Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. MBAM realtime protection will block all domains associated with a malicious IP address regardless of if only one domain is malicious. As such, the Windows media player connection could have actually been made to a non-malicious domain. -EDIT- Just did a reverse lookup for that IP address and there are no domains associated with that IP address. Additionally when using multiple AV realtime scanners, it is a "coin toss" which realtime scanner will detect first. Only way to know for sure if Eset would detect this is to temporarily disable MBAM's realtime scanner and connect to the IP in q
  2. I suggest you contact your local distributor Eset customer support as stated in the Eset KB link you posted: If you still cannot activate your ESET product, click here to complete a Customer Care support request and receive specific tools and instructions how to resolve the issue and activate your ESET product. We recommend including ESET Log Collector output when submitting a support request.
  3. So should i return to V8 or stay to V9? i installed V8,in the previous days and saw that the ssl/tls scanning is off by default. Should i test the behaviour of V8 ? I use ver. 8 because I had issues with my custom HIPS rules in ver. 9. I did have ver. 9 installed a couple of times. What I did notice in ver. 9 was what I would call "inconsistent behavior" from SSL protocol scanning. For example, some web sites would be auto excluded from scanning only to scanned at other times upon access. These inconsistencies do not exist with ver. 8. Do note that you have to manual exclude web si
  4. Your desktop OS is Win 10 and the other computer OS is Win 7. It is a given that there will be differences in how Firefox operates on different OSes. Also, there will be differences in how cryptography is performed on different OSes. Finally, there is the possibility of an issue with Eset's SSL protocol scanning when using Firefox running under Win 7. However, I don't recall seeing anything to that effect posted in this forum. Most of the issues with Eset's SSL protocol scanning have been with Chrome. Is your version of Firefox running on Win 7 the most current version? I do know t
  5. Did you add those two web sites as TLS fallback exceptions exceptions in FireFox as I previously posted?
  6. This suggestion will save Eset some money. So hope that gets the Eset "powers to be" attention. Adding locked-down Internet banking protection was a welcomed addition. However, the approach taken to implementing it by Eset was misdirected. Looking though the recent forum activity, all I see is posts about banking protection not working right. The problem is that trying to implement and maintain this feature for all browsers is problematic and expensive to say the least. Chrome for example is in a constant state of revision. Ditto for the other browsers. What Eset should have done is follow
  7. Since this is occurring with all browsers, appears that something is possibly wrong with the Eset root CA store certificate. With all browsers closed, open the Eset GUI. Select Setup and then Web and E-mail. Disable SSL protocol scanning. Close the Eset GUI. Reopen the Eset GUI and verify that SSL protocol scanning is disabled. Then re-enable SSL protocol scanning. Close the Eset GUI again. Reopen the Eset GUI and verify that SSL protocol is enabled. Close the Eset GUI. The above steps will result in Eset generating a new root CA store certificate. Now open up a browser and see if the
  8. I just checked the API's that ekrn.exe uses in ver.8. Zip reference to DNSQuery. Might have been added in ver.9 but I am a bit skeptical of this.
  9. Here's the URL for Bank of New Zeeland: https://www.bnz.co.nz/
  10. I agree. V8 completely stable and works without any hiccups. If Eset would add the ver. 9 keystroke scrambling protection to it, it would be a perfect product.
  11. Question is which rule set is corrupted: firewall or HIPS? Since it appears you use automatic mode for both, I would just reset both to default values and see if that resolves the issue.
  12. ESET Antivirus here, i probably should have mentioned that. Aren't those ESS exclusive features? The botnet protection is part of the HIPS features. So NOD32 has that protection. Temporarily disable that and see if the DNSQuery API activity stops.
  13. Eset has botnet protection. You could try to temporarily disable that and see if that stops the DNSQuery API activity. Also the network IPS protection has a DNS poisoning setting. If enabled, you could again temporarily disable that and see if that stops the DNSQuery API activity. At least, this will identify that Eset feature responsible. My guess is Eset's botnet protection is doing the activity because you disabled Win's DNS catching service.
  14. Does NOD32 support this OS? According to NOD32 requirements, it does not: Operating System: Windows® 10, 8.1, 8, 7, Vista, XP, and Microsoft Windows Home Server 2003, 2011.
  15. How are you determining this is occurring? You using Wireshark or the like?
  16. Just looked at the ver. 9 user manual. Appears you're out of luck a far as copy/modify an existing rule capability. This among many more reasons of why I am still using ver. 8.
  17. I assume you are referring to outbound port 53 connections? The only outbound connections on port 53 should be to your ISP or third party DNS, if so configured, servers.
  18. I assume this also applies to ver. 9. In ver. 8 if you right click on a System rule and then select "Create", an option will be displayed for "Similar Rule." This will copy the existing System rule detail and you can modify it to suit your needs. Then you can uncheck the original System rule so that it is no longer active.
  19. Referring to the original message displayed by Firefox: The page you are trying to view cannot be shown because the authenticity of the received data could not be verified I believe this is the issue with Firefox: The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite. You can open the about:config page via the location/address bar and use its search bar to locate this pref: •security.tls.insecure_fallback_hosts You can double-click the line to modify the pref and add the full domain (www
  20. Appears the web sites in question only support TLS 1.0 protocol. I enabled that in IE 11 and could connect to the two web sites w/o issue with SSL protocol scanning enabled in ver. 8. Problem appears to be with Firefox. Don't know why since FF supports TLS protocol 1.0. I suggest you temporarily disable SSL protocol scanning on your Win 7 box with Eset ver. 9 and Firefox installed. If you still can't connect to the sites on that box with Eset's SSL protocol scanning disabled, then it is not the issue. The issue is with Firefox.
  21. For what it is worth, I cannot connect to either of those web sites in IE 11 running Win 7 x64, SP1 and I am using Eset ver. 8 w/SSL protocol scanning enabled. The error am getting from IE 11 relates to use of insecure cyphers. Both those web sites show a problem with the certificate pinning chain using the QUALS SSL server test. Two pinning paths are shown. One path pins correctly to the TRCA certificate. The other path does not.
  22. Marcos, looks like you are correct about the TLS 1.2 protocol connection status for https://www.onlinesbi.com/ For some inexplicable reason, IE11 will on occasion not show the real protocol connection status of a web page upon initial browser display of it. Appears to have something to do with web page caching as best as I can determine. A refresh of the web page will show the actual protocol connection status.
  23. This web site, dotomi.com, is using a self-signed root certificate. If you want Eset to automatically block the connection to any site that does the same, you can set the TRCA certification option to "block" versus "ask" in the SSL protocol settings area as shown below. Note that by doing so, you will be blocked from accessing sites used by many small software developers and the like. Note that the screen shot shown is for ver. 8:
  24. Here's what happens when I connect to another URL associated with this State Bank of India. QUALS does verify that this site supports TLS 1.0, 1.1, and 1.2. IE11 won't let me connect to this site due to the insecure cyphers it uses:
  • Create New...