itman

To begin with, there is a serious security vulnerability in regards to Nvidia GeForce versions prior to 3.18. You can read about that here: https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-geforce-experience-vulnerability The article also refers to Nvidia driver vulnerabilities that have been recently discovered. So you have to verify if your Nvidia drivers have been have recently updated. As far as your screen shot goes, your Nvidia software is indicating that a GeForce software update is available. In light of the above posted, you probably want to perform the update. BTW - you don't need the GeForce software for your Nvidia drivers to function properly. It's primary purpose is to inform you that NVidia driver updates are available. It can be uninstalled via Control Panel -> Programs option.

First, did you reboot after installing Eset? Sometimes Eset Bank and Payment Protection is not functional until this is done. Otherwise, do the following. Suggest you uninstall the current version of Eset using Eset's Uninstaller utility in Windows Safe mode. Note: if you have made any Eset customized settings, make sure you export those prior to uninstalling. You can then import those into Eset after it have been reinstalled. Then download your Eset version from here: https://support.eset.com/kb2885/?locale=en_US&viewlocale=en_US . You should be redirected to the appropriate Eset New Zealand download web site. Run the installer and see if that resolves the issue.

To begin with, a revoked certificate is not the same security status of lets say, an expired certificate. A CA revokes a certificate for: 1. It's been stolen. 2. The concern that the certificate was issued to has been demonstrated to be untrustworthy. It's fair to assume no. 2 applies to this web site. To make matters worse, you disabled Eset's SSL/TLS scanning capability. Doing so means that if this web site does contain malware or redirects you to a site that does, Eset won't detect it and protect you from malicious activities such as drive-by downloading, coin mining, and the like.

If this doesn't work, you can block uTube with a Chrome extension: https://www.techwalla.com/articles/how-to-block-youtube-on-chrome -EDIT- Assuming you're not using Google Chrome Enterprise to manage the Chrome clients, you can also checkout using GPO to do so: https://ittutorials.net/microsoft/windows-server-2016/gpo-google-chrome/

@Marcos already answered this previously. On average approximately 6 per day. Most of the updates are signature ones.

You can, but not recommended. Also, they run at low priority and only scan commonly used files:

Here's your choices: 1. Keep adding IP address to block with your existing Eset firewall rule whenever an Eset popup alert appear with a new IP address. 2. "Live with" the existing Eset alerts. 3. Remove the Chrome extension.

No problem here with latest Firefox ver.:

"My take" on this runtc.net issue is that it is some type of redirect tracker interception. Who is "infamous" for tracking activities - Google.

https://www.petri.com/microsofts-upcoming-chromuim-based-edge-browser-has-few-features-for-the-enterprise In other words, the new Edge browers will employ the same security features as the old Edge browser.

To begin with, Eset HIPS doesn't official support "\\" notation in a path name. If it works, it would only apply to the immediate path specified. In other words in your example for the C:\Users directory, but not for any subordinate directories specified within the C:\Users directory.

Forum attachments can only be read by Eset moderators. If that that doesn't suffice, upload logs to a file share of your choice and PM both the link to the logs on the file share service.

Guess I am not following you on this one. Each time you export your settings, a new .xml file is created. Just import the latest .xml file you created.

Interesting. That was my number one suspect initially.

My "two cents" observation in regards to PUA Chrome extensions and the like is Eset is excellent at detecting and eliminating then at attempted installation time. If however they get installed through either lack of detection, user allowing the install, etc, then it's an entirely different matter removing them when subsequently later detected via Realtime scanning. Even Eset's own KB articles on the same indicate that manual removal of the extension/s is required.

Looks like I was right about my suspicions about getclicky.com: https://www.threatcrowd.org/domain.php?domain=getclicky.com

Yes, since it appears the alerts are being generated by one of those add-ons.

My best guess at this point is the issue is on the user's end. Ask if he/she is from Peru. This Eset detection has so far been largely related to connections originating from that country. Very possible is the user has DNS hijack issues, whatever. They try to connect to your site but are being redirected to a site containing Javascript that Eset detects as JS/Agent.OCJ. As @Marcos just replied, we need a screen shot from the user's Eset Filtered Websites log that shows the URL/IP address associated with the alert.

I disabled uBlock for your site and FireFox itself blocked getclicky.com. So my money is still on that as the source. Find out what browse/app the person was using when he received the Eset alert. Also, Eset might be throwing this detection in response to this issue: https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/

I am not getting any Eset alerts for this web site using Firefox. I am however using uBlock Origin and it is blocking at least 7 things on your web site. This leads me to believe the issue might the ads, trackers, etc. being displayed/used on the site. -EDIT- Primary suspect is getclicky.com. Other suspects are metrics.api.drift.com and event.api.drift.com. And it goes w/o saying that google-analytics is being used.

As far as preventing installation of malicious chrome extensions, they and add-on installations need to be managed via policy methods. Here's an article on how to do so: http://woshub.com/how-to-configure-google-chrome-via-group-policies/ . As far as Eset goes, do you have for Real-time file system protection -> Detection Engine -> Scanner Options all the following enabled on the endpoints? Detection of potentially unwanted applications Detection of potentially unsafe applications Detection of suspicious applications If the above are all enabled, you can set Real-time protection ThreatSense -> Parameters -> Cleaning level to "Strict clearing." Doing so will eliminate any PUA pop-ups from Eset on the endpoints requiring user action and automatically delete and quarantine the file.

Some "free press" courtesy of bleepingcomputer.com: Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/

As far as blocking telnet, see this thread: https://forum.eset.com/topic/19638-unsual-open-network-services-notification/?tab=comments#comment-95738 To begin with, most routers with IDS capabiity will block telnet inbound traffic by default. As far as Eset firewall goes, you have two choices: 1. Block all inbound/oubound port 23 communication. This will stop most but not all telnet traffic. 2. Create 15 Eset firewall rules; one for each of the 15 protocol numbers, 240 - 255, associated with telnet , blocking all inbound/oubound traffic from same.

See this thread: https://forum.eset.com/topic/19081-jsspigotb/ . Also refer to the Eset knowledgebase article link I posted in the thread.

It is a "smart" signature detection. Rather than relying on a 100% signature malicious code match, DNA signatures will triggering on code "snippets" known to be malicious. This way polymorphic malware, that is malware that alters its code to avoid hash detection methods, can be detected. Additionally, DNA signatures also employ "YARA" like behavior rules that can detect known malicious process activities.