Jump to content

itman

Most Valued Members
  • Content Count

    4,313
  • Joined

  • Last visited

  • Days Won

    135

Kudos

  1. Upvote
    itman received kudos from BeanSlappers in FireFox 68 Error On Win 10 x(64) 1903 When Accessing Banking & Payment Protection   
    This FF 68 error might be associated with Nano Defender add-on which I recently added to uBlock Origin. I saw two tmpadd-nnn files in my AppData\User\Temp directory. Have a hunch Eset B&PP "choked" when trying to remove/re-add these add-on files as part of B&PP processing.
  2. Upvote
    itman received kudos from 100 in zip bombs with zip64 not detected   
    It's detected now:

     
  3. Upvote
    itman received kudos from Ultra Male in Windows 1903 Windows Antimalware executable   
    That is not correct. See the below screen shot for Win 10 x(64) 1809.
    There are only three cases when these services would be running:
    1. Windows Defender is the default realtime scanner.
    2. Windows Defender periodic scanning option has been manually enabled.
    3. Effective with Win 10 1809 if the third party AV solution installed does not use the Windows Early Launch Anti-malware driver, Windows will additionally activate WD's realtime protection. It will run concurrent with the third party AV realtime solution.
    In any other instance when WD's realtime protection is running concurrent third party AV realtime protection, it would be indicative of either a malfunction within Windows itself or the third party AV solution installation processing malfunctioned.

