Jump to content

itman

Most Valued Members
  • Posts

    12,104
  • Joined

  • Last visited

  • Days Won

    319

Kudos

  1. Upvote
    itman received kudos from Linux-Is-Best in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    OMG! This thread is still raging.
    Here's the problem:
    The Eset license purchased from Google Play is showing up in Eset Home as a trial license. Obviously, it is not a trial license since it has been activated on 5 devices and been in use for 4 months.
    I have already posted my opinion of what I think of the Eset Home web site. That said, the issue appears to be a "disconnect" between what is present on the Eset licensing servers and what is being forwarded to the Eset Home web site.
  2. Upvote
    itman received kudos from New_Style_xd in More LiveGuard Concerns   
    Err........ I posted three examples already in this thread with the latest being: https://forum.eset.com/topic/31893-more-liveguard-concerns/?do=findComment&comment=148981 .
    Note: these downloads were all .exe based signed installers; not individual .exe programs.
  3. Upvote
    itman received kudos from New_Style_xd in Where is Eset in the AV-TEST test?   
    As far as the MRG ramsonware simulator test goes, the two of the four samples Eset detected by behavior after some files were encrypted are actual ransomware:
    Chaos is also a hybrid ransomware/wiper variant as noted below:
    https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging
    Assumed here is files were also "trashed" prior to Eset behavior detection.
  4. Upvote
    itman received kudos from New_Style_xd in Where is Eset in the AV-TEST test?   
    As far as Eset commercial product AV labs tests go, one might want to refer the latest MRG Effitas 360 Assessment test: https://www.mrg-effitas.com/wp-content/uploads/2022/02/MRG_Effitas_360_Q4_2021.pdf .
    Eset did not get certified due to failure of the ransomware tests.
  5. Upvote
    itman received kudos from TheStill in Extensions in eset banking protection   
    Definitely, not advisable.
    Browser add--on/extensions can and have been hacked. By definition, a "locked down" browser means nothing is being loaded into the browser other than its native executables.
  6. Upvote
    itman received kudos from peteyt in More LiveGuard Concerns   
    I performed another test today and I know what the issue is with LiveGuard and I don't like it one bit.
    This time I went to the developer's web site and downloaded one of his publicly available apps. Due to my previous modification of Firefox download behavior which now results in a full file download being performed, only one submission to LiveGuard was made:
    Time;Hash;File;Size;Category;Reason;Sent to;User
    4/2/2022 12:11:46 PM;DC329F9AE0F78F20E475B5536D37C74DDE438C79;https://downloads.winupdatestop.com/latest/winupdatestop-standard/setup;46104056;Executable;Automatic;ESET LiveGuard;xxxxxx
    Like the previous downloads mentioned in this thread when accessing this file in my Downloads folder, the behavior was the same. Eset, via Win Explorer Context Menu display, showed the file blocked by LiveGuard. However as with the previous downloads, I could execute the downloaded file.
    This downloaded file, as with all the other downloads described in this thread, were code signed. Not Microsoft signed, but signed with a third party CA issued code signed cert..
    The bottom line here is LiveGuard is not blocking execution of code signed .exe's. Rather its processing in this instance is identical to existing LiveGrid processing. All a malware developer has to do is code sign his 0-day malware .exe and you're nailed.
    LiveGuard needs to add an option setting to process all not previously seen code signed .exe's excluding Microsoft code signed ones.
  7. Upvote
    itman received kudos from peteyt in More LiveGuard Concerns   
    I have found out why LiveGuard didn't block access to the downloads from the developer provided URLs and it's pretty ugly. Let's get into the nitty gritty details.
    Again and important, the browser used in all these activities is Firefox.
    I performed another LiveGrid test yesterday by downloading a test malware from a Palo Alto web site:
    Time;Hash;File;Size;Category;Reason;Sent to;User
    3/31/2022 4:55:56 PM;8F8B9EF492042A968A0148FDEE7859C9A65DC458;C:\Users\xxxxx\AppData\Local\Temp\4ykilt5h.exe.part;55296;Executable;Automatic;ESET LiveGuard;xxxxxx
    The file in my user Downloads folder was actually blocked and not accessible. Also, I did shortly later receive a confirmation from LiveGuard that the file was safe and LiveGuard then unblocked the file.  This parallels previous downloads in review of my Eset Sent files log. That is when Firefox downloaded the .part file to my User Temp folder, LiveGuard performed as expected.
    Now about those downloads from the from the developer provided URL. Here's the Eset Sent log entries for those:
    Time;Hash;File;Size;Category;Reason;Sent to;User
    3/25/2022 4:49:29 PM;E59A11B7A7FA3D06D40BCB9225393462AF34CD41;https://downloads.novirusthanks.org/license-manager/update/v1/setup;28416576;Executable;Automatic;ESET LiveGuard;xxxxxx
    Time;Hash;File;Size;Category;Reason;Sent to;User
    3/28/2022 2:30:37 PM;499FB0A1734C95E33C220204B79A36A53BAB8B24;https://downloads.osarmor.com/nvtlicensemanager_setup_v1.5.2_test2.exe;28721072;Executable;Automatic;ESET LiveGuard;xxxxxxx
    The important point to note is the downloads capture source by LiveGuard was a URL. Also upon access to this URL via Firefox, the file download processing initiated immediately.
