Jump to content

itman

Most Valued Members
  • Content Count

    6,926
  • Joined

  • Last visited

  • Days Won

    183

Everything posted by itman

  1. Eset will only block an ad in a browser if its known to be malicious. What is the case many times is the ad itself will do a redirect to a web site that is hosting malicious content. So theoretically, the ad itself contains nothing malicious but Eset will block its execution because of the redirect activity.
  2. BackupAssist has an article on this here: https://www.backupassist.com/support/en/knowledgebase/BA2513-Unable-to-backup-volume.html . The problem is the exclusions have to be made for the referenced files on the drive being used for the backup. Eset has no way of determining what drive is being used for backup purposes.
  3. I also tried this in Edge Chromium which is Chrome based using Google search and again, no Eset detections. My advice is install a good ad blocker like uBlock Origin in Chrome. Eset's detection appears to be related to a malicious ad.
  4. I even entered http://19216811 directly into FireFox Search bar. Interestingly, it actual converts to an IP address but it isn't route able:
  5. You need to contact whomever you purchased the license from to straighten this out.
  6. Really don't know what you mean here. The firewall rule set is scrollable via use of the scroll bar located on the right hand side of the display:
  7. I have firewall rules that extend over multiple pages. I have no problem with a rule moved to the top of the rule set and then using the arrow key to move the rule downward in the rule set; or upwards from the bottom of the rule set for that matter.
  8. Did the same in FireFox and Eset detected nothing in Google search results: Now I use uBlock Origin in FireFox. So it may have removed any ads from the Google search result prior to web page rendering. It would be very unusual however for a malicious ad to be rendered on its search results web page but I guess anything is possible these days. However, I just repeated the Google search and uBlock didn't block anything malicious.
  9. It is starting to like like there is a problem with the ver. 13.2.18 update on non-Win 10 devices not properly installing Eset drivers in certain circumstances. There have been multiple forum postings in this regard. Suspect this is what caused your busted network connections. One reason you might want to upgrade to Win 10 is it has a built-in setting that will totally rebuild your network connection including reinitialize of TCP/IP stack in instances like this:
  10. I'm a bit confused here. If you did an image restore, this would have taken you back to ver. 13.2.16. Are you saying that Eset 13.2.18 in prepared but uninstalled state was on the image backup? Or did Eset auto download ver. 13.2.18 after the image restore?
  11. One additional comment in regards to the Win 7 backup utility you may or may not be aware of. You can run an image backup while Win 10 is fully operational which is pretty neat. This means you could actually test these Eset exclusions when the device is active during the day. No need to wait till your scheduled task runs at night. Also if there are no issues with the image backup running when Win 10 is active during the day but this same issue occurs when only your scheduled task runs, then something else is going one here. Then there is this "tidbit" about Win 7 backup utility that makes it really unacceptable for commercial production environments that appears to be your case. The backup utility requires that Win System Protection; i.e. System Restore, be enabled. System Restore is famous for "flaking off" by mysteriously disabling itself or plain just not working. Also as I recollect, a Win 10 Feature Upgrade will disable it since that is its default setting on a clean Win 10 install. However, the main problem with the Win 7 backup utility is this. You can't backup the UEFI partition unless a system image backup is created. If the UEFI partition gets corrupted or infected by malware, you are forced to restore using a prior created system image backup. I additionally use Paragon's Professional Drive Manager to create image backups via a Win PE boot disk they provide. I have used it for years w/o a restore ever failing. It also is a full feature backup utility that allows for incremental backups; scheduling for backup activity, and the like. With Paragon you can back up anything; boot sector, partition, or the entire disk. Also Paragon creates it backups as archive files with full compression options. Finally, the boot sector, individual partitions(assuming a drive backup was performed), directories,or files can be restored from any image backup if need be.
  12. I believe that the Eset KB article assumes that Win 7 backup is running in directory/file backup mode; not image creation mode. As far as what is created in system image mode: It creates the above highlighted directory on my PC. Of note is I don't have access to this directory on my PC running as limited Admin unless I actually allowed Win permissions to be changed. Of note is even read permissions don't exist: I do know Eset has no issues scanning this directory but again I don't have an UEFI and as such, the files with issues would not be included. In any case, try the following Eset file exclusions instead and see if that resolves the issue: E:\WindowsImageBackup\EFI\Microsoft\Boot\BCD E:\WindowsImageBackup\EFI\Microsoft\Boot\BCD.LOG E:\WindowsImageBackup\EFI\Microsoft\Boot\bootmgfw.efi E:\WindowsImageBackup\%WINDIR%\system32\winload.efi
  13. https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool Note: This must be run in Win Safe boot mode.
  14. Well it appears I "totally blew this one." First a reference to the above posted Eset KB article; in fact the very first sentence of the article: The sentence is poorly worded. What is meant is the Win 7 backup fails because Eset real-time scanning is locking a file being created/overwritten on the backup drive in order to scan it. This in turn prevents the Win 7 backup from creating the file on the backup media and to terminate the backup processing. It appears your backup drive letter is E: and assumed this is the drive used in Win 7 backup processing. In regards to the following KB article noted files that require Eset real-time scanning file exclusions: \Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD \Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG \Device\HarddiskVolume1\EFI\Microsoft\Boot\bootmgfw.efi %WINDIR%\system32\winload.efi You need to enter the below Eset real-time file scanning exclusions; E:\EFI\Microsoft\Boot\BCD E:\EFI\Microsoft\Boot\BCD.LOG E:\EFI\Microsoft\Boot\bootmgfw.efi E:\%WINDIR%\system32\winload.efi
