-
Posts
12,231 -
Joined
-
Last visited
-
Days Won
322
Posts posted by itman
-
-
3 hours ago, stanislawa said:
I still wonder what blocked and why installation isn't constructed to throw away what's wrong
Eset needs to connect to its servers during the installation procedure. My best guess to the network blocking activity was OpenVPN and/or possibly Tor.
-
4 hours ago, Marcos said:
What device is 192.168.0.212? There are many repetitive MDNS queries for "amazon-399dfd5f2.local", what is that?
Appears to be his Amazon TV Fire stick dongle attached to one of the TV's HDMI ports. It is used to stream broadcast downloads.
-
I will also add that Eset IDS has ARP poisoning/spoofing protection enabled by default.
Perhaps your reference material is this: https://www.raymond.cc/blog/protect-your-computer-against-arp-poison-attack-netcut/ . To begin with, it's a two year old article referencing Eset Smart Security ver. 8. As far as a NetCut attack goes, the software has to installed within the local network.
Assuming your PC is connected to a router if you disable Eset's "Allow response to ARP requests from outside the Trusted zone" IDS setting, Eset's Network Wizard will show "up the wazoo" blocked ARP requests originating from the router.
-
Unless there is some issue, all Intrusion Detection settings should be left at their default values.
-
I will additionally add that for Win 10, hourly outbound mDNS traffic is most certainly Win telemetry traffic. And it is hidden tunnel traffic, so it won't show up in conventional network traffic monitors.
Again, all ekrn.exe is doing is filtering this traffic and is not the cause of the traffic.
-
1 hour ago, Ahmed Mahmoud Nasr said:
I need to ask if I have a local distributor in Egypt or the key will be sent to my mail in case of purchasing .
The info for Eset's Middle East distributor is here: https://www.eset.com/me/about/contact/ .
1 hour ago, Ahmed Mahmoud Nasr said:second, in case of installing a new version of Microsoft windows on my laptop , can i use my existed purchased license again after setup ESET Smart security Premium
You can reinstall Eset using the license it was installed with on the same device as many times as you want. To install Eset using that license on another device, Eset must be uninstalled on the existing device using that license.
-
The IP address in the screenshots associated with ekrn.exe is 224.0.0.251. That is, multicast DNS. Cisco has a good article on mDNS here: https://learningnetwork.cisco.com/thread/90038 . It is used by Apple software; primarily by iTunes.
It appears to me all Eset via ekrn.exe is filtering is network traffic using mDNS as it should. Your primary concern is why such a large volume of network traffic is using mDNS.
-
The only other thing I can think of is you have some malware on your PC that is preventing Eset from installing. You might want to create Eset SysRescue bootable media and run an off-line scan with it and see if it detects and removes any malware.
Ref.: https://support.eset.com/kb3509/?locale=en_US&viewlocale=en_US
-
Did you do this?
QuoteAlways create a new folder for an installation package and Save or move the installer to this folder before running it.
https://support.eset.com/kb2885/?locale=en_US&viewlocale=en_US
-
29 minutes ago, Rami said:
I could see by testing installing of CCleaner , that HIPS does prompt for action to allow or block.
You sure those were from the HIPS and not PUA detections from Realtime scanning? See if there are any HIPS log entries. Believe only blocked activity would be logged. If there are HIPS log entries, post a couple of them. Would like to see what Eset HIPS detected.
-
3 hours ago, Pentode said:
I would have had no idea since I couldn't get to see the certificate.... at least I don't think I could, so this means I'll have to 'stick it' or review some other browser.
As far as not being able to access the web site in either Win XP or Win 7 in IE11, the following comments.
Win XP has not been supported by Microsoft for some time. As such, we can assume that its Windows root CA store certificates likewise haven't been updated. Hence, the certificate errors reported trying to access the web site.
As far as Win 7 goes, have you been performing regular Win Updating on the device? Even if you were, I always had issues with my Windows root CA store certificates being updated properly on Win 7. Hence again, a possible reason for the certificate errors reported trying to access the web site.
-
I would start by running Eset's AV Remover tool: https://support.eset.com/kb3527/ to verify that no other AV products are installed and to remove them. If this tool can't remove them, then you will have to do so manually. Reboot your PC.
Now try to install Eset Smart Security again. If it again hangs during the installation or doesn't install successfully, then do the following.
Download and run Eset Installation Fixer: https://support.eset.com/kb3544/?locale=en_US&viewlocale=en_US . Reboot. Now try to install Eset Smart Security again.
-
Yikes! Comodo, aka UserTrust, is now Sertigo: https://sectigo.com/blog/sectigo-begins-issuing-certificates-on-new-sectigo-branded-root .
Appears to me that Mozilla hasn't gotten around to updating FireFox's Authorities CA store as it should have. This is one reason why I still use IE11 as my browser.
-EDIT- IE11 uses the root CA store certificate "friendly name" for the issuer in its Certificate Hierarchy display. The root cert. was actually issued by USERTrust and is the same one stored in FireFox's Authorities CA store.
-
It also appears to me that FireFox is showing the incorrect certificate hierarchy for this web site. That's not surprising given the recent mess Mozilla created by letting their own certificate expire. Anyway, below is a screen shot of IE's certificate hierarchy for this web site. Note that the Sectigo RSA Intermediate root certificate chains to a different root CA store certificate. Note that IE11 uses the Windows root CA certificate store.
