itman

In the same Eset GUI section, you can exclude SSL/TLS scanning based on the certificate associated with the domain/URL of your web based app.

Appears this a known issue: https://github.com/kucharzyk/spring-angular2-starter/issues/35 . Have you tried excluding your app from Eset SSL/TLS protocol scanning by setting Scan action to "Ignore"? Note that this does put your Eset customers at risk in the event your app may contain malware.

This has been already been answered.

Refer to this forum for assistance: https://www.sysnative.com/forums/threads/persistent-fde-dll-and-fdeploy-dll-corrupt-files-after-running-sfcfix.28124/

Yes. Ver. 16.0,27 can be downloaded from here: https://forum.eset.com/files/ . However, a recent posting in this thread indicated it did not fix the issue.

I find it odd that the rundll32.exe HIPS rule is being triggered at all. I have the same HIPS rule and it has never been triggered. I advise determining what is triggering the HIPS rule rather than how to disable notification of it being applied. If it turns out to be legitimate activity, you can create a HIPS rule to allow that activity.

This article might help in resolving the Issue: https://docs.sucuri.net/website-firewall/configuration/working-with-godaddy/ . I also wonder if GoDaddy is being straightforward in their response and they set this up on their end. In any case, it appears you get WAP for free which is a major security improvement.

To show how hopeless it is to detect 0-day infostealers, here's the "latest and greatest":https://www.cyfirma.com/outofband/new-maas-prysmax-launches-fully-undetectable-infostealer/ . It has been posted to VT since 8/13 and currently 4 or less vendors detect the IOC's listed at the bottom of the article. Eset is not one of those vendors. -EDIT- Well, that was quick. Eset now detects at VT. BTW for Kaspersky fans, it does not detect this infostealer.

A footnote comment here. This app, Sogou Input Method, has over 450 million active Chinese users. As such, it would be in attackers "sights" to deploy hacked installer versions such as that shown in the above anyrun.com linked analysis. It is also a great example to always download from the legit developer's web site.

Eset detects it as a PUA. Just select "Ignore and continue" to access the web site; As far as what Eset classifies as potentially unwanted content; https://help.eset.com/glossary/en-US/unwanted_application.html

As a follow up to my last posting, it appears there are a number of hacked versions of this software. The official vendor's web site is here: http://pinyin.sogou.com/ . Of note is there is no like https web site. In any case, there is a serious vulnerability in this software for all versions except the most current: https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/ .

Based on a Sophos article on this subject, "KB5022661—Windows support for the Azure Code Signing program," mitigation only applies to Win OS versions listed in the KB article. Otherwise, you will have to upgrade your Windows version; https://support.sophos.com/support/s/article/KB-000045019?language=en_US#impacted

Well, I have one explanation as to why Eset firewall is not blocking the app associated with SGMyInput.exe. It's loaded with malware: https://any.run/report/0f41320c168d1755a34f788304b981f5af8f15be66e8774f0050356db2c2b455/d40f5fb9-5dcd-4d1e-92ed-a1f79fb4a019. Full analysis here: https://app.any.run/tasks/d40f5fb9-5dcd-4d1e-92ed-a1f79fb4a019/ SGMyInput.exe and many other .exe's are also performing certificate manipulation activities. Did Eset real-time protection detect any of these malicious processes?

My suspicion here is there is something not right with the certificate this app is using to sign it's .exe's. Chinese developers are great at using hacked certs. and the like. Below is an example of how svchost.exe is signed; Using one of these app .exe's you know the Eset firewall rule is not blocking; for example, SGMyInput.exe, access its Properties details. Post a screen shot showing Digital Signature and Certificate details of this .exe as I did for svchost.exe. Finally, compare the the Signer name shown in the Digital Signature Details Signer Information for the .exe to that shown in the Name of signer shown in the respective created Eset firewall rule. The names should exactly match each other.

Assumed is it is the Eset firewall that is blocking the Starfield mod from establishing network connectivity. Start the mod. Then open Eset GUI and navigate to Network Protection section. Under the "Resolved blocked communication" area, it should show a non-zero blocked communication count. Mouse click on Resolved blocked communication and it will show all connections blocked by the firewall. You can then unblock the activity and have Eset create a firewall rule for it. Ref.: https://help.eset.com/essp/16.2/en-US/idh_wizard_epfw_troubleshooting_type.html

For enhanced security protection, the option should be enabled. This has been already answered. It will cause the scan log files to be very large resulting in wasted disk space.

It must be optionally enabled at Eset installation time, otherwise it remains off. You can set both settings for it to Balanced.

1. Enable Advanced setup. 2. Select Malware scans. 3. Expand ThreatSense settings. 4. Scroll down to the Other settings section.

Just what Eset features did you disable? Hopefully, not all of Eset. If you temporarily pause the Eset firewall, does the issue not occur?

Err ............ Your posted router log shows that. Your ISP is not blocking that network traffic, it's the router's IDS/firewall doing it.

I don't why a Freeform archive should exist in a UEFI partition. Ref.: https://freeform-brodcast-archives.fandom.com/wiki/Freeform_Broadcast_Archives_Wiki

Your router log entries show that UDP port scans are being blocked by the router's IDS/firewall. As such, I assume TCP port scans are would also be blocked by it.

It appears "the message is not getting across here." It also appears no one has bothered to read the posted link Microsoft article which states; No one is forcing anyone to upgrade their Win OS version. That said, it is imperative to apply the appropriate KB update depending on Win version. If you don't, you will find Microsoft Defender real-time protection running side-by-side with Eset's.

Another thing to note here is Eset IDS protection can detect non-specific port scanning activities and will display an alert as shown in this knowledge base article: https://support.eset.com/en/kb2951-resolve-detected-port-scanning-attack-notifications . However in regards to this posting, Eset appears to be detecting port scanning related to botnet activity and alerting as such. This leads me to believe that Eset Botnet protection was the primary activity detector. Related article: https://support.eset.com/en/kb7487-resolve-the-incomingattackgeneric-or-botnetcncgeneric-network-protection-alert .

Actually, I mis-posted on the bug. It pertains to missing data on Eset firewall alerts while in Interactive mode. The issue is the Eset firewall does not correctly process inbound network traffic when the IP address associated with the local device is interpreted as a remote IP address.