     
  4. Upvote
    itman received kudos from Azure Phoenix in ESET Internet Security Firewall does not block MS Edge Browser   
    I certainly would not block smartscreen.exe since it is a Win 10 native protection mechanism.
  5. Upvote
    itman received kudos from BeanSlappers in Microsoft Edge Chromium   
    Follow the procedures listed in this Eset knowledgebase article: https://support.eset.com/kb3126/ .
    If that doesn't work, you have three other options:
    1. Do what @Marcos suggested previously. Using the FireFox about:config option, set the following parameter, security.enterprise_roots.enabled, to true. This can be done by simply toggling on the parameter. This will force FireFox to use the Windows root CA certificate store for Firefox root certificate verification.
    2. Use Windows certmgr.msc tool to export the Eset root certificate from the Windows root CA certificate store. You can then import the created .cer file into FireFox's Authorities certificate store.
    3. Uninstall and reinstall Eset.
  6. Upvote
    itman received kudos from BeanSlappers in Microsoft Edge Chromium   
    At this point, I would assume the Eset root certificate is not installed in FireFox. You can verify this by opening FireFox's Options and selecting the following:
    Privacy & Security -> Certificates -> View Certificates.
    At this point, FireFox's Certificate Manager should be displayed. The Authorities tab should have opened by default; if not, select that tab. Scroll down to where certificate names beginning with "E" are located and search for certificate beginning with "Eset."  
  7. Upvote
    itman received kudos from Aryeh Goretsky in Time For Eset To Issue A-V Comparatives Realtime Test Transparency Reports   
    Background
    For some time, there have been forum postings regarding Eset's scoring in this test series. This has resulted in long and oftentimes mindless discussions on this issue. I am sure Eset has better use for its forum disk space.
    Solution
    Microsoft a while back adopted the use of published AV lab "transparency" reports to respond to its scoring in select AV lab tests. Their reports reflect typical Microsoft verbose detailing as only a concern with the resources it has to allocate to such an undertaking. Here's an example of a transparency report: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports .
    I think it would be sufficient that Eset's report simply state the samples missed along with a brief explanation as to the cause for non-detection and corrective action implemented. Of course, there should be verbiage provided if Eset disputed the AV lab non-detection finding.  
  8. Upvote
    itman received kudos from 100 in SSL/TLS filtering doesn't work for many sites   
    As far as I am aware of, you can't use certificate exclusions this way. They are use primarily to exclude a web site from being scanned.
    So your statement is correct; Eset's build-in scanning exclusion list overrides everything.
  9. Upvote
    itman received kudos from BeanSlappers in The "System Cleaner" tool does nothing.   
    The purpose of the tool is to correct changes made by malware after a detection has been found. The tool should not be used in day to day use to verify if Win default settings are correct.
    As far as not noticing changes to your desktop and the like, most of the tool's changes would be "invisible;" like changes to Win utility processes; e.g. system restore, or registry changes.
  10. Upvote
    itman received kudos from Rami in Am I having too many Edge connections?   
    I never attempted to block Cortana using Eset HIPS. I use O&O ShutUp 10 to "harness" its activities.
  11. Upvote
    itman received kudos from BeanSlappers in Am I having too many Edge connections?   
    I never attempted to block Cortana using Eset HIPS. I use O&O ShutUp 10 to "harness" its activities.
  12. Upvote
    itman received kudos from BeanSlappers in Time For Eset To Issue A-V Comparatives Realtime Test Transparency Reports   
    Background
    For some time, there have been forum postings regarding Eset's scoring in this test series. This has resulted in long and oftentimes mindless discussions on this issue. I am sure Eset has better use for its forum disk space.
    Solution
    Microsoft a while back adopted the use of published AV lab "transparency" reports to respond to its scoring in select AV lab tests. Their reports reflect typical Microsoft verbose detailing as only a concern with the resources it has to allocate to such an undertaking. Here's an example of a transparency report: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports .
    I think it would be sufficient that Eset's report simply state the samples missed along with a brief explanation as to the cause for non-detection and corrective action implemented. Of course, there should be verbiage provided if Eset disputed the AV lab non-detection finding.  
  13. Upvote
    itman received kudos from camelia in Am I having too many Edge connections?   
    Oh, my. This is one reason why I am always hesitant about showing my HIPS rules when asked. You should review HIPS rule creation using Eset built-in online help on the subject.
    1. For the first screen shot. change the Rule name prefix from "CameRule:" to "User rule:" All user created rules should use this prefix. No need to log any events since you already know you're blocking Edge start up. Click the "Next" button.
    2. As far as the second screen - Source applications, you ignored my previously posted instructions. Click on the down arrow next to where "Specific applications" is displayed and select "All applications." Click the "Next" button.
    3. Your next screen displayed at this point should be Application operations. Deselect "All application operations." Select "Start new application." Click the "Next" button.
    4. The next screen displayed should be "Applications." Click on the down arrow next to where "All applications" is displayed and select "Specific applications." Click on the "Add" tab. Now enter the full path name for Edge there. Warning - verify that the EDGE .exe is actually stored at that location. Remember what I posted previously is for ver. 1809. Click on the "Finish" button.
    5. Click on any subsequent "OK" button shown to save your newly created HIPS rule.
    6. Reopen the HIPS section and verify that your rule was created as specified.
    Note this is my last instruction posting to you on how to create HIPS rules.
  14. Upvote
    itman received kudos from camelia in AV-Comparatives Real-World Protection Test February-June 2018   
    Microsoft a while back got a lot of free press on how Windows Defender ATP was able to detect a a zero day malware. What Microsoft didn't publicly disclose at the time but did so later via a blog detailed analysis of the incident is the following. At least 6 WD ATP installations were infected by the malware prior to Azure AI cloud server analysis returned a positive identification of malware status. BTW - those infected installations were all located in a specific region within Russia.
    Bottom line - there is no such thing as 100% 0-day protection. If there was, that concern would in short order be the only security solution used and all other AV vendors would cease to exist.
  15. Upvote
    itman received kudos from camelia in Am I having too many Edge connections?   
    The Eset HIPS rule I monitor Edge execution with is shown below. Source applications setting for this rule is "All applications."
    Note: This rule works for me using Win 10 x(64) 1809. I haven't validated that this is so on 1903 since I haven't installed it yet.

