-
Posts
12,182 -
Joined
-
Last visited
-
Days Won
319
Everything posted by itman
-
As far as this software goes, it's a PUA: https://forums.malwarebytes.com/topic/240472-removal-instructions-for-wipersoft/
-
EIS Scheduled Scan Logs Missing
itman replied to TomFace's topic in ESET Internet Security & ESET Smart Security Premium
Don't believe it's due to log entry volume, but you can look at your existing Eset scheduled log maintenance task and verifying that it is running probably. My best guess is the log file got corrupted somehow. Chalk it up to one of those "s*!t happens" Windows happenings. -
Referring to the first two postings in this thread, browser ad and JavaScript blocking extensions and the like would not have prevented this activity. It appears something was installed manually. It could have be standalone software. If it was then the following were applicable: 1. The software was installed prior to Eset being installed. 2. Eset's PUA protection was/is not enabled. 3. Eset's PUA detection was ignored and the poster allowed the software installation. Another possibility is the poster either explicitly or inadvertently installed a browser extension that contains the javacript code being detected.
-
Global virus fear prompts update for old Windows
itman replied to peteyt's topic in General Discussion
So is using Win 7 as far as I am concerned. -
Global virus fear prompts update for old Windows
itman replied to peteyt's topic in General Discussion
All Windows versions through Win 7 are affected. Also older Win Server OS versions. -
Global virus fear prompts update for old Windows
itman replied to peteyt's topic in General Discussion
Microsoft extended support for XP embedded versions just ended on 4/9/2019. I assume that was one factor. Also "in a blast from the past" when MS introduced Win 7, they offered a downgrade option from devices with Win 7 installed to XP for a limited time. This in effect extended XP support on those devices to the end-of-life date for Win 7; i.e. Jan., 2020. The requirement for this was: https://www.computerworld.com/article/2519032/microsoft-extends-windows-xp-downgrade-rights-until-2020.html So technically speaking, Win XP is still support abet in a limited scope. -
Realtime module not functional
itman replied to kamiran.asia's topic in ESET Products for Windows Servers
It is very possible that a recent Win Server OS update is causing this issue. This seems reasonable to me since as you stated, the problem manifested recently and is affecting multiple servers. You really need to contact Microsoft about the IMAGE_STATE _UNDEPLOYABLE issue. -
It probably detected this: https://helpdeskgeek.com/free-tools-review/why-you-shouldnt-download-ccleaner-for-windows-anymore/ As this article and others like it state, you shouldn't be using it in the first place.
-
SSL certificate authority issue (Firefox or ESET's issues or both?)
itman replied to cmit's topic in ESET Endpoint Products
Here's a Sophos posting where the OP was having SSL protocol scanning issues in an AD environment: https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/47035/certificate-warning-with-https-set-to-url-filtering-only#pi2353=1 . Since I am not knowledgeable when it comes to AD usage, what I gleaned from the postings was the issue had something to do with option to use AD certificates versus client certs. on Internet traffic. What is needed here is someone using EES in an AD environment to "chime in" here. -
EKRN.exe - Hourly Network Spam
itman replied to Elerias's topic in ESET Internet Security & ESET Smart Security Premium
Refer to Eset's default firewall rules. Assuming you have made no modifications to those by changing default services settings, Eset's firewall doesn't monitor multicast DNS UDP traffic at all. That is; protocol is UDP, port is 5353, and IP address is 224.0.0.251. What it does monitor is local-link multicast UDP traffic; i.e. IP address 224.0.0.252. Additionally, Eset's Web Filtering protection only monitors port 80/443 traffic as far as I am aware of. Therefore as I see it, Eset cannot be the cause of any external network slowdown activity that's routing its traffic via multicast DNS connection. -EDIT- Another "tibit" in regards to mDNS UDP port 5353 traffic is that its used as a backup DNS mechanism if Windows has difficulties connecting using normal port 53 UDP DNS. Of course this implies that Microsoft can use it for its nefarious telemetry activities in Win 10. Again, the hourly activity element is a dead giveaway of Win 10 telemetry activities. I observed it also until I started using O&O Shutup 10 to block most of Win 10 telemetry. -
Firewall Blocking My own Computer
itman replied to Potattoo's topic in ESET Internet Security & ESET Smart Security Premium
Refer to this article for further information: https://support.eset.com/kb6268/ . I use a Public profile and hence, this Eset feature is not applicable. As such, I can't help you with any questions in regards to it. Also this feature is for scanning one's router connections. If you don't use a router, this feature is non-applicable. -
Also as I again understand it on Win 10, an app with an expired cert. will be flagged by UAC: https://www.howtogeek.com/230063/how-to-circumvent-this-app-has-been-blocked-for-your-protection-to-install-apps-in-windows-10/
-
If its not countersigned, the cert. will show as expired as is my understanding.