    Firefox made some important changes in ver. 98 in regards to file downloads as noted below:
    https://www.ghacks.net/2022/03/08/mozilla-firefox-98-0-here-is-what-is-new/
    The change most significant is bold highlighted. 
    When the download from the developer's URL initiated, it was directly created in my Downloads folder without any immediate User Temp file download as was the previous Firefox download behavior. It appears Eset's LiveGuard processing in regards to Firefox is dependent upon file creation in the User Temp for both Downloads folder file locking and safe verdict rendering activities.
    I have now changed Firefox settings to its previous file download behavior to always ask where the download should be saved to as a temporary workaround. This reverts to always creating a .part download in the User Temp folder.
    @Marcos Eset developers needs to address this issue immediately.
  8. Upvote
    itman received kudos from TheStill in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    There are details of this transaction incident that "don't add up."
    Being a previous Eset user, you are aware of the procedure involved when purchasing an Eset license when done directly from an authorized Eset seller. The most important of these being a confirmation e-mail containing the details of the product purchased and its license key. Did you received such an e-mail? If not, this is the first indication that something was not right with the transaction.
    Also, did you verify that your MasterCard transaction history actually shows a charge from Google Play for $59.99?
  9. Upvote
    itman received kudos from Linux-Is-Best in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    On final comment here and I am done with this thread. This issue has been "blown out of proportion." Here's why.
    The only thing needed to activate an Eset product is a license key - period. An Eset Home account is only required if you desire to manage your Eset product licenses remotely. The first thing I do when I purchase a new Eset product license from the Eset eStore is permanently delete any Eset Home account that may have been set up. Why? Because there have been past security issues with the Eset Home web site. You can search the forum for postings on that issue.
    Since you purchased Internet Security, you must have received an Eset license key for it. That license key can be used to activate Internet Security installations for the number of device seats you purchased.
    -EDIT- Since your Reddit posting is quite long, I will post the relevant part:
    So I guess this resolves the issue since you do have a paid Eset IS license for 5 devices. As far as Eset Home license statuses go, I have already posted what my opinion of that web site.
  10. Upvote
    itman received kudos from Peter Randziak in Memory Usage   
    The Internet Protection module updated to ver. 1439 on my device a couple of days ago. It was previously posted in this thread by an Eset staff member that this module update would contain the ekrn.exe memory fix. Appears it does thankfully.
  11. Upvote
    itman received kudos from safety in Banking & Payment Protection   
    Really, there is no issue with posting a Log file attachment to a forum posting. Only Eset moderators can access those attachments.
  12. Upvote
    itman received kudos from LesRMed in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    On final comment here and I am done with this thread. This issue has been "blown out of proportion." Here's why.
    The only thing needed to activate an Eset product is a license key - period. An Eset Home account is only required if you desire to manage your Eset product licenses remotely. The first thing I do when I purchase a new Eset product license from the Eset eStore is permanently delete any Eset Home account that may have been set up. Why? Because there have been past security issues with the Eset Home web site. You can search the forum for postings on that issue.
    Since you purchased Internet Security, you must have received an Eset license key for it. That license key can be used to activate Internet Security installations for the number of device seats you purchased.
    -EDIT- Since your Reddit posting is quite long, I will post the relevant part:
    So I guess this resolves the issue since you do have a paid Eset IS license for 5 devices. As far as Eset Home license statuses go, I have already posted what my opinion of that web site.
  13. Upvote
    itman received kudos from TomasP in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    There are details of this transaction incident that "don't add up."
    Being a previous Eset user, you are aware of the procedure involved when purchasing an Eset license when done directly from an authorized Eset seller. The most important of these being a confirmation e-mail containing the details of the product purchased and its license key. Did you received such an e-mail? If not, this is the first indication that something was not right with the transaction.
    Also, did you verify that your MasterCard transaction history actually shows a charge from Google Play for $59.99?
  14. Upvote
    itman received kudos from safety in Banking & Payment Protection   
    The work around for this issue till it is resolved is to disabled "Secure all browsers" per the below screen shot. This will prevent any browser extensions from loading in Banking &Payment Protection mode and should eliminate the error message.

