where you perform your riskiest Internet activity on. For that device, I would recommend you install an Eset product on; preferably Internet or Smart Security. For maximum protection, I would recommend Internet or Smart Security be installed on all your laptop devices.
  6. If you are using Eset's Home or office network protection mode, all your local network devices are Trusted. As such, there really is no reason to disable SSDP service since Eset will allow all that type network traffic.
  7. Use of a VPN is about privacy not security; although many make like claims. Also, care should be taken in choosing a VPN provider as there have been security issues with some. The primary reason a VPN is recommended for security reasons is when remote device access is required and as an alternative to Win RDP use.
  8. If you are using Eset's firewall Public network protection, the only trusted device on your network is the device where Eset is installed on. Eset;s default firewall rules for inbound SSDP traffic; i.e. UDP protocol port 1900, only allow this traffic for trusted network devices. To stop this blocking activity from occurring, there are the following options: 1. Switch Eset network protection mode for your network to "Home or office network." 2. Disable the Win SSDP service. This is the option I employ since I use Eset's Public network protection. 3. Disable UDP on your route
  9. I forgot about a legit reason for Eset removing ransomware note files - fake ransomware: https://threatsketch.com/six-ways-spot-ransomware-demand/ .
  10. Interesting. The issue I see here and of question is why your Visual Studio projects are being stored in C:\Users\Jerry\Documents? That is certainly not a place where executable's; note a .dll is an executable, should be stored. Note that MSBuild.exe is one of the trusted Win processes abused by hackers. For more details on how this is being done, read this article: https://www.hackingarticles.in/bypass-application-whitelisting-using-msbuild-exe-multiple-methods/ . It seems more than reasonable to me that Eset would detect a .dll created by MSBuild.exe being dropped to the Documents
  11. Open Eset GUI. Select Tools -> More Tools -> Log Files -> Detections. In that log should be an entry related to this MSBuild.exe file access detection. Right mouse click on the entry and select "Copy." The paste it into your next forum reply.
  12. I need you to copy the Detection log entry; not the entire log, and post it into a forum reply. Only Eset moderators can read forum attachments.
  13. One possibility is that since you have forced the Eset command line interface to start at boot time via posting it to the desktop taskbar, this is overriding the Win 10 Startup setting. Right mouse click on pinned Eset icon on the desktop taskbar and select "Unpin from taskbar." Now repeat enabling the Eset command line interface setting in Win 10 Startup section and verify if it stays enabled. If so, reboot and verify that Eset icon now appears on the desktop toolbar as it should,
  14. Also, post the Eset Detection log entry for this for review.
  15. It's not unusual for security products to use the presence of a ransomware note as one criteria in their ransomware behavior evaluation. Therefore, just the presence of a note would be enough to trigger their anti-ransomware detection processing. Appears in Eset's case, the presence of a note is enough to capture it, upload it for analysis, and then delete it. My concern here is what happens if Eset missed the ransomware, your files are encrypted, and it later detects the ransomware note? Appears the recovery procedure is create a real-time exclusion for the note detection and then remove
  16. There are a lot of things wrong with this e-mail. First, it "appears" to be a purchase for ESET Mobile Security for Android. As you stated, you did not purchase anything from Eset. Next, the license is only for 30 days which interestingly is the same period as Eset's trial period. Next is the footnote text of the e-mail referencing you as a business customer with multiple links shown for Eset business products downloads. However, ESET Mobile Security is an Eset Home version product. Finally and most potentially dangerous is the attached .zip file. As far as I am aware of, Eset w
  17. It is on my EIS 13.2.18 build along with System and everything else running on PC it appears:
  18. A workaround to this issue is to open the Amex web site in normal browser mode. How to do this is to open the Eset GUI and select Advanced setup. Then perform what is shown in the below screen shot. After the change, mouse click on the OK tab and any subsequent shown one to save you change. Note: If you still can't complete your transaction in normal browser mode, the issue is indeed with your browser and not Eset B&PP.
  19. Amex uses something called SafeKey to push what appears to be a secured browser window to enter the 2FA previously sent code. Eset B&PP might not "play nice" with this feature if the OP has it enabled: My bank also uses 2FA but the code entry field already exists on the logon screen.
  20. If you're referring to the frame.io web site, see the below screen shot. Eset doesn't block the site. On the other hand uBlock Origin had 20 detections on the logon web page alone. Might be why Eset allowed the site on my Eset installation.
  21. I would ask conjars.org why this code exists in their provided Maven pom.xml file. It is possible they are not even aware of it.
  22. Given the update issues you have had, it might be advisable to create a backup of network settings on the client devices you are supporting. This can be done via Admin level command prompt: netsh -c interface dump > C:\NetworkSettings.txt If a future Eset update borks the network settings, they can be restored via: netsh -f C:\NetworkSettings.txt
  23. Here's a complete article on Eset's RDP bruteforce blocking; https://www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/ Of note in this article is the non-Eset based installation best practices that also need to be implemented.
  24. This is exactly what I meant. Glad to see a clean install of ver. 13.2.18 is running w/o issue.
  25. This is a script to generate ad based popups. It is also designed to evade ad blockers such as AdBlock. Appears to me Eset just blocked the script on the web page and there was nothing really to clean. It is also possible the script is designed to prevent capture by security solutions and just deleted itself from the web page when captured. If this occurred on some random web site and is not recurring, I wouldn't worry further about it. There are extension/add-on versions of this script which is a more serious matter.
  • Create New...