Jump to content

itman

Most Valued Members
  • Content Count

    6,545
  • Joined

  • Last visited

  • Days Won

    174

Kudos

  1. Upvote
    itman received kudos from Aryeh Goretsky in eamsi.dll blocked from Videogame Counterstrike Global Offensive   
    Also the problem here appears to be not Eset's eamsi.dll, but CSO's new "Trusted mode" feature that is also causing issues with other running software: https://www.pcgamer.com/csgos-trusted-mode-anticheat-system-is-live-but-its-causing-problems/
    Believe this is something that needs to be reported to CSO's developers. Security software mechanisms that worked prior to Trusted mode implementation should also be allowed in this new mode.
    Also of note:
    https://blog.counter-strike.net/index.php/2020/06/30683/
    It also appears that Symantec does offer Authenticode signed certificates: https://urlssl.net/symantec-code-signing-certificate.html . Therefore the issue is not with Symantec certs. per se.
    -EDIT- Believe this is the issue with CSO. Eset's cert. for eamsi.dll is not an EV cert.. However, Eset also countersigned eamsi.dll with it's Microsoft issued driver cert. which is an EV cert.. This appears to satisfy most apps requirement for an Authenticode signed certificate, but not for CSO it appears. This is also why Code Integrity errors are being thrown by some apps.
  2. Upvote
    itman received kudos from mallard65 in Slow Virus Scan After Update   
    Here's the problem.
    The default Eset scan uses the Smart profile. Scans targets are N/A for this scan type. Appears Eset selects them by default and its including the Registry and WMI database scans.
    My present workaround till this is fixed was to create a new scan profile named; e.g. Smart scan w/o registry and WMI, and set that as the default profile. See below posting.
  3. Upvote
    itman received kudos from mallard65 in Slow Virus Scan After Update   
    Run a default scan which uses the Smart scan profile by default.
    If it isn't obvious that a registry scan is running which should be, scroll to the top of files being scanned window where the scan parameters are shown. You will indeed note that a registry and WMI scan has been selected by default.
  4. Upvote
    itman received kudos from mallard65 in Slow Virus Scan After Update   
    This doesn't work! Any profile based scan auto scans registry and WMI. Doesn't bode well for anyone that has set up Eset scheduled scans,
    Only thing that appears to bypass the registry and WMI scanning is a Custom scan with of course, those options not selected.
  5. Upvote
    itman received kudos from r1man in Manual update   
    Yes.
  6. Upvote
    itman received kudos from r1man in How many devices per one ESET Internet Security key??   
    I would simplify it further; "Used" and "Available for use."
  7. Upvote
    itman received kudos from r1man in Manual update   
    I will also add that in-product updating is always a more secure update method that manual updating; contrary to popular belief. Manual updating opens one up to a phishing attack. A recent example is the WastedLocker ransomware that deployed a fake Google Chrome update request.
  8. Upvote
    itman received kudos from r1man in How many devices per one ESET Internet Security key??   
    What it's showing is one license seat has been activated and one license seat is available.
    Eset's uses the term "seat" to refer to how many devices Eset can be installed on. In your case, you only have one Eset license issued to you and that license can be installed on up two a maximum of two devices; i.e. seats.
  9. Upvote
    itman received kudos from Aryeh Goretsky in Uploaded but still always a false positive   
    The only way to get rid of this detection is to get an UEFI/BIOS version from Lenovo that doesn't include the Computrace components and re-flash the UEFI/BIOS.
  10. Upvote
    itman received kudos from r1man in WMI provider crash   
    Periodic WMI crashes have occured before: https://support.microsoft.com/en-us/help/959493/the-wmi-provider-host-program-wmiprvse-exe-may-crash-on-a-windows-serv
    So I  suspect an issue exists in Win 10 2004 given all its problems to date. Why this might manifest with Eset installed remains to be determined.
  11. Upvote
    itman received kudos from mimii in Help with Connected Home Monitor   
    First, just what is KMS-R@1n.exe?
    https://www.quora.com/What-is-KMS-R-1n-exe-Does-it-affect-my-computer?share=1
    If you are using a "cracked"; i.e. illegal version, of the Windows OS or any other legit Microsoft software, removal of KMS components will cause all licenses associated with them to become invalid. If all your software licenses are legit paid ones from the software manufacturer, then there is no reason for KMS associated components to remain on your PC.
    This situation is also a classic example of why Eset does not enable the potentially unwanted software option by default. Eset's stance to date is they are not the "software license police." The previous said, using of cracked software these days is a risky undertaking since the crack installers are increasing being used to push malware on installed devices.
  12. Upvote
    itman received kudos from mallard65 in Eset Internet Security 13.2.14.0?   
    Simple answer here folks is Eset normal channel release updates are region specific. Select countries will see the release prior to other countries. It has always been this way.
  13. Upvote
    itman received kudos from razorfancy in Eset Internet Security 13.2.14.0?   
    Simple answer here folks is Eset normal channel release updates are region specific. Select countries will see the release prior to other countries. It has always been this way.
  14. Upvote
    itman received kudos from A-VT in Does ESET Online Scanner use heuristics?   
    As far as I am aware of, Eset's online scanner has all the features its installed paid version has in regards to file scanning. That would include heuristics, in program sandboxing, and the like. Assumed that would also include file uploading of any malicious detections since Eset uses those for analysis purposes.
    Also note that heuristic analysis is most beneficial when analyzing executable's at startup time. Your only going to have that capability if you purchase the full Eset version that includes real-time, HIPS, Advanced Memory Scanning, Advanced Machine Learning, and Deep Behavior Inspection protections.
  15. Upvote
    itman received kudos from Super_Spartan in NOD32 causes Tobii eye-tracking to have High CPU Usage   
    Tobil has an article about excessive CPU use caused by AV scanners here: https://help.tobii.com/hc/en-us/articles/115004039965-High-CPU-usage .
    Since the article is 3 years old, it is not a new issue. It appears the present Eset real-time performance exclusion might be be the best current mitigation until Eset can research the issue and find a fix. You might want to open a technical support request to Eset so the issue is documented.
    I also noticed in the VirusTotal analysis that this is a .Net app and a lot of downloading occurs from it. Suspect the scanning of these downloads is why CPU acitvity spikes.
     
