-
Content Count
7,787 -
Joined
-
Last visited
-
Days Won
191
Everything posted by itman
-
I agree. Best Buy and MicroCenter also sell the same version here in the U.S.. One possibility is that they changed the installer to enable Gamer mode in real-time protection. The default setting is paused.
-
It appears most of your malware submissions are originating from cracked software? No one should be using cracked software these days. They have become the favorite vehicle to deliver ransomware. Also much of this software uses trusted installers which run at system privilege level making it difficult for anti-virus software to detect the malware. Personally, I wish Eset would flag all cracked software as PUA at the minimum detection level.
-
At far as VT detections go, note the following which has been mentioned multiple times in this forum. Most AV products installed there do not have all their protection mechanisms enabled. Overall, VT is primarily employing static detection methods in the products used; i.e. signature detection. Therefore just because a given product doesn't detect a malware sample at VT, does not imply the product won't detect when installed on a device.
-
ESET keeps ThomsonReuters products from "phoning home"
itman replied to jeffw00's topic in ESET NOD32 Antivirus
Are you using a VPN provider? -
False "Website certificate is revoked" message
itman replied to hectorx's topic in ESET NOD32 Antivirus
One thing I am puzzled about is that Eset with default settings is supposed to warn and not block certificates with trust issues which is not happening: -
False "Website certificate is revoked" message
itman replied to hectorx's topic in ESET NOD32 Antivirus
Firefox most certainly does: https://support.mozilla.org/en-US/kb/secure-website-certificate . I would assume the same for Chrome and Edge. This article gets into more detail: https://www.ssl.com/article/how-do-browsers-handle-revoked-ssl-tls-certificates/ . Their test in regards to RSA DV certs. yielded the following: As long as FireFox has OCSP enabled which is the default for certificate checking, it will detect a revoked intermediate cert.. Chrome doesn't detect because of bugs it appears: Edge will detect as long as its default settings haven't been modified: -
False "Website certificate is revoked" message
itman replied to hectorx's topic in ESET NOD32 Antivirus
Something is not right here in regards to this certificate status. I went to the GlobalSign web site here: https://support.globalsign.com/ca-certificates/intermediate-certificates/domainssl-intermediate-certificates , and downloaded this cert.. I really don't believe GlobalSign would still list a revoked cert. on their web site. Further confirmed by viewing the cert. itself: Additionally note that the thumbprint of this cert. does not match that of that shown by the independent scan of the URL by SSLLabs: It appears to me that this URL, https://intranet.agricom -
False "Website certificate is revoked" message
itman replied to hectorx's topic in ESET NOD32 Antivirus
I will also note that this URL, https://www.agricom.cl/ , is OK. Appears to me that access is being attempted to an intranet domain of above via the Internet? -
Since there have been past complaints about Eset blocking IOBit web sites and software to boot, note the following also from the bleepingcomputer.com article. Obviously, the attacker used this vulnerability to exploit the IOBit web site.
-
Networkcard/Ethernet issue
itman replied to elle's topic in ESET Internet Security & ESET Smart Security Premium
Are you disabling the Ethernet network connection as noted below? https://www.addictivetips.com/windows-tips/disable-an-ethernet-connection-windows-10/ -
Elaborating on this attack, the details are as follows. The IOBit forum website was compromised by an attacker who gained admin access to the site. This allowed him to harvest e-mail addresses of forum users and plant a malicious download from the forum web site. The attacker then sent e-mails to IOBit forum users which stated they were the winners of a free one year license to an IOBit security product. At this point note that the e-mail would appear legit since the sender's address was legit. The following are excerpts from the bleepingcomputer.com article. The ransomware i
-
The main thing to know about this attack was Windows Defender was bypassed since the malware created exclusions in WD to allow its malicious .dll to run undetected. Kapersky also didn't stop files being encrypted by the ransomware portion of the attack. Per a malwaretips.com poster: Waiting until someone does a detailed analysis on this puppy.
-
A bit difficult to understand what you posted. Eset has three retail products with a firewall: 1. Internet Security 2. Smart Security Premium. 3. A legacy product called Smart Security. This has been superseded by Internet Security. Which of the above did you have installed previously? Which of the above did you recently install? Did you uninstall what you had installed previously prior to performing the new install?
-
You can make an inquiry as to pricing here: https://www.eset.com/my/business/windows-security/
-
ESET Endpoint Security 8.0.2028.0 blocking DNS on wired Ethernet
itman replied to conorc's topic in ESET Endpoint Products
The way to diagnose this is as follows: 1. Set Ethernet IPv4 connection back to Obtain DNS server automatically. 2. Reboot device or do via command prompt window, ipconfig /flushdns, ipconfig /release, and ipconfig /renew commands to reset IPv4 connection and acquire a new IPv4 lease. 3. Via command prompt window, enter ipconfig /all and note IPv4 DNS server assignment IP addresses. 4. Open Eset GUI and then Network protection. 5. Select Advanced. Then select Zones -> Edit. In the DNS section, do you see the same IPv4 DNS server addresses noted in the prior ip -
Are you referring to the Eset splash screen which just shows an image of Eset logo? If so, refer to below screen shot to disable its display at system start up time.
-
I came across this posting in regards to connection-specific DNS suffice: https://community.linksys.com/t5/Wireless-Routers/Need-to-get-rid-of-quot-DNS-Suffix-Search-List-quot-from-ISP/td-p/1233151 It confirms: 1. It is assigned by Comcast ISP servers. 2. It is IPv6 conditioned. My best guess as to why it changes from hsd1.ca.comcast.net to hsd2.ca.comcast.net deals with IPv6 DNS server assignment. I suspect hsd1 is the primary IVv6 DNS server and hsd2 is the secondary server. I have never really seen anything like this before. When Eset detects the hsd2.ca.comcast.net
-
EDR cloud solution with ESET PROTECT?
itman replied to rubencastello90's topic in ESET Enterprise Inspector (EDR)
FYI https://help.eset.com/protect_cloud/en-US/what_is_new.html