Jump to content

itman

Most Valued Members
  • Content Count

    5,892
  • Joined

  • Last visited

  • Days Won

    167

Everything posted by itman

  1. You are correct. This is how a standard user account works by default unless overridden by Group Policy.
  2. You can disable admin approval mode for the built-in default admin account via Group Policy: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account . Note: doing this puts you at considerable risk since no UAC alerts will be displayed. If a APT attacker drops malware abusing a Win trusted system utility that can perform hidden admin elevation, you won't be aware this has taken place. This is why security experts recommend UAC be set to its highest level versus its default level. I assume the above will also eliminate the UAC alerts being generated by Eset.
  3. Actually, you run as a limited admin and Windows prompts via UAC when full admin privileges are required. Also in Win 10, you can't log on as full admin since Microsoft removed the account on the Home versions. You can create a standard user account and log on under that. You won't get any UAC alerts since anything requiring admin privileges will be automatically blocked. This includes Eset GUI modifications.
  4. It is not advisable to download/create SysRescue media on a compromised system. Try to do so on a device known to be malware free and see if this resolves the updating issue.
  5. https://support.microsoft.com/en-us/help/310049/hyperlinks-are-not-working-in-outlook
  6. I also believe that this issue has nothing to do with eamonm.sys. It is highly unlikely that Eset's ELAM processing would refuse to load its own driver. Even if it did, eamonm.sys is not a critical OS driver. A boot-time blue screen would not occur from not loading it. Now if eamonm.sys was corrupted in some way, that could cause a boot-time blue screen. But a subsequent uninstall/reinstall of Eset should have corrected this. However if Eset uninstaller tool run in Safe mode was not deployed, it is possible the corrupted eamonm.sys driver remained in the Win driver directory. And a reinstall did not replace it since it already existed?
  7. https://support.eset.com/en/kb3509-how-do-i-use-eset-sysrescue-live-to-clean-my-computer
  8. You shouldn't in recent Eset versions installed on Win 7+ Win versions. The network adapter mini-port filter you are observing appears to be a holdover from earlier Eset versions. Current versions of Eset use the Windows Filtering Platform to monitor Internet network traffic. You should be able to uninstall the Eset network adapter as follows: https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool
  9. No. Eamsi.dll is still being loaded into select Win processes Eset monitors by this. Also, this would not cause a BSOD at boot time since the .dll injection is done subsequent to that.
  10. In regards to the original posting reference to disabling early launch anti-malware driver via boot startup option, a quick review on what it does: https://www.top-password.com/blog/disable-early-launch-anti-malware-protection-in-windows/ Since the majority of Eset ver. 13.1.16 upgraded devices have no issues in this regard, it would appear that on a few select Eset installations its ELAM driver is detecting an existing driver as malicious. The key to resolution is to find out which driver is being detected as malicious. One way to do this is to enable Win 10 boot logging as follows: https://www.windowscentral.com/how-enable-boot-log-windows-10. Reboot. Then using Notepad, print the ntbtlog.txt file located in C:\Windows. Now install Eset ver. 13.1.16. Reboot. PC should blue screen at boot time. At this time, you can either boot into Win 10 recovery environment and disable ELAM, or boot into safe boot. Then again uninstall Eset. When you do get Win 10 successfully rebooted, again print out ntbtlog.txt. Now compare the two printouts. From the bottom of the printout, work upward till you find the boot log section with entries associated with the blue screen. The last driver shown in that section will be the last driver successfully loaded. Now find that driver on the earlier ntbtlog.txt printout. The next driver listed on the earlier printout should be the driver Eset ELAM processing refused to load and aborted the Win 10 boot.
  11. Beginning to wonder if these are Win 10 Secure Boot enabled devices and the boot process is "hiccuping" on the reappearance in ver. 13.1.16 of hash error for Eset's AMSI .dll:
  12. As I suspected. This forum's purpose is to assist in installation or operational issues in regards to Eset products. Not to assist in malware removal when an Eset licensed product is not installed. @Marcos , time to lock this thread.
  13. Most likely related to this. Outside of the browser, Eset uses the Win root CA store for certificate validation. If whatever you are doing Python-wise uses a custom root CA store, something similar to the following needs to be implemented: https://github.com/adobe-apiplatform/user-sync.py/issues/204
  14. Check Eset's cert. in FireFox and make sure it is set to "identify websites." Also verify the cert. has not expired:
  15. If this issue just occurred recently and there were no previous issues with your currently installed Eset version, I would suspect the issue is being caused by your ISP: https://www.reddit.com/r/firefox/comments/cdmqbf/getting_a_lot_of_pr_connect_reset_error/
  16. Mouse click on Installed Components. Security Center integration module should be the last one listed:
  17. As far as what S & M in Win 10 1909 should be displaying, it should be deferring to Windows Security Center per the below screen shot:
  18. In WSC Threat & Protection section, the following screen shot would show that Eset Security is turned on: Next mouse click on "Manage providers." It should show the following noting that Eset Security is the active real-time AV solution and Eset Firewall is the active firewall solution:
  19. Actually, WatchGuard has a separate help article dedicated to configuring TDR when Eset Endpoint is installed: https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/TDR/eset_tdr.html . But as you posted, you don't have TDR installed. Have you contacted WatchGuard about your issues with Eset Endpoint installed w/o TDR use? They already may have a solution.
  20. What worked in another recent Eset uninstall incident in regards to reinstalling Eset is to reset your router and change its password. Then try to reinstall Smart Security.
  21. Did you follow the procedure here: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_exclusions_c.html?Highlight=exclusions to configure exclusion for Eset in TDR and in Eset to exclude WatchGuard directories?
  22. Also these new settings are describe in detail in version 13.1.64 online help: https://help.eset.com/eis/13/en-US/idh_config_scanner.html
  23. Suspect the issue was in Augur; i.e. advanced machine learning.
  24. The only authorized Eset seller for consumer products in India I could find is: https://www.eset.com/in/about/contact/ If SAKRI IT Solutions is indeed an authorized Eset reseller in India, Amity Infosoft should be able to help you. Also all references to Sakri being Eset's authorized partner in India are over 4 years old: https://www.dqchannels.com/sakri-it-solutions-to-distribute-eset-security-solutions-in-india/
×
×
  • Create New...