-
Posts
12,182 -
Joined
-
Last visited
-
Days Won
319
Kudos
-
-
itman received kudos from Nightowl in Eset Internet Security Errors In Event Viewer
Microsoft requires a special cert. only issued to vetted AV vendors to sign their amsi.dll. That cert. costs $$$$. Eset, always trying to save a buck, won't fork up the money to purchase the cert..
-
itman received kudos from Nightowl in Eset Endpoint Antivirus Web Filter Policy Not Block Tor Browser
FYI:
Block installation of Tor browser. Hash for current version is shown below:
-
-
itman received kudos from TheStill in problem updating ESET v9 product on Windows XP SP3 x32
It appears Eset terminated all support for Win XP yesterday:
-
itman received kudos from peteyt in problem updating ESET v9 product on Windows XP SP3 x32
It appears Eset terminated all support for Win XP yesterday:
-
itman received kudos from safety in problem updating ESET v9 product on Windows XP SP3 x32
It appears Eset terminated all support for Win XP yesterday:
-
itman received kudos from rotaru in Eset Will not Allow me to disable Auto-Renewal again!
Eset never ceases to flabbergast me on the way they do things. I am not "going to mince any words here."
What Eset is doing in regards accessing Eset eStore account data is not two factor authorization. 2FA requires two distinct authorization methods are performed prior to any account information is displayed. Entering publicly available data, displaying partial account data, and then performing a second authorization method from the partial account data screen is not an authorization method.
Refer to how major banks perform 2FA.
1. You access their public web site.
2. You enter the first authorization method on that web site. This is usually a user id and password.
3, Once the first authorization method has been verified, the second verification method is initiated. This may be the sending of a numeric code to a previous setup up phone number stored in existing user account data. Once that code is received, it is entered into the existing logon screen and account data access is granted.
Likewise, when e-mail link authorization is used which BTW is insecure, it would be initiated only after user id password authorization verification was completed.
There "must be something in the drinking water" there in Slovakia ..........................
-
itman received kudos from Nightowl in Some samples submitted but not processed
The problem is these rootkit driver samples were submitted to VT without any related software use. Unless the loaded driver is specifically used by one or more Win OS components, the loaded driver does nothing. This is confirmed by the cloud sandboxes that originally examined the drivers; none found them malicious.
Assumed is the security solutions that originally detected these drivers at VT did so via generic signature heuristic scanning detection.
Since CloudStrike Falcon detected the first driver sample as malicious at VT, I regenerated a new scan report at the Hybrid-Analysis web site: https://www.hybrid-analysis.com/sample/eaad75470e21084ab3a38f6cb0f3aa72d4203260515619f8703e3fc80e800d7a/6327815d896b877bb501614e . Besides factoring in existing VT AV detections, the other element in the malicious rating was a MITRE factor as to ntoskrnl.exe access. Again, it appears the driver code was examined versus any driver behavior activities.
-
itman received kudos from peteyt in Some samples submitted but not processed
The problem is these rootkit driver samples were submitted to VT without any related software use. Unless the loaded driver is specifically used by one or more Win OS components, the loaded driver does nothing. This is confirmed by the cloud sandboxes that originally examined the drivers; none found them malicious.
Assumed is the security solutions that originally detected these drivers at VT did so via generic signature heuristic scanning detection.
Since CloudStrike Falcon detected the first driver sample as malicious at VT, I regenerated a new scan report at the Hybrid-Analysis web site: https://www.hybrid-analysis.com/sample/eaad75470e21084ab3a38f6cb0f3aa72d4203260515619f8703e3fc80e800d7a/6327815d896b877bb501614e . Besides factoring in existing VT AV detections, the other element in the malicious rating was a MITRE factor as to ntoskrnl.exe access. Again, it appears the driver code was examined versus any driver behavior activities.
-
-
itman received kudos from Trooper in there is release date of version 16?
Here's Intel's article on its Threat Detection Technology: https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/threat-detection-technology.html . It's fairly obvious its only available on vPro platforms.
Since Eset's press release specifically references Intel® Threat Detection Technology, I am skeptical of any Eset enhancements not related to vPro w/9th gen.+ Core processor platforms.
-
itman received kudos from Trooper in there is release date of version 16?
https://www.intel.com/content/www/us/en/products/docs/processors/core/9th-gen-core-desktop-brief.html
Pertaining to Intel SGX:
https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html
Obviously, a vPro setup w/Eset additions will offer superior protection.
-
itman received kudos from Trooper in there is release date of version 16?
I will also add, Kaspersky has had a UEFI based AV solution for some time: https://usa.kaspersky.com/antivirus-for-uefi . All that is required is the OEM motherboard vendor has to employ it in its firmware.
-
itman received kudos from Trooper in there is release date of version 16?
This article explains what the differences are between Intel processor's and vPro based platforms: https://www.differencebetween.com/difference-between-intel-core-i7-and-vpro/ .
"In a nutshell" Intel vPro refers to features only available on select Intel processor and motherboard combo's. As a rule, Intel motherboards are expensive resulting in them only present in high-end business class PC's.
-
itman received kudos from Trooper in there is release date of version 16?
Doesn't apply to me or many others using non-business class PC's or one's that use AMD CPU's:
-
itman received kudos from micasayyo in there is release date of version 16?
Per Eset press release:
Eset did not specifically state they will not support pre-9th Gen processors. Support for older vPro compatible processors might be added at a later date.
-
itman received kudos from micasayyo in there is release date of version 16?
https://www.intel.com/content/www/us/en/products/docs/processors/core/9th-gen-core-desktop-brief.html
Pertaining to Intel SGX:
https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html
Obviously, a vPro setup w/Eset additions will offer superior protection.
-
itman received kudos from Nightowl in How Do I Block Pop-Up Ads
I would recommend the uBlock Origin browser extension. By default, it will enable all its major TPL's plus EasyList/Privacy TPL's and offers the ability to enable other TPL's such that you might think relevant. You can also add custom block lists from sources such as GitHub.
-
itman received kudos from persian-boy in LiveGuard Question
Verify the following highlighted setting is enabled in Eset GUI:
Also verify that Eset logging verbosity level is set to Informative:
-
itman received kudos from SeriousHoax in Some samples submitted but not processed
For me, this sums up the state of malware detection at Eset.
You have 32/71 VirusTotal vendors detecting it as malicious; first submission there was 8/14. There is at least one respected public cloud sandbox giving it a 100/100 malicious verdict. Yet, Eset VirusLab after hours of behavior observation can't determine if the sample is malicious.
-
itman received kudos from peteyt in Updated to 15.2.17.0
Well, miracles do happen!
Eset finally acquired the proper signing cert. from Microsoft:
-
itman received kudos from micasayyo in Updated to 15.2.17.0
Well, miracles do happen!
Eset finally acquired the proper signing cert. from Microsoft:
-
itman received kudos from micasayyo in LiveGuard Question
This keeps coming up in the forum; over and over again.
If the file is deemed safe by LiveGuard, you will not get an Eset safe popup notification and the file will be silently unblocked.
The only time you will receive an Eset safe popup notification is if you attempted to access the file while it was in a LiveGuard blocked state.
-
itman received kudos from micasayyo in LiveGuard Question
Verify the following highlighted setting is enabled in Eset GUI:
Also verify that Eset logging verbosity level is set to Informative: