Jump to content

itman

Most Valued Members
  • Content Count

    7,572
  • Joined

  • Last visited

  • Days Won

    190

Everything posted by itman

  1. There is no direct correlation between Eset and Windows Updates. An exception would be for Win 7 where specific updates must be installed since Microsoft no longer supports SHA1. This is not to say that some Win Update could bork Eset but the likelihood is extremely remote based on past history. Most of the Eset new release issues arise due to some Win configuration on select devices. These are usually the result of either intended or non-intended user OS or app setting changes from default values.
  2. The answer to that is yes. Hacking Win firewall rules for example is rather trivial since they are stored in the registry in clear text. Add to this, disabling the Win firewall is no big deal.
  3. Also be aware that by adding all those external subnet IP addresses to the VNC server device's Eset Trusted zone, all existing Eset default firewall rules that specify Trusted zone criteria such as existing NetBIOS rules will also allow all those existing external subnet IP addresses. In other words, connection exclusively by the VNC ports you specified would be overridden.
  4. Eset gives you "the most bang for your bucks" in this category. Interesting to see how fast someone filled the void by NSS Labs demise which used to do like analysis for $$$$$: https://www.av-comparatives.org/reports/endpoint-prevention-response-epr-test-2020/
  5. Here's a feature comparison between Eset home use products: https://support.eset.com/en/kb318-features-available-in-windows-eset-home-products . You will have to refer to either Internet or Smart Security documentation for further details on features contained in both that are not contained in NOD32.
  6. Since this is an inbound firewall rule, remove all Local section IP addresses and the Trusted Zone reference. Only thing required in the Local section is ports 5800 and 5900. This will allow inbound access to the local defined subnet/s for this device from all external subnets defined in the Remote section. Also remove the Trusted Zone reference and any port references in the Remote section. Ref.: https://forum.eset.com/topic/2235-eset-blocking-ultra-vnc-please-help/?do=findComment&comment=12772 I will also note that it appears you want to allow all inbound/outbound communic
  7. There are numerous UAC bypasses that accomplish this: https://cqureacademy.com/cqure-labs/cqlabs-how-uac-bypass-methods-really-work-by-adrian-denkiewicz Additionally, there are methods to elevate to Admin or even System privileges from a standard user account.
  8. If this is in regards to Win 10 Home versions, RDP is disabled by default. It can be installed in the Home versions but a bit of work is needed to do so: https://www.thewindowsclub.com/how-to-use-windows-10-remote-desktop-in-windows-home-rdp . So if you are using a Win 10 Home version with default RDP settings, the answer is you don't have to worry about external network based RDP brute force attacks. However in your case, either you are using Win 10 Pro or manually installed RDP in Win 10 Home. Is this setting: Don’t Allow Remote Connections to this Computer bulletproof as
  9. Somehow I missed the first paragraph you posted. As such, you are correct they are basing their statistical analysis on VT results. On the other hand, I still believe the analysis has merit since high impact malware should be detected rather quickly by signature by AV solutions. Of course there are other factors involved such as frequency of the malware and its geographic dispersion which would influence submission frequency to VT. Also as you noted, not all security mechanisms are implemented for select products at VT and sandbox scan time is limited.
  10. I also would be satisfied if two features from EDTD Proactive Protection referenced here: https://help.eset.com/edtd/en-US/index.html?proactive_protection.html were included in the Home versions as optional settings in Cloud Protection. Neither of these would involve cloud scanning by Eset. The first setting would be Detection threshold. The second setting would be Proactive protection. Proactive protection would have the following options: 1. Suspend process execution. An alert window would be displayed showing process detail including file location. Tab options available
  11. No offense meant here but if you start obsessing over Win 10 event logs, you will most likely end up going bonkers. That event log and for that matter all Win event logs, have nothing to do with determining Eset operational status.
  12. Those are code integrity errors. If the entries are in regards to eamsi.dll, you can disregard them. Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5038
  13. "The other side of the protection coin" is if most home users need the responsiveness provided by EDTD. I would say the answer to that is no. Normal LiveGrid sandbox analysis times appear to be on par to those stated by Avast; a couple of hours. Again, the only thing Eset needs to do is block process execution until this determination is had. This does bring up the question of just how many "suspicious" detection's are being submitted to LiveGrid for analysis. Based on my Eset installation, the answer is very few. As such, providing EDTD capability w/o extra cost to the purchaser should n
  14. The PUA detection was for a JavaScript on a web site you accessed when using Chrome. One possible explanation for non-cleaning is the JavaScript actually resides on the web server hosting the web page. Eset obviously does not have access to that web server. If the alert was a one time occurrence, I wouldn't worry about. Just stay away from the web site that is the source of the alert.
  15. My suggestion is one that has been asked for previously. That is Eset offer a Professional version to its home users. Eset's marketing for this would be its only suitable for advanced technical users and support for it is limited primarily to bug fixes. In other words, it is not Eset's responsibility to show users how to properly configure the product other than providing on-line documentation. EDTD would be included and its cost would be embedded in the license yearly subscription cost. The product would also include other complimentary features such as configurable Reputation features s
  16. This posting gets into WordPress malware: https://wordpress.org/support/topic/malware-in-php-and-numbered-php-files/
  17. Looks like you made the same assumptions @SeriousHoax did. The reference to VirusTotal was only to AV vendors that are listed there. The organization that produces this analysis uses their own malware samples harvested from their client installations and performs its own testing including detailed sandbox analysis. Think along the lines of Hybrid-Analysis, any.run, etc..
  18. The problem with this alternative is: 1. Eset has a five seat minimum purchase requirement for its endpoint solutions. 2. It requires an additional monthly subscription. I don't know what a monthly subscription for EDTD costs. However, that is additional cost on top of EES yearly license cost. -EDIT- I didn't realize Eset now has an integrated endpoint + EDTD solution called CloudProtect. The cost is $310 USD per one year license due to the 5 seat minimum purchase requirement. Obviously, no home user will pay that for single device protection. If I were to go this rout
  19. I don't believe this bugger would even run since its signed with an expired SHA1 cert.. Win10 native SmartScreen would have alerted on this fact alone:
  20. Eset home products off-line installers are here: https://support.eset.com/en/kb2885-download-and-install-eset-offline-or-install-older-versions-of-eset-products Only ver. 14.0.21 is listed. You would have to wait till it auto updated to ver. 14.0.22 or force and update via Eset GUI product updater.
  21. In light of this new DNS poisoning vulnerability, it might be informative for some to review the original Kaminsky DNS cache vulnerability. Gibson Research gets into great detail on this on their web site here: https://www.grc.com/dns/dns.htm . Unfortunately, it appears they haven't updated their test for this new DNS cache vulnerability. Also on the Gibson Research web site is additional detail on how to retrieve your banking web site certificate thumbprint I mentioned previously: https://www.grc.com/fingerprints.htm . This is also a lead in to what I would like to see added to Eset Bank
  22. Here's my theory as to what is causing this issue. Windows Security Center constantly monitors if third party AV real-time protection is enabled. If it detects that it is not so enabled, it will immediately enable Windows Defender. In the past, the problem was this switch over was not always performed or performed in a timely manner, thereby leaving a device exposed to a malware infection. It appears in current versions of Win 10, this trigger detection "sensitivity" has been greatly increased. My current theory is perhaps Eset internally will disable its real-time protection fo
×
×
  • Create New...