     
  16. Upvote
    itman received kudos from camelia in Am I having too many Edge connections?   
    https://www.wilderssecurity.com/threads/how-do-i-stop-edge-from-automatically-starting.406358/
  17. Upvote
    itman received kudos from BeanSlappers in AV-Comparatives Real-World Protection Test February-June 2018   
    Eset and other AV vendors get data from malware feeds and honeypots world-wide. The problem is that there are certain geographic areas such as China for example, where access to such data is restricted, filtered, or otherwise difficult to obtain in  a timely fashion. Of course, malware dispersion and frequency is a major factor in detection by the aforementioned. If only a few samples exist in the wild, their targets are restricted to a specific area or business concern, etc., the likelihood of quick detection by existing monitoring methods are quite low. 
  18. Upvote
    itman received kudos from BeanSlappers in AV-Comparatives Real-World Protection Test February-June 2018   
    This again shows your obvious disconnect with the "real malware world." Not the simulated one put forth in AV lab testing.
    Someone recently sent me a malware 0-day sample that only recently had been detected by 6 AV vendors at Virus Total. Half of those vendors specialize in malware detection circulated in the country where the malware had been discovered. The remaining detection vendors specialize in malware detection in the specific region.
    BTW - this malware specifically targeted Windows Defender and bypassed it. So if other AV solutions did not detect it, is that a missed detection since it was not a threat to them?
  19. Upvote
    itman received kudos from Azure Phoenix in Microsoft Edge Chromium   
    I did some testing a while back in regards to Edge and Eset B&PP. Now, it is possible things have changed since then.
    I set Edge to my default browser. Manually running Eset B&PP from the desktop opened Edge as a protected browser w/o issue. Whether Eset B&PP was fully functional in regards to keystroke protection and the like, I did not test for.
  20. Upvote
    itman received kudos from Sammo in AV-Comparatives Real-World Protection Test February-June 2018   
    Here we go again. Windows Defender had a whopping 74 false positives in this test. Refer to the below screen shot that clearly shows that WD "block-at-first-sight" was set to aggressive setting level; basically blocking execution of any process without established reputation. Whereas this might be acceptable to advanced security level professionals, it certainly isn't so for the average user; especially for corp. users.
     
    -EDIT- Also 55 of the WD 74 false positives were user dependent block/allow action. It is a no-no to have the user decide if a process is malicious or not:

    Ref.: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/
    Finally and most important, note the following. A-V C does not factor false positive scoring into its protection scores for its realtime tests as is done for its more comprehensive malware protection test series. Using the above false positive scoring criteria of 50% of user decisions are wrong, WD would have scored 27/752 or 96.4% placing it at the bottom of the protection scoring heap.
  21. Upvote
    itman received kudos from camelia in Am I having too many Edge connections?   
    Refer to wilderssecurity.com that has multiple postings on this issue.
    In summary, Win 10 will try it's darnedest to keep Edge always running. Since I don't use Edge as my browser, I just block its start up with an Eset HIPS rule. This has resolved the issue for me.
  22. Upvote
    itman received kudos from Sammo in AV-Comparatives Real-World Protection Test February-June 2018   
    A-V C is "very creative" when it comes to finding samples for its Realtime test series. It's not uncommon for it to slip in a few samples that are geographically restricted to one country and/or region within with an "in-the-wild" dispersion of < 10. The odds of encountering one these samples in close to zero.
  23. Upvote
    itman received kudos from Sammo in AV-Comparatives Real-World Protection Test February-June 2018   
    I assume the reference is to this year's most recent A-V C Realtime test where Eset scored 98.4%; approximately the same as it has previously scored recently in this test series.
    If one has concerns about Eset, refer to this more comprehensive test series where over 10,000 malware samples are used: https://www.av-comparatives.org/tests/malware-protection-test-march-2019/ . Eset scored 99.86% for malware protection.
    Again, this is only one AV Lab's test; and test series for that lab. Refer to all the AV lab tests that Eset participates in and you will observe that Eset is a top scorer overall.
  24. Upvote
    itman received kudos from peteyt in Windows 7 vs Windows 10??   
    I believe this article sums up the differences nicely:
    https://wtop.com/tech/2018/06/is-windows-10-safer-than-windows-7/
  25. Upvote
    itman received kudos from camelia in Importing setting to new HDD?   
    https://forums.geforce.com/default/topic/1056140/geforce-drivers/defeating-nvidias-telemetry/post/5830317/#5830317
    Personally, I just disable the Nvidia Telemetry service and leave it at that. I haven't seen any outbound Nvidia traffic after that. I also can't vouche the the above rundll32 method since I never used it.
    As far as blocking GeForce Experience outbound activity, the best way to stop it is never install it or uninstall it. Also according to this article, nothing Nvidia Telemetry or Geforce Experience does is supposedly nefarious: https://www.howtogeek.com/280101/relax-nvidias-telemetry-didnt-just-start-spying-on-you/
×
×
  • Create New...