itman
-
Posts
12,247 -
Joined
-
Last visited
-
Days Won
322
Posts posted by itman
-
-
3 hours ago, camelia said:
Now how do I know If i blocked correctly all the unwanted connections from NVIDIA??? 😱
Quotegf88 said:I may just add couple of steps:
1. Open "Services" and for "NVIDIA Telemetry Container" stop service and set startup type "Disabled"
Awesome my friend, I forgot about those other bits
2. Run AutoRuns and in "Task Scheduler" section disable:
+ NVIDIA telemetry monitor
+ NVIDIA crash and telemetry reporter (2 instances)
3. You may also want to remove Telemetry logs:
C:\ProgramData\NVIDIA\NvTelemetryContainer.log
C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat
C:\ProgramData\NVIDIA Corporation\NvTelemetry\nvtelemetry.log
C:\Users\user\AppData\Local\NVIDIA Corporation\NvTmMon\NvTmMon.log
C:\Users\user\AppData\Local\NVIDIA Corporation\NvTmRep\NvTmRep.log
Who needs an additional spy in your own PC?..
We need to send a clear message to Nvidia that we will NOT tolerate their spying on us via telemetry, and we will every workaround we can think of in order to defeat it. It's bad enough that windows 10 is virtually one massive spyware collecting agency
Rather than do all of the above, you can simply install nVidia drivers as normal. Once installed open an elevated command prompt and run the following:
rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetryContainer
This will remove all telemetry, logs, services and tasks. I use it all the time now and it's a very clean way of removing nVidia telemetry.Personally, I just disable the Nvidia Telemetry service and leave it at that. I haven't seen any outbound Nvidia traffic after that. I also can't vouche the the above rundll32 method since I never used it.
As far as blocking GeForce Experience outbound activity, the best way to stop it is never install it or uninstall it. Also according to this article, nothing Nvidia Telemetry or Geforce Experience does is supposedly nefarious: https://www.howtogeek.com/280101/relax-nvidias-telemetry-didnt-just-start-spying-on-you/
-
Since it appears you want to still use GeForce and not uninstall it, you can download the latest non-vulnerable update here: https://www.geforce.com/geforce-experience/download . That should eliminate the update alert you have been receiving.
As far as your other nVidia drivers, you have a problem. For any drivers less that release 390.65, you're vulnerable to the Spectre and Meldown vulnerablities noted here: https://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-driver-security-updates-for-cpu-speculative-side . I would serious considering updating your graphics card.
-
Quote
Method 3: Block websites on the router
You can block websites on Chrome browser by reconfiguring your router settings. This will affect all the computers on your network. Please back up your router’s original settings before going forward with this method.
1) Connect to your router by typing the default address on your browser window. The default address is different for different routers but is usually 192.168.1.1 or 192.168.01. If you are not sure of the default address, check with your service provider.
2) Depending on which router you use, look for URL filter, or Parental Controls, or Firewall in the settings under the Security, Parental Control or Firewall tab.
3) The URL filter lets you add the URLs for every website you want to block. The Parental Controls section lets you block websites on Chrome and specify the time when the Internet can be accessed. The Firewall settings also let you block websites by entering the URL. Most routers will have one of these features in the Settings.
4) Follow the instructions and reboot the router for the changes to take effect.
Or, block uTube within Chrome:
QuoteMethod 4: Add to restricted sites on Chrome
This is a very easy method of blocking any website on Chrome. You don’t need software or extensions for this method. The downside is that it is not password protected and anybody can change the settings to reverse it.
Here is the step-by-step process:
I. Go to Google Chrome settings menu and scroll down to advanced settings
II. Under System, click on Open Proxy Settings
III. Open the Security tab and select Restricted Sites. Click on Sites
IV. In the dialog box that opens, type in the URLs of all the sites you want to block and Click on Add.
V. To remove, simply select the URL and click on Remove.
https://www.technorms.com/65050/best-ways-to-block-websites-on-chrome
-EDIT-
You can also try to block uTube using a host file entry: https://www.wikihow.com/Block-YouTube . Note this comment:
QuoteIf you use Chrome, you'll need to place a space after YouTube's address and then type in www.youtube.com there.
QuoteInserting a redirect into the hosts file is simple. Just enter the IP address of the desired server or host, leave a single space, and then enter the domain or hostname you want to point to that IP. Enter only one redirect per line.
