-
Posts
12,172 -
Joined
-
Last visited
-
Days Won
319
Everything posted by itman
-
Allow Disabling of Status - Missing Support for Azure Code Signing
itman replied to whitefern's topic in ESET NOD32 Antivirus
This has been already been answered. -
Cannot disable notifications in ESET Protect Cloud
itman replied to Panayiotis Zezos's topic in ESET PROTECT
I find it odd that the rundll32.exe HIPS rule is being triggered at all. I have the same HIPS rule and it has never been triggered. I advise determining what is triggering the HIPS rule rather than how to disable notification of it being applied. If it turns out to be legitimate activity, you can create a HIPS rule to allow that activity. -
The mystery of the suddenly appearing Sucuri Firewall
itman replied to JoeStrike's topic in General Discussion
This article might help in resolving the Issue: https://docs.sucuri.net/website-firewall/configuration/working-with-godaddy/ . I also wonder if GoDaddy is being straightforward in their response and they set this up on their end. In any case, it appears you get WAP for free which is a major security improvement. -
To show how hopeless it is to detect 0-day infostealers, here's the "latest and greatest":https://www.cyfirma.com/outofband/new-maas-prysmax-launches-fully-undetectable-infostealer/ . It has been posted to VT since 8/13 and currently 4 or less vendors detect the IOC's listed at the bottom of the article. Eset is not one of those vendors. -EDIT- Well, that was quick. Eset now detects at VT. BTW for Kaspersky fans, it does not detect this infostealer.
-
A footnote comment here. This app, Sogou Input Method, has over 450 million active Chinese users. As such, it would be in attackers "sights" to deploy hacked installer versions such as that shown in the above anyrun.com linked analysis. It is also a great example to always download from the legit developer's web site.
-
radiant.capital was blocked by PUA blacklist
itman replied to malikethanger's topic in Malware Finding and Cleaning
Eset detects it as a PUA. Just select "Ignore and continue" to access the web site; As far as what Eset classifies as potentially unwanted content; https://help.eset.com/glossary/en-US/unwanted_application.html -
As a follow up to my last posting, it appears there are a number of hacked versions of this software. The official vendor's web site is here: http://pinyin.sogou.com/ . Of note is there is no like https web site. In any case, there is a serious vulnerability in this software for all versions except the most current: https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/ .
-
Allow Disabling of Status - Missing Support for Azure Code Signing
itman replied to whitefern's topic in ESET NOD32 Antivirus
Based on a Sophos article on this subject, "KB5022661—Windows support for the Azure Code Signing program," mitigation only applies to Win OS versions listed in the KB article. Otherwise, you will have to upgrade your Windows version; https://support.sophos.com/support/s/article/KB-000045019?language=en_US#impacted -
Well, I have one explanation as to why Eset firewall is not blocking the app associated with SGMyInput.exe. It's loaded with malware: https://any.run/report/0f41320c168d1755a34f788304b981f5af8f15be66e8774f0050356db2c2b455/d40f5fb9-5dcd-4d1e-92ed-a1f79fb4a019. Full analysis here: https://app.any.run/tasks/d40f5fb9-5dcd-4d1e-92ed-a1f79fb4a019/ SGMyInput.exe and many other .exe's are also performing certificate manipulation activities. Did Eset real-time protection detect any of these malicious processes?
-
My suspicion here is there is something not right with the certificate this app is using to sign it's .exe's. Chinese developers are great at using hacked certs. and the like. Below is an example of how svchost.exe is signed; Using one of these app .exe's you know the Eset firewall rule is not blocking; for example, SGMyInput.exe, access its Properties details. Post a screen shot showing Digital Signature and Certificate details of this .exe as I did for svchost.exe. Finally, compare the the Signer name shown in the Digital Signature Details Signer Information for the .exe to that shown in the Name of signer shown in the respective created Eset firewall rule. The names should exactly match each other.
-
Eset blocking my Starfield mod. How to create exception?
itman replied to davidm71's topic in General Discussion
Assumed is it is the Eset firewall that is blocking the Starfield mod from establishing network connectivity. Start the mod. Then open Eset GUI and navigate to Network Protection section. Under the "Resolved blocked communication" area, it should show a non-zero blocked communication count. Mouse click on Resolved blocked communication and it will show all connections blocked by the firewall. You can then unblock the activity and have Eset create a firewall rule for it. Ref.: https://help.eset.com/essp/16.2/en-US/idh_wizard_epfw_troubleshooting_type.html -
In-depth scan changes ?
itman replied to Tio's topic in ESET Internet Security & ESET Smart Security Premium
For enhanced security protection, the option should be enabled. This has been already answered. It will cause the scan log files to be very large resulting in wasted disk space. -
In-depth scan changes ?
itman replied to Tio's topic in ESET Internet Security & ESET Smart Security Premium
It must be optionally enabled at Eset installation time, otherwise it remains off. You can set both settings for it to Balanced. -
In-depth scan changes ?
itman replied to Tio's topic in ESET Internet Security & ESET Smart Security Premium
1. Enable Advanced setup. 2. Select Malware scans. 3. Expand ThreatSense settings. 4. Scroll down to the Other settings section. -
Eset blocking my Starfield mod. How to create exception?
itman replied to davidm71's topic in General Discussion
Just what Eset features did you disable? Hopefully, not all of Eset. If you temporarily pause the Eset firewall, does the issue not occur? -
Err ............ Your posted router log shows that. Your ISP is not blocking that network traffic, it's the router's IDS/firewall doing it.
-
Impossible to open BCD and BCD.log during the complete scan
itman replied to tman555's topic in General Discussion
I don't why a Freeform archive should exist in a UEFI partition. Ref.: https://freeform-brodcast-archives.fandom.com/wiki/Freeform_Broadcast_Archives_Wiki -
Your router log entries show that UDP port scans are being blocked by the router's IDS/firewall. As such, I assume TCP port scans are would also be blocked by it.
-
Allow Disabling of Status - Missing Support for Azure Code Signing
itman replied to whitefern's topic in ESET NOD32 Antivirus
It appears "the message is not getting across here." It also appears no one has bothered to read the posted link Microsoft article which states; No one is forcing anyone to upgrade their Win OS version. That said, it is imperative to apply the appropriate KB update depending on Win version. If you don't, you will find Microsoft Defender real-time protection running side-by-side with Eset's. -
Win32/Botnet.generic TCP Port Scan attack local network
itman replied to kaboomcanuck's topic in Malware Finding and Cleaning
Another thing to note here is Eset IDS protection can detect non-specific port scanning activities and will display an alert as shown in this knowledge base article: https://support.eset.com/en/kb2951-resolve-detected-port-scanning-attack-notifications . However in regards to this posting, Eset appears to be detecting port scanning related to botnet activity and alerting as such. This leads me to believe that Eset Botnet protection was the primary activity detector. Related article: https://support.eset.com/en/kb7487-resolve-the-incomingattackgeneric-or-botnetcncgeneric-network-protection-alert .