itman
-
Posts
12,409 -
Joined
-
Last visited
-
Days Won
327
Posts posted by itman
-
-
Again, NordVPN has an option associated with the kill switch where you can specify what apps it applies to:
QuoteNordVPN helpfully provides a kill switch option in both its desktop software and its mobile apps. The desktop version, for Windows and Mac, can shut down applications which you specify if your VPN connection goes down. The mobile version for Android and iOS disables internet access across the system if the VPN connection goes down, meaning that apps won’t be shut down but they won’t be able to communicate across the unsecured internet.
To enable the kill switch on the desktop software, open it up and click on Settings at the top, and then to General on the left. This will show you a number of options, including the Kill Switch slider. You can toggle the slider to turn the kill switch on and off. And below the slider you can add applications which should be terminated in the case of VPN disconnection – such as your web browser and your torrent client.
-
This just started today. All I see is myself?
-
6 hours ago, m.gospodinov said:
p.s. Just curious, what does it do?
The Eset ELAM driver is Eset's version of the default ELAM driver used by Windows Defender in Win 10. The acronym stands for "Early Launch Anti-malware."
It's purpose it to load itself prior to any non-device kernel mode drivers loading so that it can inspect any malicious activities originating from those app drivers. Once boot and driver load processing is completed, the ELAM driver auto unloads itself since it is no longer needed. Hence the reason why the service associated with the driver always shows a stopped status.
Also as far as I am aware of,
the Server 2012 OS does notuse the ELAM driver; only Win 10and possibly the latest Server OS vers..Therefore, it should always remain in the stopped status as far as its applicable service status is concerned. Note: the ELAM driver interfaces with an OS kernel component. As far as I am aware of, that component is only present on Win 10 and again, possibly the latest Win Server OS release.-EDIT- Correction. ELAM driver is indeed used on WIN 8 and Server 2012. Ref.: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
Here's an article with a detailed explanation on how the ELAM driver works: https://blogs.technet.microsoft.com/dubaisec/2016/05/09/elam-driver/
-
43 minutes ago, zamar27 said:
Eset Firewall will block all non-VPN traffic on a physical network adapter, if a user added Deny Any Traffic rule in Firewall Advanced Rules for the Firewall Profile assigned to that adapter (connection), regardless whether alternative VPN connection (mini-port or virtual adapter) is enabled and active or not.
Correct.
The problem is what about necessary periodic Windows OS network communication? For example, auto checking for Windows Updates, Win Store and System packaged updates on Win 10, etc., etc.. Appears that you still might be using Win 7. Win 10 is extremely "chatty" when it comes to Internet activity.
-
Getting back to the original Eset alert elapsed time display, I couldn't find a user manual on the web for ver. 7 Smart Security. But I did find one for ver. 8 which I assume is the same in regards to alert elapsed time display:
Quote4.7.2 Alerts and notifications
The Alerts and notifications section under User interface allows you to configure how threat alerts and system notifications (e.g. successful update messages) are handled by ESET Smart Security. You can also set display time and the level of transparency of system tray notifications ( applies only to the systems supporting system tray notifications).
Deselect the check box next to Display alerts to cancel all alert windows. This is only suitable in certain situations. For most users we recommend that this option be left enabled (default).
Notifications on the Desktop are informative only, and do not require or offer user interaction. They are displayed in the notification area at the bottom right corner of the screen. To activate Desktop notifications, select Display notifications on desktop . More detailed options such as notification display time and window transparency can be modified by clicking Configure notifications. To preview the behavior of notifications, click Preview. To suppress notifications when running a full-screen application, select Do not display notifications when running applications in full-screen mode. Close message boxes automatically after (sec.).
To close pop-up windows automatically after a certain period of time, select If they are not closed manually, alert windows are automatically closed after the specified time period elapses.
Click Advanced setup to access additional Alerts and notification setup options.
https://download.eset.com/manuals/eset_ess_8_userguide_enu.pdf
Note the setting highlighted in red. In the "Configure notifications" section should be a setting which alert display time can be increased in value.
Alternatively, you can just uncheck the option highlighted in blue which will keep alerts displayed until they are manually closed.
-
-
Getting back to the default Windows client VPN connection. Microsoft created this as a simply means to establish a point-to-point tunnel connection to an external network; namely your employer's network for example.
The public VPN services all use their own VPN client. This is most likely the installation of a mini-port filter driver for the existing device network connection. Use of such a driver gives the capability for example to block all traffic from the network adapter that is not VPN related.
-
-
8 hours ago, zamar27 said:
It doesn't seem to be the case. Here's the suggestion I found on How to ensure VPN Only traffic:
"set up a Public network for VPN network connection (adapter), and block everything through the Firewall sent on Home and Office networks".I suggest you experiment with your own custom configurations since you seem somewhat knowledgeable in this area.
Note that by default, Eset firewall rules are global in scope depending on which of the three default profiles are active; Public, Home or office, or use Windows setting.
Using the Public profile on the VPN network connection will activate proper defaut Eset firewall rules for that network connection only. If the Eset profile for your PC NIC adapter is set to Home or Office profile, Eset firewall will apply appropriate default firewall rules for that network connection. The main point to realize is that Eset's firewall will not block a non-VPN connection on another network adapter connection when the VPN connection is disabled.