When redirecting a real website URL, you should include one redirect with the www and another without, to ensure both will be redirected to your desired IP.
When redirecting a custom hostname (rather than a real website), it’s a good idea to add an extension (such as .com) even though not required. This is because some web browsers will think you’re trying to perform a search if a domain extension isn’t included and will return search results instead of taking you to the IP you’ve designated.
http://techgenix.com/tips-and-tricks-using-windows-hosts-file/
-
1 hour ago, camelia said:
I am having a problem with one unwanted connection, I have tried everything but I don't know is this connection is blocked or not @ this moment, it is driving crazy! 😫
To begin with, there is a serious security vulnerability in regards to Nvidia GeForce versions prior to 3.18. You can read about that here: https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-geforce-experience-vulnerability
The article also refers to Nvidia driver vulnerabilities that have been recently discovered. So you have to verify if your Nvidia drivers have been have recently updated.
As far as your screen shot goes, your Nvidia software is indicating that a GeForce software update is available. In light of the above posted, you probably want to perform the update. BTW - you don't need the GeForce software for your Nvidia drivers to function properly. It's primary purpose is to inform you that NVidia driver updates are available. It can be uninstalled via Control Panel -> Programs option.
-
First, did you reboot after installing Eset? Sometimes Eset Bank and Payment Protection is not functional until this is done. Otherwise, do the following.
Suggest you uninstall the current version of Eset using Eset's Uninstaller utility in Windows Safe mode. Note: if you have made any Eset customized settings, make sure you export those prior to uninstalling. You can then import those into Eset after it have been reinstalled.
Then download your Eset version from here: https://support.eset.com/kb2885/?locale=en_US&viewlocale=en_US . You should be redirected to the appropriate Eset New Zealand download web site. Run the installer and see if that resolves the issue.
-
9 hours ago, Zur13 said:
3. I've got message from Eset Internet Security saying the site certificate was revoked and untrusted connection was blocked. similar message was in my browser.
4. I know this site so I wanted to access it anyway so I've disabled web access protection in Eset Internet Security for 10 minutes.
To begin with, a revoked certificate is not the same security status of lets say, an expired certificate. A CA revokes a certificate for:
1. It's been stolen.
2. The concern that the certificate was issued to has been demonstrated to be untrustworthy.
It's fair to assume no. 2 applies to this web site. To make matters worse, you disabled Eset's SSL/TLS scanning capability. Doing so means that if this web site does contain malware or redirects you to a site that does, Eset won't detect it and protect you from malicious activities such as drive-by downloading, coin mining, and the like.
-
9 hours ago, Marcos said:
Does disabling QUIC protocol in Chrome make a difference? https://support.eset.com/kb6757
If this doesn't work, you can block uTube with a Chrome extension: https://www.techwalla.com/articles/how-to-block-youtube-on-chrome
-EDIT- Assuming you're not using Google Chrome Enterprise to manage the Chrome clients, you can also checkout using GPO to do so: https://ittutorials.net/microsoft/windows-server-2016/gpo-google-chrome/
-
1 hour ago, maneet kaur said:
ok, and how often the module updates are sent by eset?
@Marcos already answered this previously. On average approximately 6 per day. Most of the updates are signature ones.
-
28 minutes ago, maneet kaur said:
can we stop the scan every time the modules are updated?
You can, but not recommended. Also, they run at low priority and only scan commonly used files:
-
2 hours ago, ENDSP1EL said:
Should I disable it then? And is like random because as I said, I had not had this issue before
Here's your choices:
1. Keep adding IP address to block with your existing Eset firewall rule whenever an Eset popup alert appear with a new IP address.
2. "Live with" the existing Eset alerts.
3. Remove the Chrome extension.
-
37 minutes ago, Sammo said:
it often does not work with the newer versions of Firefox either.
No problem here with latest Firefox ver.:
-
6 minutes ago, ENDSP1EL said:
How come? It is from Google and their official store. Plus it had not been happening before I started this topic here
"My take" on this runtc.net issue is that it is some type of redirect tracker interception. Who is "infamous" for tracking activities - Google.
-
Quote
One of the other features in the flags section of Edge is the ability to enable “App Container Lockdown”. This is a security feature that Microsoft will use to sandbox processes in Windows to add an additional layer of security when venturing into darker corners of the web.