-
3 hours ago, Johuan said:
i saw that the sha256 certificate had an expire date of 06 May of 2019.
That is a bit odd. Mine has an expiration date of 12/12/2028.
-
Per FireFox trouble shooting FAQ:
QuoteThe error occurs on one particular site only
In case you get this problem on one particular site only, this type of error generally indicates that the web server is not configured properly.
Missing intermediate certificate
On a site with a missing intermediate certificate you will see the following error description after you click on Advanced on the error page:
The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.The website's certificate might not have been issued by a trusted certificate authority itself and no complete certificate chain to a trusted authority was provided either (a so-called "intermediate certificate" is missing).
You can test if a site is properly configured by entering a website's address into a third-party tool like SSL Labs' test page. If it is returning the result "Chain issues: Incomplete", a proper intermediate certificate is missing. You should contact the owner of the website you're having troubles accessing to inform them of that problem.
https://support.mozilla.org/en-US/kb/error-codes-secure-websites
Now refer to the below screen shot. It appears to me your FireFox's Authorities certificate store doesn't contain the proper certificate chain relationship; i.e. Certificate Hierarchy, for this web site. Like @Marcos posted previously, upgrade to the latest version of FireFox. I strongly suspect by doing so, this problem will be resolved.
-
36 minutes ago, Marcos said:
website https://www.wires.co.uk/, it uses an EV certificate
Same here. No problem accessing it in IE11 or FireFox on Win 10. Did notice the site uses a flakey Comodo multi-domain EV certificate. If the browser is Chrome, maybe the multi-domain thing is what it is objecting to.
-
13 minutes ago, TomFace said:
I will review file size after todays scan.
Clear out the Computer scan log and see if that helps. Beginning to believe your issue deals with some type of Eset log file corruption. Are entries being created in other log files such as the Event log?
-
DISM might or might not fix the Image State issue on the server. You will have to research this on your own since it is out of the scope of this forum. Here is one among many TechNet postings on the subject:
QuoteResearching the error and looking at CBS.log pointed me to CBS store corruption so I ran sfc /scannow and that came back clean. I then ran dism /online /scanhealth and it said that there was repairable damage.
-
12 hours ago, zamar27 said:
I don't think you read it right: 64К Private Bytes / 160K Working Set.
If your referring to my posting, "ekrn.exe is back to using 57K memory versus the 90K+ memory," both references were for private bytes per Process Explorer display.
-
12 hours ago, COStark26 said:
Not crucial but may as well clarify my post ...
I have no tab set up for B&PP in FireFox.
Note that my bank's URL has already been added to Eset's B&PP Protected Web sites list. When I enter the Bank's URL in FF's search window, below is a screen shot of what is shown. Also today, the little tab noting "Secured by Eset" on top of the green barred web page is missing again. For all practical purposes, B&PP in FF works identical to IE11 for me.
-
6 hours ago, kamiran.asia said:
After 1 Hour again problem accrued, We manually change "state" to complete but still ESET Real Time is not functional even after Restart ,
Note the following:
QuoteIMAGE_STATE _UNDEPLOYABLE
This is the default state for an image in a given phase of Windows Setup that is not yet complete. If a process queries the IMAGE_STATE value and IMG_UNDEPLOYABLE is returned, the image is in one of the following states:
-
Setup is currently running and has not fully completed the phase. Once a given phase is complete, the IMAGE_STATE will be set to an appropriate completion value.
-
If queried online when Setup is not running, there was a failure when completing a Setup phase. This image must be reinstalled.
- If queried offline, the image did not finish a phase and will never be deployable.
Next, what IMAGE_STATE_COMPLETE really means. Did you run sysprep prior to the image being deployed to the server?
QuoteThis image is not deployable to a computer that has a different hardware configuration because it is now hardware-dependent. To deploy this image to a computer that has a different hardware configuration, you must run sysprep /generalize.
-
Setup is currently running and has not fully completed the phase. Once a given phase is complete, the IMAGE_STATE will be set to an appropriate completion value.
-
One possibility here is that Password Manager is not supported in trial versions.
I couldn't find any info of this but it seems logically to me. I believe the PM is actually a third party product and is installed as such during the paid Eset installation phase. For trial versions, it is probably installed when a valid license key is entered.
-
2 hours ago, COStark26 said:
IE 11 does Not Show a Tab for the BPP site - but FF does - and the Tab Page is mostly Green with white "You're in BPP" indicated & not much more. IE 11 appeared to show a green page for half a second but it disappeared. Have never known any other behavior with FF.
Strange. Opened FF today and green border appeared. So guess that problem got resolved.
Don't know what you mean by "Tab Page is mostly Green with white "You're in BPP" indicated." If your referring to the top tab as shown in my below IE11 B&PP web page screen shot showing "Secured by Eset",
that did not show in FF. -EDIT- It showed. I just had to reposition the web page window slightly. Also as the screen shot shows, no issues w/B&PP in IE11:
Firewall Blocking My own Computer
in ESET Internet Security & ESET Smart Security Premium
Posted · Edited by itman
Appears you are using Eset's Home/Work Network profile.
Open Eset's GUI and click on Tools. Next, click on Connected Home Monitor. This will display all devices connected within your local network and their associated names, statuses, and IP addresses. This should allow you to identify what devices are associated with IP addresses 192.168.0.1 and 192.168.0.2.