Jump to content

itman

Most Valued Members
  • Content Count

    7,320
  • Joined

  • Last visited

  • Days Won

    186

Kudos

  1. Upvote
    itman received kudos from LesRMed in A new virus?! (Eset + Microsoft defender and Windows updates are gone)   
    Hard to say what went on in this device in the week or so since this malware was detected. From MBAM's findings to date, it appears to be coin mining related. But who knows if a backdoor or more malware, spyware, etc. were also installed in the interim?
    If it were my device, I would indeed reformat and reinstall Win 10 20H2.
  2. Upvote
    itman received kudos from reisender1967 in Banking & Payment protection not working after enabling new security feature of Mozilla Firefox v83.0   
    First, here's a write-up on the feature: https://www.askvg.com/tip-enable-https-only-mode-for-websites-in-mozilla-firefox/
    Next, I enabled the feature in Firefox. There is no problem with accessing my bank's web site if I open B&PP via desktop icon. However if I try to access my bank's web site via a normal Firefox browser session, I get the same Eset help web page redirection as described.
    Of note is B&PP uses a separate Firefox profile than the one used in normal Firefox mode. So I also set;
    dom.security.https_only_mode
    to true in that profile.
    Still a no go as far as B&PP mode opening from regular browser mode. My suspicion is has something to do with the HTTPS always mode setting interfering with the initialization of  Firefox protected B&PP mode.
    Don't believe this be a quick fix by Eset. In any case, one can gain access to their banking web site with this HTTPS setting always on via B&PP desktop icon.
    Personally I believe this HTTPS setting always on in Firefox is not needed since Eset scans all HTTP traffic the same way it scans HTTPS traffic; abet w/o MitM SSL/TLS protocol scanning mucking up things.
  3. Upvote
    itman received kudos from shocked in Who and what is 'Taboola'? Is this a security/privacy issue?   
    It most certainly is shown in EasyPrivacy list in uBlock Origin. Do you have that TPL enabled?

