itman

The site is using a Cloudflare; i.e. DNS provider, root cert. with dozens of named urls on it. See no way that Eset will be able to exclude this site.

Then it appears you are out of luck. Do not permanently exclude those two IP addresses since it will expose you to malware risks from multiple web sites.

Try watchdoctorwhoonline.com instead.

Do the following at your own peril. If you later get infected, do not expect forum help. 1. In the Eset GUI, select Advanced Setup. 2. Under Web and Email -> Protocol Filtering -> Excluded IP Addresses, add these two IP addresses; 52.2.15.20 and 54.165.76.66. Save your changes. At this point, you should be able to connect to the web site. Connect to the web site. If you cannot connect to the web site, delete the prior added IP addresses and do not perform the following steps. 3. In the Eset GUI, select Advanced Setup. Under Web and Email -> Protocol Filtering -> SSL/TLS -> List of known certificates, click on Edit. 4. Click on the Add tab. 5. In the Add certificate screen, click on the URL tab. At this point the web site certificate data should populate Certificate name, issuer, and subject fields. 6. Change Scan action selection to Ignore. Click on OK tab on that and any subsequent displayed screen to save your changes. Extremely important. Repeat steps 1. and 2. and delete the prior two IP addressed added. Verify again that the IP addresses have been deleted. This must be done since these IP addresses relate to Amazon servers hosting multiple domain names.

Yes if they were not previously blocked by an ad blocker. In this instance, Eset's SSL/TLS scanning detected the malicious ad prior to the web page being rendered in the browser. Hence, the use of any ad blocking being N/A since that occurs during the web browser page rendering processing. If you exclude the URL from Eset's Web Access protection by adding it to the Allowed list, you are in essence playing a malware game of "Russian roulette" and hoping that any malicious web page content will be detected by your ad blocking software.

UblockO is great for ad and like blocking. Just note that it won't prevent you from getting infected by other JavaScript and like malware from sources not detected by UblockO.

I knew that. I was referring to the other modules.

Looks like everything is updating fine. My concern was the lack of a separate module update entry in the event log. Looks like Eset is now instead pushing non-def. and anti-spam module updates as part of the normal periodic def. updating.

Here's a screen shot of my current modules:

Nothing is found. Also see my above edited comment.

I have had ver. 12.2.23 installed for almost a month. Just realized and verified via event log that I have not had one module update download. Has something changed in this regard? -EDIT- I have had module updates however. Appears Eset now pushing these in the definiiton update downloads? Also these module updates appear to be pre-release vers.; i.e. .x suffixed, although I don't have pre-release updates enabled.

A penetration testing concern tested Windows Defender controlled folders for bypass capability last year: https://www.nyotron.com/wp-content/uploads/2018/04/Nyotron-Windows10-Report-April-2018.pdf . To dispel a few myths, WD controlled folders held its own against common code injection techniques against its default allowed processes, Such was not the case for any user created whitelisted processes. However and pointed out in the article, most users would probably not create any. Such was not the case however in regards to advanced code injection techniques such as APC based code injection, WMI based, and Word Macro based. The question is how Eset's HIPS mitigated protected folders would fare against the same. Then there is the case of malware based privileged escalation techniques. Well if employed and directed against WD controlled folders, assume all your files will be encrypted. Since this article was written prior to Win 10 1903 WD tamper protection feature, maybe the article noted system modifications would not be possible. I certainly hope so for users relying on WD controlled folders protection.

It's possible it somehow got uninstalled due to the Win 10 reset. Try to reinstall it using this as a guide: https://support.eset.com/kb6209/#PasswordManager

Based on this analysis: https://www.hybrid-analysis.com/sample/8ef1f20c814e4f1295cd95bdda8fd01004950ffb5d901dc9a5d52b1746899f48?environmentId=100 , it is possible you might have a compromised YouTubeDownloaderSetup.exe installer.

The simplest solution for this assuming you're not using a proxy connection is to do what U.S.-CERT recommends: https://www.us-cert.gov/ncas/alerts/TA16-144A In Win 10, turn off all proxy settings as shown in the below screen shot: As far as browsers go, almost all are set by default to use OS proxy settings.

Are you stating that when using Chrome and accessing different bank web sites, some will open the protected Eset B&PP browser screen and some do not?

Not exactly. You will only see this wording, "connection verified by a certificate issuer that is not recognized by Mozilla," if you click on the lock symbol in Firefox. This same wording will appear for every HTTPS web site you connect to unless it is internal excluded from Eset's SSL/TLS protocol scanning or has been manually excluded. Again refer to this previously posted link: https://www.msoutlook.info/question/613 Specifically this: Also this: The problem here has nothing to do with Eset's certificate or the use of it. There appears to be an issue with the certificate the e-mail provider server is using. You need to contact your e-mail provider about this issue. Specifically, you need to find the name of the new URL for the e-mail server they are using and enter that into Outlook. Everything on their web site is in German which I don't understand. It appears you are using a client e-mail URL that references a prior used server and are being redirected to the current server/s the e-mail provider is using.

Excluding port 8009 as suggested will for all practical purposes have negligible effect security-wise.

Did this resolve the quarantine issue and the LiveGrid issue you also posted about? Also, I believe you are running a trial version of Eset.

I had this issue once and it may be related to your Windows account files. Check if this directory, C:\Users\xxxxxx\AppData\Local\ESET\ESET Security\Quarantine, exists. If so, does it contain any quarantined files?

My cleaner module ver. is currently 1195 dated 6/10. I could have swore that it had been previously updated to 1198. Check what ver. your cleaner module is. If its not 1198, you will have to switch to pre-release updates to get it.

I'll let @Marcos elaborate on what those "personal firewall" alerts mean. Again as far as I am aware of, NOD32 doesn't include firewall protection.

Possibly you didn't properly save the cert. change in ThunderBird. Need clarification on this. NOD32 doesn't contain the firewall feature. As such, I beleive there is no Eset such like log unless perhaps there is a Network log present? If so, post a screen shot of the log entries related to Eset's failure to add its root cert, that are present in the log.

In both apps, click on Edit Trust tab and ensure "This certificate can identify websites" is checkmarked as shown in the below screen shot:

Eset has issued a Chomecast alert here: https://support.eset.com/alert4/ . Why this hasn't been posted on this forum is beyond me. Also the alert states the updated module was released on Aug. 7. This would imply it was so for production vers . which obviously it was not. The alert should be reworded to specifically state it was released to pre-release vers. and the only way to obtain it is by enabling Eset pre-release GUI option. BTW - I still haven't received the module update.