  15. Upvote
    itman received kudos from Linux-Is-Best in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    Google might not keep the money but it does process the payment which assumes a money transfer to Eset for the sale.
    Since you paid by credit card, I would try to charge-back the Google Play Eset IS payment with MasterCard. At a minimum, this would force Google to provide documentation to MasterCard that they forwarded both transaction details and payment to Eset. The problem here is 4 months have elapsed since the purchase date. This might be too long a time to initiate a charge dispute. 
  16. Upvote
    itman received kudos from Linux-Is-Best in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    Not exactly. It appears this is an upgrade request from Eset Mobile to Eset IS. Since Google now knows you are an Eset existing customer, they will probably correctly route the Eset IS purchase details to Eset N.A. eStore. But who knows, they might screw things up again.
    You eliminate problems like this by purchasing directly from the Eset U.S. eStore web site.
  17. Upvote
    itman received kudos from Linux-Is-Best in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    I suspect the "culprit" here is again Eset N.A. They posted the Eset IS purchase promotion on Google Play which is not the norm. They assumed Goggle would properly handle the purchase interface to Eset U.S. eStore which obviously they didn't.
  18. Upvote
    itman gave kudos to TheStill in 2 weeks no ticket support (repeatedly). Took our money and ran?   
    I think what's gone wrong here is that ESET stopped supporting Linux for home users. They migrated people with Linux licenses to Endpoint without charging anymore. So i suspect that is why it shows as you having an Endpoint license and not a Linux license. 
    Since Linux for home use is no longer supported. Your efforts to consolidate won't work as Linux is no longer part of the multi device pack. As you can see in your screenshot only Windows Mac and Android are supported. 
    You may be better of requesting a refund and getting the correct licences for what you need. 
  19. Upvote
    itman received kudos from fabioquadros_ in What is your experience with aggressive detection ?   
    Kaspersky is one example and it has proven quite effective against 0-day ransomware. By coupling ransomware behavior monitoring with system snapshot taking, Kaspersky is capable of restoring all files encrypted by ransomware.
    Also, Kaspersky is not 100% bulletproof in this regard. I have seen a few ransomware that have bypassed its protections. However, they are a very rare occurrence.
    It should be additionally noted that it appears Kaspersky has "worked out the kinks" in regards to previous versions system performance impact issues in regards to its system snapshot processing. System snapshot also gives Kaspersky the capability to "rollback" system modifications done by malware. Of note and in reference to postings in the forum Malware section, Eset might detect malware upon execution. However it is powerless to remove system changes performed by the malware prior to discovery. Those changes have to be manually removed.
  20. Upvote
    itman received kudos from fabioquadros_ in What is your experience with aggressive detection ?   
    As far as Deep Behavior Inspection goes, there are two versions of it.
    The first is monitoring of suspicious behavior. I  have only seen it invoked on one occasion in recent history on my device. It will inject ebehmonl.dll into a process and monitor it for some time. I mean days here until it decides the process is safe.
    The second is predetermined monitoring for select processes such as cmd.exe which can be abused by malware. It will inject ebehmoni.dll into these processes.
    In any case, this type of behavioral monitoring can't be described as dynamic monitoring of all process execution at first run time such as exists in select other AV solutions.
  21. Upvote
    itman gave kudos to peteyt in Learning Mode   
    Someone else might be able to help you with the learning mode as it's not something I currently use, but your Son might be fine with just Automatic, which is the recommended setting for general users/non technical users.
  22. Upvote
    itman received kudos from New_Style_xd in Memory Usage   
    It would be beneficial that Eset published a change log when modules are updated. If for no other reason than incorrect information is not conveyed in the forum ...............
  23. Upvote
    itman received kudos from LesRMed in Help me get rid of this virus! Please.   
    It appears you have Dr. Web installed as your AV solution. Note that Dr. Web is a Russian based product and in fact is the only AV approved by the FSB for use in Russia. Read into this what you will. If I was in Ukraine, I certainly would not be using the product given the current situation there.
    Unless you have an Eset product installed, this forum can't be of assistance since the moderators here need Eset logs in able to access the current situation on your PC. I advise you seek help in the various malware assistance forums. Below are two links to a few:
    https://malwaretips.com/forums/windows-malware-removal-help-support.10/
    https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/
    I wish you the best over there. 
  24. Upvote
    itman received kudos from New_Style_xd in Memory Usage   
    You are still missing what the issue is here.
    Eset SSL/TLS protocol scanning initiated exploit processing for a vulnerability that never existed in Firefox. Again, Eset SSL/TLS scanning stays disabled on any browser that I use.
  25. Upvote
    itman received kudos from New_Style_xd in Memory Usage   
    My last test in regards to the CVE-2020-0601 vulnerability is something I have not so far disclosed. That is Firefox was never affected by this vulnerability as highlighted in the below screen shot:
    With Eset SSL/TLS protocol scanning disabled, this was verified per below screen shot:

    So there you have it. A POC showing that Eset SSL/TLS protocol scanning actually makes you vulnerable to browser exploits!
×
×
  • Create New...