  15. In Eset Web access ptotection -> URL ADDRESS MANAGEMENT, there exist default allow and block lists that can be used to add URLs. Or you can create your own lists if so desired. However, these lists apply to all Internet accessing apps. There is no way in Eset to link an allow list to a particular app. The only way a whitelist can be created for given app is via an Eset firewall rule and only IP addresses can be specified; not URLs.
  16. The "arrow" options allow for moving a rule to top or bottom of existing rule set. Or to move a rule up or down in the rule set, one rule at a time. Yes, it is a royal pain in the butt when you want to position a rule for example in the middle of a large existing rule set.
  17. Most e-mail clients have an option where you can control; i.e. synchronize, what folders are auto downloaded from the e-mail provider server to the local device e-mail client. Not sure if this exists in Outlook365 or not.
  18. Check and see if a drive letter has been assigned to the UEFI partition/volume for some reason on that device. The Eset KB specifically states the issue occurs when an external backup drive is being used. Contact Eset North America customer support and see if they can assist.
  19. In regards to this from the KB article: Now go to the end of the KB article and note this: It really appears that that the exclusions must be set up using the drive specification. What you really have do is determine the drive letter for the drive being used for the Win 7 backup file. Then use that drive letter in the above file exclusions. You also might want to contact Eset technical support for a confirmation to my above statement. -EDIT- This confirms the above assumption. The Eset exclusion must contain the drive letter associated with the backup drive: https://www.winhelponline.com/blog/windows-backup-failed-exclusive-lock-efi-partition-avast/
  20. Is this the removal tool you are referring to: https://www.eset.com/int/support/av-remover/ ? Did you download the correct version; 32 or 64 bit version depending on what OS version you have installed? You stated "McAfee was previously installed on my computer." Is it still installed or not? According to the related Eset KB article on it: https://support.eset.com/en/kb3527-eset-av-removerlist-of-removable-applications-and-instructions-to-run-the-tool , it will remove the following McAfee products: McAfee, Inc. Version McAfee ePolicy Orchestrator Agent 4 McAfee Endpoint Security 10 McAfee Security-as-a-Service 5 McAfee Security-as-a-Service 6 McAfee WebAdvisor 4 McAfee Host Intrusion Prevention 8 McAfee SiteAdvisor 3 McAfee SiteAdvisor 4 McAfee Family Protection 2 McAfee VirusScan Enterprise 10 McAfee VirusScan Enterprise 15 McAfee VirusScan Enterprise 16 McAfee VirusScan Enterprise 17 McAfee VirusScan Enterprise 18 McAfee VirusScan Enterprise 19 McAfee VirusScan Enterprise 20 McAfee VirusScan Enterprise 4 McAfee VirusScan Enterprise 8 McAfee VirusScan Enterprise 9 McAfee Security Scan Plus 3 McAfee AntiVirus Plus 10 McAfee AntiVirus Plus 12 McAfee AntiVirus Plus 13 McAfee AntiVirus Plus 14 McAfee AntiVirus Plus 15 McAfee AntiVirus Plus 16 McAfee AntiVirus Plus 17 McAfee AntiVirus Plus 18 McAfee AntiVirus Plus 19 McAfee AntiVirus Plus 20 McAfee AntiVirus Plus 8 McAfee AntiVirus Plus 9 McAfee Total Protection 15 McAfee Total Protection 16 McAfee Total Protection 17 McAfee Total Protection 18 McAfee Total Protection 19 McAfee Total Protection 20 McAfee Total Protection 3 McAfee Internet Security 18 McAfee Internet Security 19 McAfee Internet Security 20 McAfee LiveSafe – Internet Security 12 McAfee LiveSafe – Internet Security 13 McAfee LiveSafe – Internet Security 14 McAfee LiveSafe – Internet Security 15 McAfee LiveSafe – Internet Security 16 McAfee LiveSafe – Internet Security 2 McAfee LiveSafe – Internet Security 3
  21. By default, Eset Banking & Payment Protection disables all browser extensions/add-ons for security reasons. If a password manager is a must for you when using B&PP, you can upgrade to Smart Security version that includes a password manager.
  22. @foneil , this Eset KB: https://support.eset.com/en/kb6121-windows-backup-failing-error-message?ref=esf , needs to be revised. It should state that diskpart via command line prompt needs to be run to determine which volume the backup drive actually resides on. Then the drive letter associated with that volume number used in creating Eset exclusions for Win7 Backup utility.
  23. The following confirms my suspicion of what is occurring in firewall Automatic mode in regards to Application Modification detection: Here's a firewall rule alert for explorer.exe for cert. data download on Aug. 3: Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;SHA1;User 8/3/2020 8:53:01 AM;Decision on allowing communication delegated to user;Delegated to user;192.168.1.XX:58387;72.21.91.29:80;TCP;Block outgoing explorer.exe x(64) communication;C:\Windows\explorer.exe;9BF023766E369E6F6DE45F0C349749E6FC8ABDAC; Here's a firewall rule alert for explorer.exe for cert. data download on Aug. 21: Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;SHA1;User 8/21/2020 4:52:25 PM;Decision on allowing communication delegated to user;Delegated to user;192.168.1.XX:52248;23.60.139.27:80;TCP;Block outgoing explorer.exe x(64) communication;C:\Windows\explorer.exe;2537CD23F1FDA7FAA881D16C2636A119EAE0E80C; Application Modification detection alert was also generated for Aug. 21 firewall activity. Notice that the hash value for explorer.exe has changed. Most likely due to Win 10 Aug. cumulative update. What is going on here is Application Modification is detecting any file size change; apparently since the last time the firewall rule referencing it was triggered. Not that explorer.exe has been modified "on the fly" by some external process. This type of Application Modification detection behavior makes absolutely no sense to me.
  24. Show the full path name for the .exe Application Modification is throwing an alert on.
×
×
  • Create New...