itman
-
Posts
12,157 -
Joined
-
Last visited
-
Days Won
319
Posts posted by itman
-
-
13 hours ago, Ahmeduchiha said:
ESET can't block the website and it does not show ESET SSL certificate.
No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false.
Did you disable Eset's SSL/TLS protocol scanning?
-
Since you are persistent in your desired use of this app, the only solution I know of is to disable Eset Browser Privacy & Security feature since it is what is alerting about this .dll.
Browser Privacy & Security is not an essential security protection. Its primary purpose is to examine browser search results and warn via icon notification about a suspect web site. As far as I am aware of, there is no way to create exceptions to Browser Privacy & Security.
-
16 minutes ago, Ahmeduchiha said:
Adguard can overwhelm ESET and bypass it's protection
Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?
-
1 hour ago, ecovalence said:
There is no "Submit sample for analysis" option in Tools.
-
1 hour ago, Ahmeduchiha said:
I don't know if use Wintun is the same as WFP or it's different filtering approach.
Turn on WinTun option. Reboot PC. Retest at AMTSO Phishing test site.
Ref: https://adguard-vpn.com/en/blog/adguard-vpn-v2-2-for-mac-and-windows.html .
Note that AdGuard documentation does not specifically state that WFP use is disabled when WinTun driver is used. But, the implication is the tunnel driver is bypassing WFP use.
-
Again ......
QuoteBy default AdGuard VPN uses the regular WFP driver
https://adguard-vpn.com/kb/adguard-vpn-for-windows/overview/
Eset also uses Windows Filtering Platform and this is where the conflict exists.
Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.
-
Quote
Mspydll.dll is able to manipulate other programs, monitor applications and record keyboard and mouse inputs. Therefore the technical security rating is 62% dangerous.
https://www.file.net/process/mspydll.dll.html
Since Eset's Browser Privacy & Security feature is alerting about this .dll, I assume its attempting to perform one or more of the above activities against your browser.
-
It might be related to the QUIC issue affecting browsers as posted in recent forum threads.
Disable this setting;
QuoteFilter HTTP/3
If this option is enabled, AdGuard will filter requests sent over HTTP/3 in addition to other request types.
https://adguard.com/kb/adguard-for-windows/solving-problems/low-level-settings/#filter-http3
and see if this resolves the issue.
Another known Adguard incompatibility with ESET is Adguard's default use of Windows Filtering Platform. It needs to be disabled as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ .
-
32 minutes ago, AlfredoBenni said:
Please check these two images. I have the distinct impression that malware is lurking in here. I recently suffered an attempted attack by Chinese hackers who attempted to reset the password on the site and then left comments on these images. Very strange!
Web page looks OK to me;
-
6 minutes ago, COStark26 said:
.I'm looking at my AT&T Uverse Gateway
Ahh .............. You poor soul! That is also my ISP.
First, you can't change any DNS server info on AT&T gateways/routers. They have locked the settings from modification.
Do as I did. Remove any third party DNS server settings from your IPv4/IPv6 connections. Now you are using AT&T DNS servers assigned via DHCP. Reboot Windows. Retest with http.http3.enable set to false in Firefox.
-
Are you using the browser extension or stand-alone version of AdGuard VPN?
The browser extension version doesn't work with Eset: https://forum.eset.com/topic/34409-eset-not-working-with-vpn-extensions/ .
-
6 hours ago, COStark26 said:
Still No Block for me. False setting & Quad 9 to Cloudflare (default) and that http.http3.enable set to falsestill shows.
In my case, the key element was switching back to my ISP DNS servers as my Win DNS servers. I had tried using both Cloudflare and Quad9 as my Win DNS servers previously with http.http3.enable set to false, and Eset failed to alert/block crackingpatch site. My suspicion it's the 6rd tunneling my ISP uses on their network.
-
On 3/20/2024 at 9:30 AM, COStark26 said:
Not a big deal .... but FF 124 with (about:config) -- network.http.http3.enabled -- changed to False I still get the -- https://crackingpatching.com/ -- site with DoH Enabled
Just retested.
Eset nows blocks the domain with network.http.http3.enable set to false. DoH set to maximum level using default Cloudflare servers. I am also now using my ISP DNS servers as Win DNS servers.
-
Well, I'll be damned.
I got Firefox to detect https://crackingpatching.com/2017/03/avast-pro-antivirus-internet-security-premier-17-2-3419-0-keys.html with DNS over HTTPS enabled. The problem turns out to be HTTP/3 ; i.e. QUIC, as discussed in the other recent thread on this issue.
Set network.http.http3.enable setting via about:config option to false and Eset now detects every time.
