itman
-
Posts
12,186 -
Joined
-
Last visited
-
Days Won
320
Posts posted by itman
-
-
5 minutes ago, Masamunnex said:
What’s nefarious
Quote -
Tackled this another way.
Eset Filtered Web Site log equates us.cssvsync.com to IP address, 88.214.193.110. Using that IP address for a Robtex lookup yields:
A server located in the U.K.
Next entered the same IP address into IPVoid which yielded:
All this indicates that any DNS server routing to us.cssvsync.com FQDN is most likely nefarious.
-
As best as I can determine, us.cssvsync.com is not a publicly routed domain name. In other words, it does not resolve DNS-wise to anything I have tried. So there is no way to verify what Eset is detecting.
-
11 minutes ago, Masamunnex said:
I don’t use Adblock tho
Assumed is the web site you are viewing the utube video on is trying to redirect you to us.cssvsync.com.
Try playing a utube video from another web site and see if the same Eset alert is displayed. If no alert is displayed, the problem is the web site where you attempted to play the first utube video.
-
I wonder if this is related to your manually disabling Windows Defender. Note that Eset at installation time normally disables WD. You didn't mention what Win OS ver. you are using, but adhering to correct installation procedure would be most critical on Win 10 due to the Windows Security Center interface factor.
What you might try to do is uninstall Eset EAV. Reboot. Reverse what you did to disable WD and ensure it is fully functional. Reboot. Then reinstall EAV. Verify that WD has been disabled and Windows recognizes EAV as the only realtime AV active. Finally, verify that Eset is fully functional.
-
Refer to this recent thread in regards to the same issue with that URL: https://forum.eset.com/topic/19450-reddit-site-block/ .
In this case, OP determined the blocking was related to AdBlock activity.
-
I guess the forum went "incognito" mode?
-
Appears /private/var/vm is used as some type of virtual memory swap disk on MacIntosh's:
QuoteA swapfile is when your computer is running low on memory and it starts storing things on Disk (part of virtual memory). Normally, on Mac OS X, it is located in /private/var/vm/swapfile(#). Swapfiles are also used when you put your computer to sleep (where the contents of your RAM are stored on disk, so if the power runs out, you don't lose your data)
This is a normal part of a Mac and it is not a good idea as it will cause problems with virtual memory. Also, it can not be opened in TextEdit as it will just show gibberish.
-Chiragroop
https://www.bleepingcomputer.com/forums/t/682395/what-is-the-purpose-of-this-vm-folder/
Remember that Google search is "your best friend" on questions like this.
-
Eset's detection is correct.
Did initial scan at URLVoid.com. That yielded Dr. Web detecting it as malicious. Viewed Quttera's analysis there and it showed a possible malicious status. So scanned the site at Quttera's web site which yielded the following:
-
Again, NordVPN has an option associated with the kill switch where you can specify what apps it applies to:
QuoteNordVPN helpfully provides a kill switch option in both its desktop software and its mobile apps. The desktop version, for Windows and Mac, can shut down applications which you specify if your VPN connection goes down. The mobile version for Android and iOS disables internet access across the system if the VPN connection goes down, meaning that apps won’t be shut down but they won’t be able to communicate across the unsecured internet.
To enable the kill switch on the desktop software, open it up and click on Settings at the top, and then to General on the left. This will show you a number of options, including the Kill Switch slider. You can toggle the slider to turn the kill switch on and off. And below the slider you can add applications which should be terminated in the case of VPN disconnection – such as your web browser and your torrent client.
-
This just started today. All I see is myself?
-
6 hours ago, m.gospodinov said:
p.s. Just curious, what does it do?
The Eset ELAM driver is Eset's version of the default ELAM driver used by Windows Defender in Win 10. The acronym stands for "Early Launch Anti-malware."
It's purpose it to load itself prior to any non-device kernel mode drivers loading so that it can inspect any malicious activities originating from those app drivers. Once boot and driver load processing is completed, the ELAM driver auto unloads itself since it is no longer needed. Hence the reason why the service associated with the driver always shows a stopped status.
Also as far as I am aware of,
the Server 2012 OS does notuse the ELAM driver; only Win 10and possibly the latest Server OS vers..Therefore, it should always remain in the stopped status as far as its applicable service status is concerned. Note: the ELAM driver interfaces with an OS kernel component. As far as I am aware of, that component is only present on Win 10 and again, possibly the latest Win Server OS release.-EDIT- Correction. ELAM driver is indeed used on WIN 8 and Server 2012. Ref.: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
Here's an article with a detailed explanation on how the ELAM driver works: https://blogs.technet.microsoft.com/dubaisec/2016/05/09/elam-driver/
-
43 minutes ago, zamar27 said:
Eset Firewall will block all non-VPN traffic on a physical network adapter, if a user added Deny Any Traffic rule in Firewall Advanced Rules for the Firewall Profile assigned to that adapter (connection), regardless whether alternative VPN connection (mini-port or virtual adapter) is enabled and active or not.
Correct.
