Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won



  1. Upvote
    itman received kudos from gu3r1l9 in Unsual Open Network Services notification   
    Some further info on Telnet. Port 23 is not the only port used. Port 107 is used by Remote Telnet.
    Also there is a way to shut down all Telnet activity using the Eset firewall. You would have to create a firewall rule to block all inbound and outbound activity specifying the protocol as "Custom" and the protocol number as 240 - 255. In other words, 15 firewall rules would be needed since the Eset firewall only also one protocol number to be specified per firewall rule.
    Ref.: http://www.networksorcery.com/enp/protocol/telnet.htm
  2. Upvote
    itman received kudos from gu3r1l9 in Unsual Open Network Services notification   
    To be 100% accurate in regards to telnet is the following. The telnet client is not installed on Win 10 by default: https://www.rootusers.com/how-to-enable-the-telnet-client-in-windows-10/ . As noted in the article if the telnet client is installed, any port can be used by it; not just port 23.
    When router's reference telnet, they are just referring to its default use of port 23. Disabling the telnet option on the router is just blocking all inbound/outbound WAN side port 23 TCP/UDP traffic to/from the router.
    When the router is set to bridge mode, you are  instructing the router to pass all inbound and outbound traffic through the WAN side of the router. All firewall, IDS, and protocol filtering methods on the router are disabled. Additionally, both NAT and stateful transmission detection are also disabled on the router. As such, you are now relying 100% on Eset's firewall for port 23 protection. Whereas Eset's firewall will block an unsolicited inbound port 23 traffic by default, such is not the case for any outbound port 23 traffic. By default, Eset allows all outbound traffic.
  3. Upvote
    itman received kudos from PERRYGOGAS in Removal of JS/ScrInject.b ???   
    Referring to the first two postings in this thread, browser ad and JavaScript blocking extensions and the like would not have prevented this activity.
    It appears something was installed manually. It could have be standalone software. If it was then the following were applicable:
    1. The software was installed prior to Eset being installed.
    2. Eset's PUA protection was/is not enabled.
    3. Eset's PUA detection was ignored and the poster allowed the software installation.
    Another possibility is the poster either explicitly or inadvertently installed a browser extension that contains the javacript code being detected.
  4. Upvote
    itman received kudos from Vinicius Renner in Installation stuck at 0%   
    I would start by running Eset's AV Remover tool: https://support.eset.com/kb3527/ to verify that no other AV products are installed and to remove them. If this tool can't remove them, then you will have to do so manually. Reboot your PC.
    Now try to install Eset Smart Security again. If it again hangs during the installation or doesn't install successfully, then do the following.
    Download and run Eset Installation Fixer: https://support.eset.com/kb3544/?locale=en_US&viewlocale=en_US . Reboot. Now try to install Eset Smart Security again.
  5. Upvote
    itman received kudos from kamiran.asia in Realtime module not functional   
    Also McAfee has an article on how to reset the affected registry key back to IMAGE_STATE_COMPLETE. Note that by doing so is at your own risk since the IMAGE_STATE_UNDEPLOYABLE status indicates an unsuccessful OS deployment:
    I suspect the OOBE issue that affects McAfee successful installation might also be affecting Eset successful installation/operation.
  6. Upvote
    itman gave kudos to Marcos in Ransomware SDEN   
    Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed.
    The OP was informed and improvements in protection were suggested.
  7. Upvote
    itman received kudos from Peter Randziak in Question about Web Protection   
    Let's analyze this in detail.
    First screen shot is ThreatSense settings for Web Access protection. The important setting to note is "Advanced heuristics/DNA signatures":

    The next two screen shots are for Realtime protection. The important thing to note is the omission of the "Advanced heuristics/DNA signatures" protection on base ThreatSense settings:

    And for file creation and execution,  advanced heuristics are performed for both. Of note is the absence of any reference to "DNA signatures":

    From the above, we can conclude that "DNA signature" usage is only used by default by Web Access protection. And that is indeed an issue. The solution to me appears to enable "Advanced heuristics/DNA signatures" scanning option for Realtime time protection. I assume that is disabled by default for system performance reasons.
    Also this issue doesn't just apply to FireFox Send delivered files. What about anything not Internet downloaded such as files on USB media?
  8. Upvote
    itman received kudos from Peter Randziak in Can No Longer View Who Is Logged Onto The Forum?   
    This just started today. All I see is myself?
  9. Upvote
    itman received kudos from galaxy in ESET I.S. alongside anti-ransomware programs   
    Both ZoneAlarm and CyberSight state that their compatible with all AV solutions.
    Since ZoneAlarm offers a 30 day free trial and CyberSight is freeware, best approach is to run Eset IS with either one during the 30 day period and monitor for any conflicts. If conflicts arise, most can probably be resolved by adding either product's main executable as an exception in Eset's Realtime and possibly the new Deep Behavior Inspection protection.
    Note that the most important point in evaluating any security software is how effective is its self-protection mechanism. If ransomware can disable ZoneAlarm or CyberSight, they are worthless for all practical purposes. Worse is if malware can inject code into same. Since you may have created an exception in Eset for the product, malware running from same can run unabated. 
  10. Upvote
    itman received kudos from TomFace in Weird site blocked   
    What I will say about this incident is based on @TomFace connection to an Israeli server, your ISP is suspect at this point. Appears it might be performing insecure routing through the Internet backbone. However, more proof will be needed in this regard.
  11. Upvote
    itman received kudos from camelia in What is wrong with maxsecureantivirus?   
    Probably the same company since Eset also blocks this URL.
  12. Upvote
    itman received kudos from jetspeedz in FW or HIPS window Alert closes too fast, how to make it stay up longer or find log of alert?   
    Eset kernel and firewall processes for ver. 12.1.34 use approx. 90K of memory on my Win 10 x(64) 1809 build as shown in the below screen shot. Assumed is memory usage will vary depending on Win OS ver. used.