-
To begin with, I assume most Eset home users are not using the Win built-in VPN client such as this set-up guide for Win 10 here shows: https://support.microsoft.com/en-us/help/20510/windows-10-connect-to-vpn . Most are using one of the publicly available VPN providers such as NordVPN. As their setup guide for Win 7 shows, all the features you desire such as app and Internet kill switch capability etc. are built into their app: https://nordvpn.com/tutorials/windows-7/application/ . It is outside the scope of the Eset firewall to provide these features or such like capability. If you wish such capability, you should use one of the public VPN service providers.
As far as configuring the Eset firewall for a public VPN provider connection, here's a good tutorial: https://windowsreport.com/fix-vpn-blocked-eset/ . I recommend using the Eset Network wizard which will automatically create the proper firewall rules for the VPN connection.
-
2 hours ago, TomFace said:
Having never heard of Quick Heal Total Security
It's Indian based security software: https://en.wikipedia.org/wiki/Quick_Heal .
-
In my case, the NIC resetting appears to be related to two JMicron SATA controllers on my motherboard. One of them starts in a constant reset loop which eventually migrates to the NIC which starts the same reset behavior as posted. I recently moved the only thing I have on one on the JMicron SATA controllers, a SATA NEC DVD drive to my main AMD SATA controller to see if this will stop this behavior.
Again this behavior is very infrequent and have no evidence to show it's Eset related or to anything else for that matter.
-
What browser are you using? If it is Chrome or Firefox, manually verify if the Eset root CA certificate is stored in the browser's root CA certificate store.
-
23 minutes ago, Cookie Monster said:
I can also duplicate the behavior by trying to login to Office365 - click on login, enter credentials, the system tries to validate against our local federated server and then kicks the login back out as if it never happened.
Have you checked the server logs as to why the validation is failing?
-
As best as I can determine, the website block is being generated from Quick Heal Total Security. Based on the screen shot you posted, it appears you don't even have Eset installed? Perhaps you posted here by mistake?
-
Did you reinstall all your app software after you reinstalled the OS?
-
My NIC on my Win 10 x(64) 1809 build "flakes off" approx. every 30 days or so; sometimes less than that. Been going on for some months. No reason I can find for the behavior although it usually occurs at first boot of the day after PC was powered down overnight but again, this is not always the case.
I did reinstall the NIC driver yesterday after it stated a new driver was available. Funny thing is it just installed the same driver but event log stated it didn't like something about the associated oemxx.inf but indicated the driver installed successfully.
My own opinion is that Microsoft is so screwed up these days support-wise, they even don't know what is going on anymore.
-
1 hour ago, steve.potter said:
even if I go to the workstation and open an administrative command prompt I get the same error
Did you sign on to the workstation with your administrator credentials?
-
11 hours ago, jetspeedz said:
Looking at all the logs I don't even see where it shows up, I don't believe you can view any of the logs in the GUI that will display all the FW and HIPS alerts.
The problem is that if you don't respond to the alert, the default action is allow. Allowed actions are not logged by default. So it appears you're in a "catch-22" situation until it can be determined what is causing the short alert interval display.
11 hours ago, jetspeedz said:I have smart security 7.x
Support for Smart Security ver. 7 ended 12/2017. You need to upgrade to the latest ver. of Internet Security or Smart Security which includes a few additional features such as password manager.
-
I assume the popup issue has not reappeared since the Win 10 reinstall?
Also previously did you override an Eset PUA alert and proceed with the installation? Did you verify that Eset protections for PUA and suspicious applications are enabled? See below screen shot:
-
5 hours ago, Marcos said:
Have you repeatedly verified that the issue occurs after modules from the pre-release channel are installed and goes away after going back to modules from the regular release update channel?
I'll report back if I have an issue with module updating on regular updating. Such has not been the case in the past.
Also after upgrading to ver. 12.1.34, I received a successful module update while on regular updates and prior to switching to pre-release updating. So again as far as I am concerned, the issue lies with pre-release updating.
-
Win 10 Home x(64) 1809, EIS 12.1.34 Pre-release.
Yesterday morning, my network connection went down and eventually entire PC locked up. Reboot resolved the issue. EIS module update was going on at that time and just thought that was coincidental.
This morning same thing happened and again Eset module updating was in process and running for a long time. When I manually cancelled the module update, my network connection was immediately restored. So it is fair to assume Eset module updating is the issue.
Going back to regular Eset updating.
-EDIT- Modules successfully updated in regular update mode. Verification that problem is w/pre-release updating.
Forgot to post the screen shot I took when pre-release updating was in process:
-
In the Eset GUI, Advanced Setup -> Malware Scans section, check under Idle-State Scan section and verify that " Enable Idle-state scanning" option is not check marked. Note that the default ThreatSense setting for this option is to scan archives.
-
2 hours ago, ENDSP1EL said:
used this function so I could like start with brand new Windows but with my files so im not sure
I assume you are running Win 10. If you did the "Reset option," all your user account files would have been retained but you would have had to reinstall all your apps. If you did a "Repair option," both your apps and files would have been retained.
I assume you did a "Reset" and then reinstalled your apps?
What is wrong with maxsecureantivirus?
in ESET Internet Security & ESET Smart Security Premium
Posted · Edited by itman
Eset's detection is correct.
Did initial scan at URLVoid.com. That yielded Dr. Web detecting it as malicious. Viewed Quttera's analysis there and it showed a possible malicious status. So scanned the site at Quttera's web site which yielded the following:
https://quttera.com/detailed_report/maxsecureantivirus.com