Jump to content

itman

Most Valued Members
  • Content Count

    5,804
  • Joined

  • Last visited

  • Days Won

    167

Everything posted by itman

  1. Note the text I underlined in the above posting. It means that if macros are allowed to run initially and the document contained malicious ones, a user who opens the document again at a later date would cause the malware to run unabated and reinfect the device/network all over again.
  2. Found the Eset "culprit." The HIPS needs to be set to "Auto" mode versus "Smart" mode if suspicious application detection mode is set to aggressive. After an initial "hiccup" test where Eset displayed the HIPS alert after PowerShell had already started😕, HIPS alert displayed properly in multiple subsequent tests. I guess Augur needs time to learn its own HIPS behavior?🤪 I guess my initial hunch that HIPS Smart mode could be an issue when Augur is applied aggressively was correct.
  3. Confirmed the issue is with the aggressive setting for suspicious applications.
  4. Found the problem. It's with the aggressive setting for malware and/or suspicious processes. When I set those back to normal setting, PowerShell run in admin mode displays Eset HIPS alert as expected. So no aggressive mode settings for me until this release is tested more thoroughly
  5. Win 10 x(64) 1909, EIS 13.1.16 Both real-time and advanced machine learning set to aggressive mode. Believe this issue is related to ver. 13.1.16 which installed yesterday. I have HIPS rules that monitor PowerShell and other script .exe startup. When I start PowerShell from desktop in non-admin mode, HIPS alert displays as expected. However if I start PowerShell in admin mode: UAC prompt appears as expected. Selecting "Allow" on the UAC prompt does not display a HIPS alert. Rather, a second UAC alert is displayed. No HIPS alert ever displays. Repeated same procedure multiple times with same behavior occurring.
  6. Microsoft was supposed to include a fix in last Tues. Win 10 cumulative update for 1903 and 1909 versions. They pulled it at the last moment; assume they found a bug in it. However, news of the patch had already been "leaked" to reporting services. Hence, we now have a "perfect hacker storm" in place.
  7. Since you haven't been able to successfully boot that device, did you try the "Last known good configuration" option? Ref.: https://www.sevenforums.com/tutorials/666-advanced-boot-options.html If that doesn't work, did you try the "System Restore" option from the Win 7 Repair screen?
  8. Have you tried to perform a Win 7 Start Up Repair? Ref: https://www.technorms.com/33940/startup-repair-windows-7
  9. Unfortunately, it is common for Win 10 to reset options selectively back to default values after Win Updates; especially security updates.
  10. As far as Eset start up scans, Eset will have to reply if the real-time settings also apply to them. Per Eset GUI setting options, only the selected on-demand scan profile can be configure either stand-alone or by defaulting to the real-time settings:
  11. This is a great article on how to perform security forensics after a malware attack to determine the source MS Office entity responsible: https://www.bleepingcomputer.com/news/security/windows-registry-helps-find-malicious-docs-behind-infections/
  12. Differences between free and premium versions given on this web page: https://www.eset.com/us/home/mobile-security-android/
  13. My EIS version just upgraded to version 13.1.16.0. These options now exist in Real-time setting. Additionally, the default manual Smart Scan option will also by default, use the these real-time scan options.
  14. That error code appears to be related to Win Update processing. Possible that DISM tried to connect to Win Update servers and couldn't because your network connection is hosed. You could try to repeat the procedure again but first run this command: Dism /Online /Cleanup-Image /StartComponentCleanup No guaranty that will allow the other DISM command to run successfully along with SFC. I personally believe your Win 10 installation is borked from running all the bootable scanners you used, some from questionable sources, to the point that you have two choices left. 1. Run a Win 10 Repair install. This will keep all your personal files in place but require you to reinstall all your apps again. 2. Backup all your personal files to external media or another non-boot drive if one is installed. Then reformat the boot drive and install Win 10 1909 from scratch. (Recommended) Also note that this forum is about helping with Eset installation and/or operational issues. Not for assistance in resolving Windows OS issues. Therefore, I am exiting myself from this thread - again.
  15. Let's try to get your Win 10 installation in some semblance of working order. Perform the following steps: 1. Enter the following keyboard sequence: Ctrl + Alt + Delete. A blue screen should appear with a list of selections including Task Manager. If it doesn't, skip the remaining steps. 2. Select "Task Manager." 3. Click on "File" on the top toolbar. Click on "Run new task." 4. In the "Open" window, type cmd.exe. Also check mark the "Create this task to run with administrative privileges" option. Click on the "OK" button. At this point, the black command prompt window should be displayed. 5. Enter "DISM /Online /Cleanup-Image /RestoreHealth" less the quote marks. Press the Enter key. This will run for some time. When it finishes, 6. Enter "sfc /scannow" again, less the quote marks. Press the Enter key. This will run for some time. SFC will inform you if corrupted Windows files have been replaced. Hopefully, you will not receive the message it could not replace all files. Print the above instructions for reference prior to performing them. Now reboot your PC. Hopefully at this point, all/most of Win 10 functionality has been restored.
  16. Per above bleepingcomputer.com posted link. Update: Microsoft published a security advisory with details on how to disable SMBv3 compression to protect servers against exploitation attempts. You can disable compression on SMBv3 servers with this PowerShell command (no reboot required, does not prevent the exploitation of SMB clients😞 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force What steps can I take to protect my network? 1. Block TCP port 445 at the enterprise perimeter firewall TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter. 2. Follow Microsoft guidelines to prevent SMB traffic leaving the corporate environment Guidelines for blocking specific firewall ports to prevent SMB traffic from leaving the corporate environment
  17. This incident reminds me of the very first time I installed Eset back in 2014. That also was on Win 7; but 64 bit version. Same behavior - blue screen at boot time. I never did figure out what caused this. Lucky for me, I had an image backup that I restored from. Not wanting to abandon Eset entirely and primarily because I had already purchased a license, I again tried to install Eset. No problems thereafter and like issue has never occurred again.
  18. The simple solution to this issue is to set the Eset firewall default setting to allow all outbound traffic. I would also question why an app requires an outbound network connection to update multiple times a day.
  19. The web site displays fine for me using latest FireFox version. See below screen shot. Since you reside in Taiwan, might be an issue with the DNS servers you are using or the like.
  20. Try one of these solutions to access Win 10 system settings: https://www.softwareok.com/?seite=faq-Windows-10&faq=10
  21. https://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/
  22. NSA Warns About Microsoft Exchange Flaw as Attacks Start https://www.bleepingcomputer.com/news/security/nsa-warns-about-microsoft-exchange-flaw-as-attacks-start/
  23. Assuming you are using Win 10, type "network reset" into the desktop search bar. Then select Network reset as shown in the below screen shot: The following screen will be displayed. Click on the "Reset now" button. Windows will inform you that your PC will shutdown in a few minutes to completely reset your network settings to default values. When your PC restarts, hopefully you will be able to connect to the Internet using your Wi-Fi connection.
×
×
  • Create New...