The problem is what about necessary periodic Windows OS network communication? For example, auto checking for Windows Updates, Win Store and System packaged updates on Win 10, etc., etc.. Appears that you still might be using Win 7. Win 10 is extremely "chatty" when it comes to Internet activity.
-
Getting back to the original Eset alert elapsed time display, I couldn't find a user manual on the web for ver. 7 Smart Security. But I did find one for ver. 8 which I assume is the same in regards to alert elapsed time display:
Quote4.7.2 Alerts and notifications
The Alerts and notifications section under User interface allows you to configure how threat alerts and system notifications (e.g. successful update messages) are handled by ESET Smart Security. You can also set display time and the level of transparency of system tray notifications ( applies only to the systems supporting system tray notifications).
Deselect the check box next to Display alerts to cancel all alert windows. This is only suitable in certain situations. For most users we recommend that this option be left enabled (default).
Notifications on the Desktop are informative only, and do not require or offer user interaction. They are displayed in the notification area at the bottom right corner of the screen. To activate Desktop notifications, select Display notifications on desktop . More detailed options such as notification display time and window transparency can be modified by clicking Configure notifications. To preview the behavior of notifications, click Preview. To suppress notifications when running a full-screen application, select Do not display notifications when running applications in full-screen mode. Close message boxes automatically after (sec.).
To close pop-up windows automatically after a certain period of time, select If they are not closed manually, alert windows are automatically closed after the specified time period elapses.
Click Advanced setup to access additional Alerts and notification setup options.
https://download.eset.com/manuals/eset_ess_8_userguide_enu.pdf
Note the setting highlighted in red. In the "Configure notifications" section should be a setting which alert display time can be increased in value.
Alternatively, you can just uncheck the option highlighted in blue which will keep alerts displayed until they are manually closed.
-
-
Getting back to the default Windows client VPN connection. Microsoft created this as a simply means to establish a point-to-point tunnel connection to an external network; namely your employer's network for example.
The public VPN services all use their own VPN client. This is most likely the installation of a mini-port filter driver for the existing device network connection. Use of such a driver gives the capability for example to block all traffic from the network adapter that is not VPN related.
-
-
8 hours ago, zamar27 said:
It doesn't seem to be the case. Here's the suggestion I found on How to ensure VPN Only traffic:
"set up a Public network for VPN network connection (adapter), and block everything through the Firewall sent on Home and Office networks".I suggest you experiment with your own custom configurations since you seem somewhat knowledgeable in this area.
Note that by default, Eset firewall rules are global in scope depending on which of the three default profiles are active; Public, Home or office, or use Windows setting.
Using the Public profile on the VPN network connection will activate proper defaut Eset firewall rules for that network connection only. If the Eset profile for your PC NIC adapter is set to Home or Office profile, Eset firewall will apply appropriate default firewall rules for that network connection. The main point to realize is that Eset's firewall will not block a non-VPN connection on another network adapter connection when the VPN connection is disabled.
-
To begin with, I assume most Eset home users are not using the Win built-in VPN client such as this set-up guide for Win 10 here shows: https://support.microsoft.com/en-us/help/20510/windows-10-connect-to-vpn . Most are using one of the publicly available VPN providers such as NordVPN. As their setup guide for Win 7 shows, all the features you desire such as app and Internet kill switch capability etc. are built into their app: https://nordvpn.com/tutorials/windows-7/application/ . It is outside the scope of the Eset firewall to provide these features or such like capability. If you wish such capability, you should use one of the public VPN service providers.
As far as configuring the Eset firewall for a public VPN provider connection, here's a good tutorial: https://windowsreport.com/fix-vpn-blocked-eset/ . I recommend using the Eset Network wizard which will automatically create the proper firewall rules for the VPN connection.
-
2 hours ago, TomFace said:
Having never heard of Quick Heal Total Security
It's Indian based security software: https://en.wikipedia.org/wiki/Quick_Heal .
-
In my case, the NIC resetting appears to be related to two JMicron SATA controllers on my motherboard. One of them starts in a constant reset loop which eventually migrates to the NIC which starts the same reset behavior as posted. I recently moved the only thing I have on one on the JMicron SATA controllers, a SATA NEC DVD drive to my main AMD SATA controller to see if this will stop this behavior.
Again this behavior is very infrequent and have no evidence to show it's Eset related or to anything else for that matter.
-
What browser are you using? If it is Chrome or Firefox, manually verify if the Eset root CA certificate is stored in the browser's root CA certificate store.
-
23 minutes ago, Cookie Monster said:
I can also duplicate the behavior by trying to login to Office365 - click on login, enter credentials, the system tries to validate against our local federated server and then kicks the login back out as if it never happened.
Have you checked the server logs as to why the validation is failing?
-
As best as I can determine, the website block is being generated from Quick Heal Total Security. Based on the screen shot you posted, it appears you don't even have Eset installed? Perhaps you posted here by mistake?
Weird site blocked
in Malware Finding and Cleaning
Posted
I just played a couple of uTube videos using IE11that were accessed via Google search lookup. No alerts from Eset whatsoever.
It appears the problem is related to neither of these sources directly. But rather, by whatever web site being accessed by users to then access uTube that is causing the Eset alert.