itman

After doing the unchecking, click on the "Apply" box. Then click on the "OK" box.

Interesting. Appears whatever security solution you installed isn't even providing you basic protection. The FortGuard link you posted is blocked outright by Eset. Further brief examination yields the company is an outright scam located in mainland China: hxxp://www.scamadviser.com/check-website/fortguard.com . Wilders had a discussion on FortGuard a while back and came to the same conclusion: hxxp://www.wilderssecurity.com/threads/anyone-heard-of-fortguard.233363/ . As far as Website Anti DDoS Guardian goes, it appears to offer good protection but is a server based product. As such, not relevant to home user PC protection: Anti DDoS Guardian Key Features: ◾Protects from ongoing DDOS/DOS attacks that attempt to overwhelm a web server ◾Protects Apache servers, mail servers, Camfrog servers, VoIP PBX networks and more ◾Protects against Windows Remote Desktop brute force password guessing attacks, SYN attacks, IP flood, TCP flood, UDP flood, ICMP flood, slow HTTP DDoS attacks ◾Requires Windows 2000 or later Hopefully, the next DDoS attack you have will just crash the router you purchased and not take down your entire home network in the process. Wait ....... if the router crashes, the home network is also out of commission as far as any Internet communication is concerned.

Using Autoruns which is also produced by the same outfit that developed Process Explorer, I noted that equi.exe has a startup parameter - /waitservice. I assume that refers to the startup of ekrn.exe which is indeed a Windows service. I would suggest that you also exclude ekrn.exe from any WAR monitoring and see if that resolves your equi.exe issue. Actually, you should exclude the entire Eset folder located in C:\Program files for x64 OS if WAR allows for folder exclusions.

This software installs a kernel mode driver among other things and could very well be in conflict with NOD32. Suggest you at least set exclusions for it in NOD32 and likewise, set exclusions in WAR for NOD32.

Kapersky indeed does offer a DDoS solution: Kaspersky Lab is the first anti-malware vendor to provide a DDoS protection solution – and that means no other anti-DDoS supplier can match the expertise and scale of our in-house security intelligence department and infrastructure. A few more details on this solution: If you require a turnkey solution, Kaspersky Lab and its partners can cover the vast majority of set up procedures – including: • Installing the sensor software and hardware on your site • Setting up traffic redirection to our cleaning centers • Setting up ‘clean’ traffic delivery to your business Ref.: hxxp://media.kaspersky.com/kaspersky-ddos-protection-data-sheet.pdf Hum ............... This Kapersky solution looks eerily similar to the ISP recommendation I posted previously. It appears that you are confusing DoS protection that exists in many security vendor software firewall products with what is required for DDoS protection.

What is the difference between a DoS and DDoS Attack? DDoS refers to a ‘distributed denial of service’ attack. With this attack a hacker will use multiple servers to attack another target server i.e. the attack is distributed across multiple servers. Traffic associated with a single DDoS attack may originate from hundreds or thousands of compromised servers or PCs. Whereas a ‘denial of service’ (DoS) attack is when a single server is used to attack another targeted server. Can a DDoS Attack be prevented? While you can secure a server and your web content, this will only prevent your server from being used in a DDoS attack. It is not possible to prevent your server from being targeted by a DDoS attack. There are steps that can be taken to help mitigate the risk and to better manage the attack when it does happen. In a rapidly changing landscape, Hetzner has identified a set of best practices that enables us to minimise the impact of a DDoS attack on our infrastructure and our customers. What if I am the target of a DDoS Attack? The wide range of motives for these attacks -- political (hacktivism) or social (malice) makes every merchant or organisation with an online presence a potential target. People often mistakenly assume that all it takes to deal with a DDoS attack is a well configured, powerful firewall. The reality is that unless your website is hosted on a very large distributed network, where their cumulative traffic capacity is greater than the traffic generated by a DDoS attack, effectively allowing the network to absorb the attack while passing on legitimate traffic to your website, your website or server will be offline for the duration of the attack. This can take a number of hours and even days in very well formed attacks. In addition to the upstream network capacity there are other components in the chain that can simply not handle the volume of a significant attack i.e. routers, switches, firewalls, servers, etc. An effective way to mitigate a DDoS attack while still being able to serve legitimate traffic is to use a ‘traffic cleaning’ service. There are a number of methods that are deployed -- in essence all traffic is passed through a ‘cleaning centre’ which separates ‘bad’ traffic (DDoS attacks) and only sends good traffic to the server. This service needs to run on a significantly large and distributed network and requires specialist skills. Hence the significant monthly cost associated with this type of service. Ref.: https://hetzner.co.za/help-centre/website/what-is-the-difference-between-a-dos-and-ddos-attack/

According to this: hxxp://www.virusradar.com/en/HTML_Refresh/detail , the malware is actually located in a web page. What Eset removed was the URL reference to the malware that was located in the browser cache. I believe your PC is now clear of any malware. You can always post in the Eset forum malware removal area for further assistance and/or a second opinion.

Are you getting any alerts from Eset pertaining to the FTP connection?

