Jump to content

itman

Most Valued Members
  • Content Count

    7,759
  • Joined

  • Last visited

  • Days Won

    191

Everything posted by itman

  1. ??? The Win firewall plus Eset firewall with default settings do not block outbound connections. Therefore, neither will have any impact on your applications being able to update. The problem with running two firewalls is a possible conflict with inbound connections. Only one firewall that monitors network connections should be active at any time.
  2. You can turn the Win 10 firewall manually by doing this: hxxp://windows.microsoft.com/en-us/windows/turn-windows-firewall-on-off#turn-windows-firewall-on-off=windows-7 . Hopefully after a reboot, the Win 10 firewall will show this: This is how the Win 10 firewall should work with the Eset firewall enabled. The Win 10 firewall is not completely disabled since Eset uses components of it; primarily the Windows Filtering Platform component.
  3. Did you reboot after installing Eset? If not, do that and see if it resolves the issue.
  4. Regarding this and your other posting today about 95 incoming udp connections being blocked, I personally feel your network adapter settings are "hosed." Here's a guide to how to reset them in Win 7: https://kb.wisc.edu/helpdesk/page.php?id=37620 . You can search the web for like instructions for Win 8 and 10 if you are using one of those versions. Additionally, the issue might be with your router and that might have to also be reset. You might also contact Eset technical support to see if they can be of assistance.
  5. What you see in your last posting is two real time security solutions at conflict with each other. In this case, MBAM is blocking Eset's outbound connections. My opinion and that of others is that: 1. Only one security solution should be running in real time. In this case, I would recommend turning off MBAM's real time protection and use it as a second opinion off line malware scanner. 2. If option 1 is not acceptable, then you need to set exclusions in Eset for MBAM and exclusions in MBAM for Eset. This might or might not resolve the conflict. You seem to be getting connections
  6. Em006_64.dat along with other Eset .dat files are currently being loaded into the kernel globalroot driver area. My question is why is Eset loading .dat files into a kernel area reserved exclusively for drivers?
  7. Yep. To many software vendor acquisitions these days ....................
  8. In my situation, the software Internet connection was not made through the browser. As such, no way to exclude the certificate. Hence, the solution I proposed.
  9. A simply analogy here is a file archive. It is stored in a compressed format. An AV scanner cannot scan files in compressed format unless it first un-compresses the archive. Likewise, malware can pack and obfuscate, i.e. hide, executable code in let's say a javascript. It does so to avoid detection by AV conventional scanning methods when downloaded. Additionally, the malicious code cannot execute until the malware unpacks and un-obfuscates the code. AMS protection will detect this activity and suspends the process so it can be scanned for malware and/or terminates the process . When Eset
  10. I assume you know that Outpost is no longer a supported product since Agnitum was purchased by Sophos?
  11. I was having an issue similar with my income tax software. I assume your backup software is 100% trusted? Also note that what I am going to recommend will disable all protocol filtering protection for the application i.e. the network traffic will not be scanned for malware. The following instructions apply to version 8. Navigation might be slightly different for version 9. From the lower Eset desktop icon, select "Open Eset Settings." Then select Eset "Setup" setting. Then select in the following order; Web and email -> Web Access Protection - configure -> click on the Protocol f
  12. Personally, I would create a "block all" user firewall rule with logging for that IP address. At least, the Eset firewall log should point you to where those connections are originating from. An example of such a rule is shown below:
  13. Appears you traced the problem back to MalwareBytes Anti-Malware: Thanks for help! You are the best support! You answered fast and you were really helpful! I uninstalled Malwarebytes Anti-Malware and now everything is fine! Was MBAM running in realtime mode? Even if used as a second on-demand solution, the later versions of MBAM can cause problems with any other AV solution running in realtime.
  14. Just ran the lastest ver. of GMER that now supports x64 OSes. Just love how it dropped a driver in %AppData%\temp directory. I definitely need *.filename suffix support Eset!
  15. Did you do the restore in "safe mode?" I have never had an issue when do it this way.
  16. I check your settings and yes is online but 0 protection The only way to protect my internet It was to buy this router TL-WR841N and have firewall online protect against hackers or ddos attacks Second protection I buy this Outpost Firewall Pro 9.3 protect against hackers or ddos attacks I check google new firewall is name Anti DDoS Guardian 3.4 secure against Stop SYN flood, TCP flood, UDP flood, ICMP flood, bandwidth attacks etc eset smart security 8 and 9 the firewall is to weak against this attack and 0 detect and 0 block sorry You must work seriously with this firewall
  17. Interesting comments. Appears Eset dials out every 1/2 hour, which I believe are the LiveGrid blacklist updates. And the connection is to their servers. So I an sticking with the botnet checking as the reason for the port 443 dial outs by ekrn.exe within the 1/2 hour intervals.
  18. ...... -> hxxp://www.senderbase.org/lookup/?search_string=119.1.109.121-> -> https://www.spamhaus.org/query/ip/119.1.109.121 https://www.spamhaus.org/sbl/query/SBL156393 https://www.spamhaus.org/sbl/query/SBL171415 https://www.spamhaus.org/pbl/query/PBL188929 "chinanet-gz is providing services to spammers and botnet operators since years and ignoring all abuse complaints sent by Spamhaus and 3rd parties" (Guess that could be one reason why MBAM blocks that IP) hxxp://www.senderbase.org/lookup/?search_string=195.154.36.97-> -> hxxp://www.abuseat.org/lookup.cgi
  19. Open up Eset's advanced settings -> Network -> Personal Firewall -> IDS and advanced options -> Packet Inspection. Then ensure "TCP protocol overload detection" is checked marked as shown below. Then re-test.
  20. That might partially explain what is going on here. I did do a lookup to hxxp://threatcenter.crdf.fr/?Stats yesterday. Had no idea that that they had a rep problem. So will stay away from there from now on. Marcos, take note. So the question is does Eset use the clould for rep scanning and the like while browsing? And why would ekrn.exe be connecting to an IP address using port 443 to do so? This link is a http link, not https. This does look like something to do with Eset's web filtering but would like an explanation.
  21. I just scanned that Chinese IP address here:hxxp://www.borderware.com/lookup.php?ip=119.1.109.121&Submit.x=29&Submit.y=12. Definitely a bad IP. I have seen ekrn.exe connections to France; IPs 62.210.11.201 and 195.154.36.97. 195.154.36.97 is a bad IP! What is going on here Eset? I noticed these are port 443 connections. This have anything to do with SSL protocol scanning?
  22. I came across a past posting that Bitdefender was having memory leak issues on certain Win OSes. They traced it back to Windows Filtering Platform. Perhaps an area for Eset to look at as the possible source. Maybe something changed in WFP and Eset's NDIS mini-port filter is now causing issues?
  23. I am located geographically close to OP's location in the U.S. I created a firewall monitoring rule for ekrn.exe. All my ekrn.exe connections have either been to Eset servers or to U.S. based servers of Akamai, Cloudflare, or Microsoft. So it appears OP has a problem here. The problem also might be related to MBAM which I strongly suspect. @spc3rd - why don't you likewise create an allow firewall rule with logging enabled for ekrn.exe. Then verify that that log entries show a connection to 119.1.109.121.
  24. Since you are in the U.S., I would like an answer from Eset if they are indeed routing traffic through Chinese servers.
×
×
  • Create New...