-
I didn't realize the OP was referring to the cert. for the Eset Installer download. I don't have a downloaded copy of the current installer, but will show a screen shot of the Eset cert. use to sign ekrn.exe. As @Marcos posted, as long as the it shows that the cert. is valid on the download .exe, there is nothing to be concerned about:
-
Firewall Blocking My own Computer
itman replied to Potattoo's topic in ESET Internet Security & ESET Smart Security Premium
Appears you are using Eset's Home/Work Network profile. Open Eset's GUI and click on Tools. Next, click on Connected Home Monitor. This will display all devices connected within your local network and their associated names, statuses, and IP addresses. This should allow you to identify what devices are associated with IP addresses 192.168.0.1 and 192.168.0.2. -
Installation stuck at 0%
itman replied to stanislawa's topic in ESET Internet Security & ESET Smart Security Premium
Eset needs to connect to its servers during the installation procedure. My best guess to the network blocking activity was OpenVPN and/or possibly Tor. -
EKRN.exe - Hourly Network Spam
itman replied to Elerias's topic in ESET Internet Security & ESET Smart Security Premium
Appears to be his Amazon TV Fire stick dongle attached to one of the TV's HDMI ports. It is used to stream broadcast downloads. -
I will also add that Eset IDS has ARP poisoning/spoofing protection enabled by default. Perhaps your reference material is this: https://www.raymond.cc/blog/protect-your-computer-against-arp-poison-attack-netcut/ . To begin with, it's a two year old article referencing Eset Smart Security ver. 8. As far as a NetCut attack goes, the software has to installed within the local network. Assuming your PC is connected to a router if you disable Eset's "Allow response to ARP requests from outside the Trusted zone" IDS setting, Eset's Network Wizard will show "up the wazoo" blocked ARP requests originating from the router.
-
EKRN.exe - Hourly Network Spam
itman replied to Elerias's topic in ESET Internet Security & ESET Smart Security Premium
I will additionally add that for Win 10, hourly outbound mDNS traffic is most certainly Win telemetry traffic. And it is hidden tunnel traffic, so it won't show up in conventional network traffic monitors. Again, all ekrn.exe is doing is filtering this traffic and is not the cause of the traffic. -
Purchasing a new ESET Smart Security Premium key
itman replied to Ahmed Mahmoud Nasr's topic in General Discussion
The info for Eset's Middle East distributor is here: https://www.eset.com/me/about/contact/ . You can reinstall Eset using the license it was installed with on the same device as many times as you want. To install Eset using that license on another device, Eset must be uninstalled on the existing device using that license. -
EKRN.exe - Hourly Network Spam
itman replied to Elerias's topic in ESET Internet Security & ESET Smart Security Premium
The IP address in the screenshots associated with ekrn.exe is 224.0.0.251. That is, multicast DNS. Cisco has a good article on mDNS here: https://learningnetwork.cisco.com/thread/90038 . It is used by Apple software; primarily by iTunes. It appears to me all Eset via ekrn.exe is filtering is network traffic using mDNS as it should. Your primary concern is why such a large volume of network traffic is using mDNS. -
Installation stuck at 0%
itman replied to stanislawa's topic in ESET Internet Security & ESET Smart Security Premium
The only other thing I can think of is you have some malware on your PC that is preventing Eset from installing. You might want to create Eset SysRescue bootable media and run an off-line scan with it and see if it detects and removes any malware. Ref.: https://support.eset.com/kb3509/?locale=en_US&viewlocale=en_US -
Installation stuck at 0%
itman replied to stanislawa's topic in ESET Internet Security & ESET Smart Security Premium
Did you do this? https://support.eset.com/kb2885/?locale=en_US&viewlocale=en_US