    Another reason might be the following from the above linked article I posted:
    I used to use Nano Adblocker for this. Since it has been sold and the controversy surrounding that, I have totally removed it from FireFox. Instead, I am using AdGuard Base and AdBlock Warning Removal List TPLs and they appear to be working based on my posted detection.
  4. Upvote
    itman received kudos from Box in EGUI Application Modification Alert   
    Since the default rule exists, delete any like custom rule you created.
  5. Upvote
    itman received kudos from Box in EGUI Application Modification Alert   
    Next time the alert appears, click on the "Approve" tab.
  6. Upvote
    itman received kudos from JozefG in EIS Desktop Notification   
    If you actually removed Windows/Microsoft Security Center, that is the reason for the alert. It is a critical component of the Win 10 OS and needs to be installed and be functional. It not only controls Windows/Microsoft Defender and firewall use or non-use when a third party anti-virus solution is installed, but many other critical internal security components such as ; Win account, app & brower (exploit), and device security protection. It also monitors device performance and health status.
  7. Upvote
    itman received kudos from Box in EGUI Application Modification Alert   
    Check you existing Eset firewall rule set and verify that a rule exists for C:\Program Files\ESET\ESET Security\equi.exe. If one exists, verify it is set to allow inbound and outbound traffic. Otherwise, manually create a new rule for it. Move this equi.exe rule to the bottom of existing default firewall rules. You can use the default existing ekrn.exe rule as a guide for equi.exe rule creation.
    I believe this should stop the equi.exe alert after a new app rule is created firewall Interactive mode.
  8. Upvote
    itman received kudos from Box in EGUI Application Modification Alert   
    This would be normal behavior in firewall Interactive mode if an existing app hash value changed and a previous firewall rule existed for it. However, equi.exe is Eset signed so there might be a bug there.
    You're going to keep getting the alert until you respond to keep existing firewall rules which I would select, or to create a new firewall rule for the app.
    You can also manually verify that equi.exe in C:\Program Files\ESET\ESET Security is also Eset signed indicating it is legit.
  9. Upvote
    itman received kudos from Peter Randziak in Protocol filtering stops access to emails   
    Also has been pushed to regular update channel.
  10. Upvote
    itman received kudos from camelia in What I should do with the duplicates rules?   
    First, monitoring Win 10 individual services via Eset firewall is somewhat an effort in futility. Eset attempted that a while back in a prior release and quickly abandoned it. Hence, why all Eset default firewall rules for svchost.exe are not service specific. Why? Because there are many hidden services used by Windows that are not specifically listed or controllable via Control Panel -> Admin Tools -> Services.
    In regards to DoSvc, it is Win 10's Delivery Optimization service used to speed up downloading of Win Updates primarily but also used for other Microsoft apps. If Win 10 is not restricted in some form on how updating is performed, you can end up with what is described here: https://social.technet.microsoft.com/Forums/windows/en-US/b94d8e74-58de-451a-b137-7ec2028adc27/delivery-optimization-service-downloading-something-and-using-all-my-bandwidth . Win 10 introduced runtimebroker.exe via BITS processing that allows one service to spawn multiple instances of another service/process. This is in effect what your Eset firewall rule set shows in regards to DoSvc service. Also what service is actually started in regards to DoSvc is C:\WINDOWS\System32\svchost.exe -k NetworkService -p.
    My advice - quit globally monitoring individual service outbound network traffic via Eset firewall.
  11. Upvote
    itman received kudos from Guided in The "System Cleaner" tool does nothing.   
    The problem with the tool is it will show only the area where Win settings have been alerted; not what the specific change was.
    Here's an example. On my Win 10 build, I modified system restore settings to do so only for the drive it is installed on; not for all the drives I have installed. When I run the tool, it only informs me that a change has occured to System Restore settings. If I run the tool, system restore will be reset to run all my drives.
    Bottom line - if you are one that makes custom mods. to Win settings, this tool will remove all your custom settings.
  12. Upvote
    itman gave kudos to chileverde in Says protect all browsers (most?)   
    Pipes,
    If you're still following this thread, please consider this...
    I had my whole family switch to Waterfox for the same reasons you used it. It was a great story that it was created by a 16-year-old and protected users' privacy. Only that has changed: it Alex sold out to a company that is in the business of data collection. Please read more here:
    https://restoreprivacy.com/browser/secure/
    (Search for "Waterfox".)
    Now we use Firefox. Suggested privacy settings are at https://restoreprivacy.com/firefox-privacy/.
    Another privacy expert, Michael Bazzell, also recommends Firefox as the most secure browser (hxxp://inteltechniques.com).
    I get additional privacy using uBlock Origin and Disconnect extensions (recommended by Bazzell).
    I have used Eset products, starting aith NOD32 antivirus, since 2005. I've been happy with the products and with their support.
  13. Upvote
    itman received kudos from VanBuran in ESET Internet Security 14 version release date   
    Is your Eset update profile - update type, set to "Ask before downloading update?"
  14. Upvote
    itman received kudos from Aryeh Goretsky in Hoping ESET will work   
    Eset scans the boot sectors; e.g. MBR, for malware on BIOS based devices. It does not scan the BIOS since those settings are firmware related and are retained in chip memory on the motherboard. There is no way Eset can physically access that area.
    BIOS based malware is very rare and usually is a result of a hacked BIOS firmware update. If you have reason to believe you have BIOS based malware, you should download the latest BIOS firmware update from your device manufacturer's web site and re-flash the BIOS.
    Note that BIOS setting corruption is often caused by a dead battery attached physically to the motherboard. This battery supplies power to the chip memory when the device is A/C powered off to retain existing BIOS settings in the chip memory.
    UEFI based systems also deploy a BIOS like component but add an interface component to the OS stored in a hidden partition on the drive Windows is installed on. Ref.: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions . Eset scans this UEFI partition for malware. It again has no way to physically access settings stored in firmware.