  13. Upvote
    itman received kudos from camelia in Select Scan Target   
    Appears  /private/var/vm is used as some type of virtual memory swap disk on MacIntosh's:
    Remember that Google search is "your best friend" on questions like this.
  14. Upvote
    itman received kudos from camelia in What is wrong with maxsecureantivirus?   
    Eset's detection is correct.
    Did initial scan at URLVoid.com. That yielded Dr. Web detecting it as malicious. Viewed Quttera's analysis there and it showed a possible malicious status. So scanned the site at Quttera's web site which yielded the following:

  15. Upvote
    itman received kudos from asdasdasd in Reddit Site Block   
    No problem here using IE11 as shown by the below screenshot. Appears to me Eset might be having an issue perhaps with Adblock's connection? Temporarily disable AdBlock and see if the Eset alert still appears.

  16. Upvote
    itman received kudos from jadinolf in ESET version have been released.... ?   
    Just checked. It wasn't offered to me. So count yourself one of the "lucky ones."
  17. Upvote
    itman received kudos from rklumpp in Incorrect Ethernet Packet   
    Think I found a temporary solution until Eset has a fix for this.
    Create an IDS "Unexpected Network Protocol" exception with no IP address specified and everything else set to "No." Note: "Direction" in the rule must be set to "Both." 
    Initial test was to connect to Win Store and no Network log entries were generated. Although security-wise this is not an ideal solution, it is far better than totally disabling IDS protection.
  18. Upvote
    itman received kudos from Joliet_tech in Incorrect Ethernet Packet   
    I finally got "Incorrect Ethernet Packet" IDS exception to work. I had to set the Direction in the rule to "Both" and presently doing it by detected IP address; after verifying the IP address is associated with a Win Store connection.
    Sure hope Eset figures out what the problem here is proto. 
    -EDIT- Forget any exceptions. When I set direction to Both I started seeing blocked Google server connections appearing whose IP addresses were never seen before.
    Appears to me something serious is borked in IDS detection.
  19. Upvote
    itman received kudos from Joliet_tech in Incorrect Ethernet Packet   
    I am also starting to lean toward Port 0 usage by Microsoft as the possible culprit.
    This would not be the first instance I had in that regard using Eset. I believe in ver. 11, Eset changed something in this regard. My ISP for reasons beyond me does ICMPv6 pinging against my router; probably for connectivity purposes. My Win firewall event log was expanding a phenomenal rate  from block activity related to this. That plus Eset's firewall wizard showed the same  phenomenal counts. I resolved this one by just creating firewall rules to allow the activity for the IPv6 IP addresses involved.
  20. Upvote
    itman received kudos from AGH1965 in The Logic of your user interface (y/n)   
    Perhaps a bit of historical review will get things into proper perspective.
    Eset prior to ver. 9 had a "dated" but well-liked user interface. Starting with ver. 9, Eset adopted the current Metro style GUI. I assume that was for compatibility for all devices on which Win 10 could be installed on. There were a lot of complaints initially about the Metro style GUI; especially with changes made in regards to HIPS rule creation and editing. I am also one who did not like the changes made to the HIPS in regards to the Metro GUI adoption. Over time, I have adapted to the changes to the Eset GUI due to the Metro style changes.
    The point here is Eset laid out the GUI as best as it could in light of restrictions employed by use of the Metro style. Although it may be possible to perform limited changes to the Eset existing GUI, I really wouldn't expect to much in this regard.
  21. Upvote
    itman received kudos from camelia in EIS How do I disable a reminder?   
    As far as I am aware of, you can't. There is not separate user alert setting controlling the popup status alert. You can just close the popup alert by clicking on the "x" associated with it.
  22. Upvote
    itman received kudos from persian-boy in Python Question   
    Can Eset actually detect a Python script pre-execution if its packed and encrypted? Note that Win 10 AMSI does not scan Python scripts. -EDIT- also Python scripts "are famous" for running "sleeper" code designed to "wait out" heuristic scanning methods.
  23. Upvote
    itman received kudos from persian-boy in Python Question   
    Does Eset detect an executable created via PyBuilder in which the Python engine along with a script is bundled as a PUA? If not, it should.
  24. Upvote
    itman received kudos from TomFace in Error code 0x847695d7 when opening Firefox for banking   
    Although this article notes error code, 0x847695d0, I suspect it still applies in this case: https://support.eset.com/kb6408/?locale=en_US&viewlocale=en_US
  25. Upvote
    itman received kudos from confusedbloke in 1st part of site is fine, 2nd part apparently has HTML/ScrInject.B trojan?   
    It appears to me Eset is detecting something on the captcha web page and blocking it. My experience with such an occurrence is there might be other malware attempting to be served up from such a web page. So proceeding to enter data, etc. on that web page is done at your own peril.
    What you can try is suspending uBlock for that web page and observing what Eset detects on the web page.
  • Create New...