I will also add that disabling HTTP/3 in Firefox does not disable it as far as Firefox DNS over HTTPS server processing goes. Using Cloudflare check: https://www.cloudflare.com/ssl/encrypted-sni/ shows HTTP/3 is enabled.
-
Another issue with Firefox DNS over HTTPS or not if you're using a VPN. It will leak your ISP DNS servers: https://connect.mozilla.org/t5/discussions/firefox-has-dns-leak-security-issue/td-p/50582 .
-
Output of fsutil command just repeats its existing directory;
-
13 minutes ago, Marcos said:
The file may be in a subfolder of system32 since the whole path is not visible in the screenshot. I assumed it was directly in system32.
I found it. It's located here, C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_866484083fc526af\Display.NvContainer
Also due to Nvidia's aggressive telemetry processing. it may be being re-created in System32 directory and then deleted after system startup.
In any case, good luck on trying to allow it via Eset firewall rule for process detection. There are other forum postings on this and none succeeded.
Since it can be blocked by a firewall rule for IP address, 152.199.20.80, a rule can be created to allow the IP address which is risky.
-
1 hour ago, Marcos said:
fsutil hardlink list C:\Windows\System32\NVDisplay.Container.exe
File not found on my PC.
I have a nVidia graphics card with nVidia drivers installed. The only like file on my PC running is NVContainer.exe located in C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_866484083fc526af\Display.NvContainer directory.
As a rule, I never install GeForce Experience. This System32 directory based NVDisplay.Container.exe file might be related to that.
However, I know that NVContainer.exe "dials out' on my PC on every system startup to IP address, 152.199.20.80.
-
21 minutes ago, COStark26 said:
Not a big deal .... but FF 124 with (about:config) -- network.http.http3.enabled -- changed to False I still get the -- https://crackingpatching.com/
First, as best as I can tell, Firefox isn't using HTTP/3.
Next, the problem with Firefox is how it performs DNS resolution when DoH is enabled as noted in the other forum thread on this issue and repeated below;
https://support.sophos.com/support/s/article/KB-000043686?language=en_USQuoteThis may be due to Mozilla Firefox's enablement of DNS over HTTPS. This feature is designed to bypass enterprise DNS and security and should not be used in an Enterprise environment. Our Web Protection interception interferes with this lookup.
Note: Only Mozilla Firefox is affected by this. Other browsers that may use DNS over HTTPS such as Google Chrome, use the Operating System information for DNS, which we also do. Firefox is the only browser that uses its own DNS configuration.
DNS-over-HTTPS at an application level attempts to bypass many security features. As such, we do not recommend having this setting enabled when using Sophos Web Protection.
-
Eset doesn't state that the Online Scanner is officially supported on Win 11;
-
3 hours ago, Marcos said:
This is because the server uses HTTP/3. If you disable QUIC in Chrome per https://support.eset.com/en/kb6757,
According to Watchguard, you also need to also create a firewall rule to block UDP port 80 and 8080 network traffic: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Endpoint-Security/manage-settings/disable-http-3-protocol-for-web-access-control.html?TocPath=Troubleshooting|_____19 .
1 hour ago, Marcos said:I assume it has nothing to do with DoH.
Except for Firefox which uses its own DNS processing with DoH enabled. Also, Firefox has QUIC enabled by default.
-
11 hours ago, Ahmeduchiha said:
I use Cloudflare DNS but, on the network level not in the browser.
Your posted screen shot shows you have DNS over HTTPS enabled.
Edge refers to DNS over HTTPS as "secure DNS." You also have "Use current service provider" enabled. You stated that you are using Cloudflare as your Windows DNS servers; i.e. current service provider. Therefore, you are using Cloudflare as your DNS over HTTPS provider.
Disable the "Use secure DNS" setting; close and reopen Edge; and retest. Eset should alert and block access to this malicious web site every time
-
I would open a support request with your in-country Eset vendor and ask them to verify if the Suspicious Application detection is correct.
-
57 minutes ago, Ahmeduchiha said:
I am using Microsoft Edge so, this DNS option that Firefox has isn't available
Refer to this article: https://winaero.com/enable-dns-over-https-in-microsoft-edge/ to determine if DNS over HTTPS is enabled in Edge and what DNS provider it is using.
AdGuard VPN incompatibility with ESET
in ESET Internet Security & ESET Smart Security Premium
Posted · Edited by itman
Did you disable WFP use in Adguard Adblocker as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ ?
My advice is don't use anything installed AdGuard related with Eset. Their installed products overall are not compatible with Eset. Alternatives are to use Adguard browser extension or use uBlock Origin browser extension and activate AdGuard TPLs within it.