    Also note that the source of the Lojax UEFI malware was a firmware setting built in by the device's manufacture. As far as the second known UEFI malware, it requires physical access to the device;
    https://arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-found-lurking-in-the-wild/
    Here's a good article on the difference between BIOS and UEFI based systems: https://www.howtogeek.com/56958/HTG-EXPLAINS-HOW-UEFI-WILL-REPLACE-THE-BIOS/
    Finally note that although Eset can detect known UEFI based malware, it cannot remove them. Again, the only way to do so is to re-flash the UEFI with the original or latest device manufacture's update. Ditto for BIOS based boot sector malware. The MBR needs to be restored with a backup of it. If no backup exists, then by rebuilding the individual boot sector components via Win 10 recovery environment.
  15. Upvote
    itman received kudos from MarcFL in Here are the Release Notes for New Version 14.0.21.0   
    Appears Eset has changed how it is announcing and detailing new releases: https://support.eset.com/en/kb7674-what-s-new-in-eset-version-14-home-products
  16. Upvote
    itman received kudos from Page42 in Windows Action Center telling me that ESET Security is turned off   
    Appears you're going to have to wait for Eset to fix this.
    As posted on wilderssecurity.com, even a fresh install of 14.0.21 is borking the Win Security Center on select Win installations.
  17. Upvote
    itman received kudos from Page42 in Rude and unhelpful customer support   
    This incident does prompt the issue of just whom is an "authorized Eset Partner." Finding that info on the web is next to impossible.
    A consumer will always try to find the lowest price for any product assuming other purchase considerations are the same. In the U.S., newegg.com will run periodic sales on Eset products. Newegg is a major Internet retailer in the U.S.. I have never had an issue with purchasing an Eset license with them. However, no where on the web can I find Eset listing them as an "authorized partner." Assumed here is Eset's in-country subsidiaries do in fact have sales relationships with other sources but it appears do not want to publicly disclosed those relationships. 
    In reality from what I can determine is in the U.S., the only listed Eset authorized partner is Eset themselves.
    Bottom line is that it appears to me that Eset is trying to receive the highest sales price by redirecting to their own internal in-country web sites. Also all the above is why individuals end up purchasing a license from an unauthorized source.
  18. Upvote
    itman received kudos from Aryeh Goretsky in Should I be concerned with newly jumpdrive from China?   
    If the Chinese wanted to embed something on the drive, they would do so in the drive firmware at manufacturing time. Ref.: https://lifehacker.com/how-to-check-your-usb-devices-for-unsafe-firmware-1841773522
    As a rule, I reformat new USB drives primarily to get rid of any crud utilities the manufacture's love to load on these drives. Also, to set the drive to NTFS format which is more secure than the default FAT32 format.
  19. Upvote
    itman received kudos from karlisi in Rude and unhelpful customer support   
    Also since this invalid license issue keeps arising in the forum, I will say this.
    Eset and every other company I know of will not assist in any way for a misappropriated product. For what it is worth, I believe Eset "goes out of its way" in these situations.
    It is repeatedly stressed in this forum to only purchase a license directly from Eset or one of its in country authorized distributors.
  20. Upvote
    itman gave kudos to SeriousHoax in Rude and unhelpful customer support   
    We can't change what happened and you're unlucky that a non-authorized seller sold you a pirated license 2 years ago.
    Now if you're still reluctant to buy from your local ESET website then you may go to one of the authorized partner by yourself and buy a physical copy of it from there and this time make sure to register the ESET license to your ESET account. An account isn't needed but it lets you see if the license you is being used on a PC or not.
    https://www.eset.com/lt/platintojai/
  21. Upvote
    itman received kudos from LesRMed in Rude and unhelpful customer support   
    Also since this invalid license issue keeps arising in the forum, I will say this.
    Eset and every other company I know of will not assist in any way for a misappropriated product. For what it is worth, I believe Eset "goes out of its way" in these situations.
    It is repeatedly stressed in this forum to only purchase a license directly from Eset or one of its in country authorized distributors.
  22. Upvote
    itman received kudos from bpat in Should I be concerned with newly jumpdrive from China?   
    If the Chinese wanted to embed something on the drive, they would do so in the drive firmware at manufacturing time. Ref.: https://lifehacker.com/how-to-check-your-usb-devices-for-unsafe-firmware-1841773522
    As a rule, I reformat new USB drives primarily to get rid of any crud utilities the manufacture's love to load on these drives. Also, to set the drive to NTFS format which is more secure than the default FAT32 format.
  23. Upvote
    itman received kudos from Nietzsche in Once again, cannot completely disable window's defender after massive windows update   
    Using Win 10 Task Manager, mouse click on startup tab and see if Win Defender is listed there for some reason. If it is, disable it there and reboot. Then check to see if its still running.

  24. Upvote
    itman received kudos from Aryeh Goretsky in Method of detection   
    Eset scans files using normal and advanced heuristics at file creation time.
    However, some malware may have obfuscated or encrypted code that will not reveal itself until process execution time. As @Marcosnoted, Eset has additional mitigations to scan for malware after it has uncloaked in memory. However, these are post-execution mitigations. 
    Eset also has a subscription option named Dynamic Threat Defense: https://help.eset.com/edtd/en-US/overview.html that will perform a full cloud sandbox analysis on executable's prior to their actual execution. It can be optionally set to block process execution until full sandbox analysis verdict is rendered.
    It also needs to be explored in more detail just how this "solution" is creating these malware samples in this special folder. For example, what makes this folder/directory "special' from any other folder created on the device? If this folder is locked by the OS for some reason, Eset can't access what is being created in it.
  25. Upvote
    itman received kudos from shocked in latest ESET contacting 72.21.81.200   
    Eset URLs and associated IP addresses are "no big secret." They are listed here: https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall
     
×
×
  • Create New...