Since your running WIN 7, the correct setting for the WIN 7 firewall is "managed by Eset Smart Security" as shown in the below screen shot: In this mode, the Win firewall service is enabled and started, the Win firewall front-end that controls inbound and outbound rules monitoring are off, but the Windows Filtering Platform components of the firewall that control network settings are on. I have had past issues with Eset SS8 and the Win 7 firewall. What permanently fixed it for me was 1. Set the Win 7 firewall to fully "on" via the Control Panel -> Windows Firewall settings. 2. Set the Win 7 firewall to default settings. 3. Make sure your Win 7 firewall network type matches that for what is set in Eset Smart Security, i.e. Public or Home Network. 4. Reboot your PC. After the reboot, your Win 7 firewall settings should be identical to the above screen shot.

Although Smart Security did quite well in the protection test, they still need to improve on the 0-day detection rate. AV-Test used a relatively small sample of 230+ 0-day malware.

SpyHunter is a "questionable" product. Please post any detections from a Malwarebytes or similar mainstream anti-malware software.

A couple of questions on this. When you created an Eset firewall rule for your game app, did you only allow outbound connections to those ports? Did you verify that the Eset firewall was installed properly? When installed properly, Eset disables the front-end components of the Win firewall but leaves enabled the Windows Filtering Platform components. This can be verified by accessing the Win firewall settings via Control Panel and verifying that the settings screen displayed looks similar to the screen shown below. That is, it is shown Eset is managing the Win firewall settings: -EDIT- Also, Eset IDS has no UDP flood protection. So, if your DDoS attack was UDP based, you have a valid complaint.

The firewall in default mode allows all outbound traffic. So a user would not receive anymore firewall alerts from Smart Security than they would using the Win firewall.

Personally, I doubt it. Eset has been asked multiple times about a "free" version. The response was a direct - no. Most vendor's that offer a "basic" version of their product do so as a freebie with a number of features of the paid product disabled. Most of these vendors don't have a large corporate customer base like Eset has. The vendors use the freebie version as a "teaser" to entice purchase of the full paid version. Doubt Eset is even remotely interested in those retail sales tactics.

I believe there is a problem with the Win 10 security center on this regard. Since Eset in handling the Win 10 firewall settings, that is all that matters. You could just ignore the Security Center warning.

??? The Win firewall plus Eset firewall with default settings do not block outbound connections. Therefore, neither will have any impact on your applications being able to update. The problem with running two firewalls is a possible conflict with inbound connections. Only one firewall that monitors network connections should be active at any time.

You can turn the Win 10 firewall manually by doing this: hxxp://windows.microsoft.com/en-us/windows/turn-windows-firewall-on-off#turn-windows-firewall-on-off=windows-7 . Hopefully after a reboot, the Win 10 firewall will show this: This is how the Win 10 firewall should work with the Eset firewall enabled. The Win 10 firewall is not completely disabled since Eset uses components of it; primarily the Windows Filtering Platform component.

Did you reboot after installing Eset? If not, do that and see if it resolves the issue.

Regarding this and your other posting today about 95 incoming udp connections being blocked, I personally feel your network adapter settings are "hosed." Here's a guide to how to reset them in Win 7: https://kb.wisc.edu/helpdesk/page.php?id=37620 . You can search the web for like instructions for Win 8 and 10 if you are using one of those versions. Additionally, the issue might be with your router and that might have to also be reset. You might also contact Eset technical support to see if they can be of assistance.

What you see in your last posting is two real time security solutions at conflict with each other. In this case, MBAM is blocking Eset's outbound connections. My opinion and that of others is that: 1. Only one security solution should be running in real time. In this case, I would recommend turning off MBAM's real time protection and use it as a second opinion off line malware scanner. 2. If option 1 is not acceptable, then you need to set exclusions in Eset for MBAM and exclusions in MBAM for Eset. This might or might not resolve the conflict. You seem to be getting connections from unwanted places. A few of these every once in a while is normal. If they start occurring in multiple frequencies on a daily basis, it might be time to time to post what is happening in the Eset Malware Finding and Cleaning section.

Em006_64.dat along with other Eset .dat files are currently being loaded into the kernel globalroot driver area. My question is why is Eset loading .dat files into a kernel area reserved exclusively for drivers?

Yep. To many software vendor acquisitions these days ....................

In my situation, the software Internet connection was not made through the browser. As such, no way to exclude the certificate. Hence, the solution I proposed.

A simply analogy here is a file archive. It is stored in a compressed format. An AV scanner cannot scan files in compressed format unless it first un-compresses the archive. Likewise, malware can pack and obfuscate, i.e. hide, executable code in let's say a javascript. It does so to avoid detection by AV conventional scanning methods when downloaded. Additionally, the malicious code cannot execute until the malware unpacks and un-obfuscates the code. AMS protection will detect this activity and suspends the process so it can be scanned for malware and/or terminates the process . When Eset states this is a post execution detection method, what is meant that the malware process has already started execution prior to the unpacking and un-obfuscating activity and some system modification might have occurred. However, this damage is usually minor in effect and easy to correct.

I assume you know that Outpost is no longer a supported product since Agnitum was purchased by Sophos?