  16. Upvote
    itman received kudos from Super_Spartan in NOD32 causes Tobii eye-tracking to have High CPU Usage   
    Do you have Eset Gamer mode enabled in Computer protection section?
    Another possibility is Eset Webcam protection in the same section. Eset might be somehow treating this eye interaction device as a webcam.
  17. Upvote
    itman received kudos from Mirek S. in I Am Fed Up With The Eset Forum Website   
    So far, so good. Will post again if it starts acting up again.
  18. Upvote
    itman received kudos from snowhite in What is secure Wi -fi solution and do I need it?   
    A few additional recommendations here: https://solutionsreview.com/wireless-network/best-practices-for-small-business-wireless-security/
  19. Upvote
    itman received kudos from mallard65 in Windows 10 Update Errors with ESET   
    The default setting for the Win Update service in Win 10 1909 and I assume 2004, is manual(triggered). In other words, the OS starts the service as needed and then terminates when Win Updating completes. The service is set this way on my Win 10 1909 build and I have had no issues with Win Updating with EIS 13.1.21 installed.
    My opinion is for anyone having issues with Win Updates, the issue is not with Eset SSL/TLS protocol scanning but rather with the Win Update feature itself. Win Updating on all OS versions is notoriously buggy and frequently becomes corrupted for various reasons.
  20. Upvote
    itman received kudos from New_Style_xd in Block Chrome update   
    Reading through all the numerous web postings on how to stop Chrome and Google updating, the Group Policy method appears to be the best method: https://stackoverflow.com/questions/18483087/how-to-disable-google-chrome-auto-update . However, one needs a Win Pro+ version to use Group Policy.
    In the same above linked thread was posted:
    Therefore I recommend you create a new Eset HIPS user rule to do the equivalent. The screen shots given  below show how to do this. After mouse clicking on the Finish tab shown in the last screen shot, mouse click on any subsequent OK tab shown to save the HIPS rule.

     



  21. Upvote
    itman received kudos from Nightowl in ESET I.S. Agressively blocking URL, can't find app   
    In regards to what this malware JavaScript malware does, a few observations.
    In addition to other system modifications, it creates a new network service. It also creates a copy of wscript.exe in the C:\Users\Public directory. Assumed it is using that copy to execute any additional scripts the malware deploys. So if one is indeed using Eset HIPS to monitor wscript.exe startup, you would have made target application in the rule C:\Windows\System32\wscript.exe. As such, this rule will not detect wscript.exe startup from any other directory location.
    This gets us to Eset's "stone age" HIPS capability. I for one have "been harping" for some time about the lack of global wildcard capability. That is a specification such as *\wscript.exe that would detect wscript.exe PE use regardless of where it is located. -EDIT- How this would be deployed is one "ask" HIPS rule for C:\Windows\System32\wscript.exe. Then one "block" HIPS rule for *\wscript.exe. This would also enable blocking of abused legit "living of the land" utilities such as those included in the SysInternals suite; e,g. PsExec, that can be maliciously deployed from any directory.
    BTW- the dropping of executable's into the C:\Users\Public directory is a technique used by North Korean hackers. One possible source where the malware is originating from.
  22. Upvote
    itman gave kudos to Marcos in ESET I.S. Agressively blocking URL, can't find app   
    The script is malicious and has been detected by ESET since Feb. As of the last update it's also detected without an extension
  23. Upvote
    itman received kudos from Nightowl in ESET I.S. Agressively blocking URL, can't find app   
    The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script.
    Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120
     
  24. Upvote
    itman received kudos from Peter Randziak in ESET I.S. Agressively blocking URL, can't find app   
    The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script.
    Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120
     
  25. Upvote
    itman received kudos from Mirek S. in Revoked certificate   
    The certificate for the web site has been revoked: https://www.ssllabs.com/ssltest/analyze.html?d=clik.tradingacademy.com
    Contact the web site administrator of this status. Or contact the concern by whatever means and inform them of this status.
    Note: regardless of Eset use or not, any browser will also reject the connection to this web site due to it's revoked certificate status.
     
×
×
  • Create New...