In other words, the new Edge browers will employ the same security features as the old Edge browser.
-
3 hours ago, Nono said:
Some "generic" rules like C:\Users\\AppData\app.exe works on majority of computer (note the empty folder to replace any users)
But some doesn't and need to enter the specific user account (eg. C:\Users\dummyUser\AppData\app.exe)
To begin with, Eset HIPS doesn't official support "\\" notation in a path name. If it works, it would only apply to the immediate path specified. In other words in your example for the C:\Users directory, but not for any subordinate directories specified within the C:\Users directory.
-
1 hour ago, j-gray said:
Forum attachments can only be read by Eset moderators. If that that doesn't suffice, upload logs to a file share of your choice and PM both the link to the logs on the file share service.
-
-
15 minutes ago, ENDSP1EL said:
Enabled the gmail check https://chrome.google.com/webstore/detail/google-mail-checker/mihcahmgecmbnbcchbopgniflfhgnkff and boom few logs already there
Interesting. That was my number one suspect initially.
-
My "two cents" observation in regards to PUA Chrome extensions and the like is Eset is excellent at detecting and eliminating then at attempted installation time.
If however they get installed through either lack of detection, user allowing the install, etc, then it's an entirely different matter removing them when subsequently later detected via Realtime scanning. Even Eset's own KB articles on the same indicate that manual removal of the extension/s is required.
-
Looks like I was right about my suspicions about getclicky.com: https://www.threatcrowd.org/domain.php?domain=getclicky.com
-
44 minutes ago, ENDSP1EL said:
Seems like after I disabled them ESET stopped showing any logs. Its been clear since 2.6.2019 so should I turn them on one by one now?
Yes, since it appears the alerts are being generated by one of those add-ons.
-
17 hours ago, chops said:
The alert was for JS/Agent.OCJ, coming from a user
My best guess at this point is the issue is on the user's end. Ask if he/she is from Peru. This Eset detection has so far been largely related to connections originating from that country.
Very possible is the user has DNS hijack issues, whatever. They try to connect to your site but are being redirected to a site containing Javascript that Eset detects as JS/Agent.OCJ.
As @Marcos just replied, we need a screen shot from the user's Eset Filtered Websites log that shows the URL/IP address associated with the alert.
-
1 hour ago, chops said:
The alert was for JS/Agent.OCJ, coming from a user. I
I disabled uBlock for your site and FireFox itself blocked getclicky.com. So my money is still on that as the source.
Find out what browse/app the person was using when he received the Eset alert.
Also, Eset might be throwing this detection in response to this issue: https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/
-
1 hour ago, chops said:
My site is hxxps://chops.com
I am not getting any Eset alerts for this web site using Firefox. I am however using uBlock Origin and it is blocking at least 7 things on your web site. This leads me to believe the issue might the ads, trackers, etc. being displayed/used on the site.
-EDIT-
Primary suspect is getclicky.com.
Other suspects are metrics.api.drift.com and event.api.drift.com.
And it goes w/o saying that google-analytics is being used.
-
1 hour ago, jonathanbrickman0000 said:
Our ESET management center is reporting many machines at several sites with JS/Spigot.B. How can we best use ESET Endpoint 7.0 or 7.1 to delete these extensions and also block them from ever being installed?
As far as preventing installation of malicious chrome extensions, they and add-on installations need to be managed via policy methods. Here's an article on how to do so: http://woshub.com/how-to-configure-google-chrome-via-group-policies/ .
As far as Eset goes, do you have for Real-time file system protection -> Detection Engine -> Scanner Options all the following enabled on the endpoints?
- Detection of potentially unwanted applications
- Detection of potentially unsafe applications
- Detection of suspicious applications
If the above are all enabled, you can set Real-time protection ThreatSense -> Parameters -> Cleaning level to "Strict clearing." Doing so will eliminate any PUA pop-ups from Eset on the endpoints requiring user action and automatically delete and quarantine the file.
runtnc issue
in Malware Finding and Cleaning
Posted · Edited by itman
You didn't get any Eset alerts when they were all disabled as you posted previously.
Personally, I would just use another browser. I for one am no big fan of anything Google produces.
-EDIT- Also believe its time you open an Eset support ticket on this issue.