-
Posts
12,207 -
Joined
-
Last visited
-
Days Won
321
Everything posted by itman
-
File exists on my Win 10 1809 build and just performed an Eset Context scan on it and it came up clean. Eset detection appears to relate to ransomware origins. Definitely a strange location for malware to be located in that I would think that Win directory can only be accessed via some type of Win Update installation. Submit file to Virus Total for a scan and see what is detected.
-
HTTPS Pixel-serv Adblocking Browser Cert Triggers Eset on Every Ad
itman replied to tzuzut's topic in ESET Endpoint Products
Try setting the Scan action to "Ignore" in the Eset Edit certificate screen. -
Another example of your predisposition of making a "mountain out of a molehill." Marcos's prior posting: I assume he was referring to the AV labs who test for this: https://www.eset.com/int/about/newsroom/press-releases/announcements/eset-validated-in-third-party-performance-tests-takes-gold/
-
It should also be noted that ransomware developers in an apparent attempt to maximize their monetary returns are indeed sending e-mail's as noted in this recent article: https://www.bleepingcomputer.com/news/security/ransomware-pretends-to-be-proton-security-team-securing-data-from-hackers/ . It appears the attacker has gained enough information to known the target's e-mail/VPN provider in these cases. These e-mail's are just an attempt to extort more money from the victim. Assumed after a response with the payment forwarded, the attacker will demand additional money to provided a decryption key. Or as has been previously documented, no decryption key. Bottom line - if your files have not been encrypted, any e-mail received in this regard is a scam one. If your files have been encrypted, do not forward any money in response to one of these e-mails.
-
References to Eset's malware detection performance keep popping up in the forum in the form of u-Tube video tests. I came across an article on the A-V Comparatives web site that pretty much "nails it" in that these videos should be taken "with a grain of salt." A-V Comparatives was also generous in this article by not referring to what I have seen done in some of them; editing the video to delete segments where the poster purposely modified the malware sample to avoid initial detection by whatever product they were testing. Anyway, the article is "worth a read." https://www.av-comparatives.org/spotlight-on-security-why-do-av-products-score-so-highly-in-professional-tests/#more-26676
-
unable to open ANZ in firefox or BBP
itman replied to formatc's topic in ESET Internet Security & ESET Smart Security Premium
Are you saying that with anz.com set to secure browser mode, the site will not open in BPP mode? Now that is strange. What I would try is deleting anz.com from Protected websites. Now see if will open automatically in BPP mode from any browser. It did so for me in IE11 as shown previously. Also pay attention to the options shown in the BPP browser screen. The default setting is to remember your selection to always open the site in BPP mode. I just tested this and using the default value of remember. Eset did subsequently open anz.com in BPP mode from IE11. Also make sure you don't have multiple entries for anz.com listed under Protected websites with conflicting browser modes set. BTW - it appears what caused all this is Eset does not have anz.com added to is built-in whitelist of banking web sites. What I am surprised about is that Eset even prompted for BPP mode option on first access to the web site. In the past it would just open a bank site in normal browser mode in this situation. -
unable to open ANZ in firefox or BBP
itman replied to formatc's topic in ESET Internet Security & ESET Smart Security Premium
There is another remote possibility why this is occuring since you stated the following: Open the Eset GUI. Select -> Setup -> Internet Protection. Click on gear symbol for Web Access Protection. Refer to the below screen shot for navigation and verify that anz.com in any form is not listed in the website column with normal browser selected. -
unable to open ANZ in firefox or BBP
itman replied to formatc's topic in ESET Internet Security & ESET Smart Security Premium
Have you tried opening up Eset BP&P manually using its desktop icon and entering https://www.anz.com ? -
I am located in the U.S. - Midwest and having no problems with updates on EIS v12.0.31.0. Last update was at 11:26 AM to sig. ver. 18951.
-
Ransomware or Exploits - Which Are More Likely To Attack You?
itman replied to itman's topic in General Discussion
https://documents.trendmicro.com/assets/rpt/rpt-unraveling-the-tangle-of-old-and-new-threats.pdf Noted in the 2018 malware incident report is 80% of detected malware arrives via e-mail. As such, that is where one's security protection concerns need to be directed. Also patch, patch, and patch some more. -
unable to open ANZ in firefox or BBP
itman replied to formatc's topic in ESET Internet Security & ESET Smart Security Premium
Like @Marcos demonstrated, I am posting a screen shot below taken from IE11 using BP&P. Did you reboot your PC after installing Eset IS? -EDIT- Also if you have Win 10 installed and "Fast startup" enabled, manually restart your PC. -
Here's an article on the three primary types: IP, ARP, and DNS: https://www.veracode.com/security/spoofing-attack . Eset's IDS packet inspection feature will detect a number of these attacks; primarily IP(DoS) and ARP. Some additional spoofing attacks are noted here: https://en.wikipedia.org/wiki/Spoofing_attack; e.g. e-mail spoofing.
-
Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. -EDIT- If the ransomware is GlobeImposter 2.0, unfortunately there is no decrypter available for the latest versions: https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/?p=4670689 . Also you can request assistance from bleepingcomputer.com in that forum subsection on ransomware.
-
I have no clue as to what that shown popup is about. It doesn't look legit to me since it's referring to a file but the data shown indicates a web site. Since it appears you reside in the UK, I would go here: https://www.eset.com/uk/#content-existing-customer to renew your license. Before you do that, verify that your license is indeed close to its expiration date.
-
Unfortunately, I would estimate that there are thousands of web sites that fall into this category; temporarily hacked. Many have site intrusion mechanisms in place that can alert to site modification activities. Corrective action is usually taken promptly; a few hours at most. Assume many site support personnel are not available 7/24. So weekend corrections might take a bit longer.
-
I really don't understand the concern here: Are you stating that the phone numbers that are posted on the site are bogus off-shore high connection cost ones or something along this line? The only scan engine on URLVoid that detects something malicious for the IP address, 104.28.29.27, associated with elliott.org is scumware.org. It's detection dates back to 2016 when it was a http web site: 2016-10-21 19:24:26 http://elliott.org/blog/the-issue-has-been-resolve d/ FDEF2FD0C203BC524DFB575D6EBA28E9 104.28.29.27 US JS/TrojanDownloader.FakejQuery.D trojan
-
Constant ICMP Protocol Blocks
itman replied to JuWaJo's topic in ESET Internet Security & ESET Smart Security Premium
As far as the SMB log entries shown, that is controlled by Eset Network Protection -> IDS -> Advanced options -> Packet Inspection -> Deny SMB sessions without extended security setting. Per Eset online help: The setting controlling ICMP Hidden Channel detection is also located under Packet Inspection settings and is named "Covert data in ICMP protocol detection." The thing that is odd is the majority of the source IP address are coming from 10.8.x.x addresses. That IP address range is associated with NAC RADB TESTING; ref.: http://www.irr.net/docs/faq.html and appears to be associated with the testing of peer-to-peer Internet routing connections. If you are using a VPN, I would ask them why these connections are showing up on your router. Additional ref. here: https://www.apnic.net/about-apnic/whois_search/about/what-is-in-whois/irr/