Jump to content

itman

Most Valued Members
  • Content Count

    6,967
  • Joined

  • Last visited

  • Days Won

    183

Kudos

  1. Upvote
    itman received kudos from paragon55 in Strange "device" showing only with ESET Home Monitor   
    I am going to wrap up my comments in this thread with the following.
    I regards to Eset new connection alert for your router. This is occurring because something changed its built-in MAC address. I doubt this is due to any anti-tracking mechanism built into the router. If this was the case, the MAC address changing would have been done once when the router fully initialized itself after setup or power up.
    This leaves the conclusion that any attacker has access to your router. I would start by performing a hard reset on the router and change its Admin interface password to strong one. If this issue still persists, try to upgrade the router's firmware to the latest version that exists from the manufacturer. If the router is provided by your ISP, contact them about this issue and see if they have a new firmware version for the router.
  2. Upvote
    itman received kudos from mallard65 in DNS Poisoning attack detection   
    As this article: https://www.networkworld.com/article/3298160/how-to-protect-your-infrastructure-from-dns-cache-poisoning.html notes, DNS poisoning mitigation really applies to enterprise environments running their own DNS server.
    A home router does not contain a true DNS server although it may state it does. In reality all that exists is a DNS cache repository built and refreshed from your ISP or third party DNS servers. A DNS poisoning attack will be directed at those or intermediary DNS backbone servers throughout the Internet. It is almost impossible to detect a real DNS poisoning attack at the local device level.
  3. Upvote
    itman received kudos from mallard65 in Computer scans taking a long time each run   
    Refer to this very long thread on the issue: https://forum.eset.com/topic/24775-slow-virus-scan-after-update/
    Present workaround is to run a "Custom scan" and do not select registry and WMI scan options.
  4. Upvote
    itman received kudos from jafarfathi in Why I choose ESET ? The Best Antivirus Protection   
    Sanctions
    U.S.: https://www.state.gov/iran-sanctions/
    U.K.: https://www.gov.uk/guidance/sanctions-on-iran
    EU and UN sanctions: https://www.consilium.europa.eu/en/policies/sanctions/iran/
    Slovakia where Eset is headquartered is both an EU and UN member.
  5. Upvote
    itman received kudos from jafarfathi in Why I choose ESET ? The Best Antivirus Protection   
    Just remember that technical support requests need to be directed to one of those counties; i.e. country of purchase. Assumed is the language to be used would be Arabic. However, 70% of Turkey's residents speak Turkish.
  6. Upvote
    itman received kudos from mallard65 in Eset not working with windows 10   
    That's not the correct build number.
  7. Upvote
    itman received kudos from mallard65 in Why I choose ESET ? The Best Antivirus Protection   
    Sanctions
    U.S.: https://www.state.gov/iran-sanctions/
    U.K.: https://www.gov.uk/guidance/sanctions-on-iran
    EU and UN sanctions: https://www.consilium.europa.eu/en/policies/sanctions/iran/
    Slovakia where Eset is headquartered is both an EU and UN member.
  8. Upvote
    itman received kudos from mallard65 in Why I choose ESET ? The Best Antivirus Protection   
    Just remember that technical support requests need to be directed to one of those counties; i.e. country of purchase. Assumed is the language to be used would be Arabic. However, 70% of Turkey's residents speak Turkish.
  9. Upvote
    itman received kudos from jafarfathi in Why I choose ESET ? The Best Antivirus Protection   
    Strange that someone would review and recommend a product that is not available in Iran.
    One reason is there are Persian language speakers that are residents of countries where Eset is sold. Again, Eset would most likely have published materials for the official language of that country.
  10. Upvote
    itman received kudos from jafarfathi in Why I choose ESET ? The Best Antivirus Protection   
    One other thing that needs mentioning here.
    Since Eset is not officially sold in Iran, you will not be able to receive any technical support from Eset in the instance that it is required. This is because technical support is provided via the Eset in-country authorized Eset partner.
    The question is how these Eset licenses were acquired?
  11. Upvote
    itman received kudos from jafarfathi in Why I choose ESET ? The Best Antivirus Protection   
    Eset Online help is available in Arabic here: https://help.eset.com/eis/13/ar-EG/
    Assumed is Eset doesn't publish anything in Persian since Eset is not official sold In Iran.
  12. Upvote
    itman received kudos from BALTAGY in RanSim test   
    Finally when it comes to ransomware, you could just find yourself plain screwed.
    Such was the case last year when a security researcher discovered a vulnerability in the Win's Encrypting File System; i.e. EFS, that would allow an attacker to deploy that to maliciously encrypt a target's files. Microsoft, as expected, initially "pooh-pooh" it but came to its senses and patched it. This one caused Eset and a whole bunch of other AV vendors to issue security advisories. Luckily, this one wasn't exploited in-the-wild.
    Ref.: https://safebreach.com/Post/EFS-Ransomware
  13. Upvote
    itman received kudos from mallard65 in RanSim test   
    Yikes! This is still coming up after three years.
    I wrote about this here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ and methods employed by Ransim and why Eset ignores their tests.
  14. Upvote
    itman received kudos from mallard65 in WMI provider crash   
    As far as WMI crashes go, no one has posted any details in regards to the crash.
    Again refer to this Technet posting: https://techcommunity.microsoft.com/t5/ask-the-performance-team/wmi-common-symptoms-and-errors/ba-p/375483 . Then cross reference error codes in the article to those shown in the technical details for the associated Reliability log event.
    If this new Eset version was the absolute source for these WMI crashes, everyone would be posting about it. It is possible Eset might be a contributing factor to these WMI crashes but only because previous issues exist in regards to WMI overall fitness status.
  15. Upvote
    itman gave kudos to Marcos in Slow Virus Scan After Update   
    Actually aggressive vs balanced settings affect only detection, not scanning and currently affect mainly Augur detection only. We plan to make further optimizations to reduce scan times.
  16. Upvote
    itman received kudos from mallard65 in Slow Virus Scan After Update   
    Here's the problem.
    The default Eset scan uses the Smart profile. Scans targets are N/A for this scan type. Appears Eset selects them by default and its including the Registry and WMI database scans.
    My present workaround till this is fixed was to create a new scan profile named; e.g. Smart scan w/o registry and WMI, and set that as the default profile. See below posting.
  17. Upvote
    itman received kudos from mallard65 in Slow Virus Scan After Update   
    Run a default scan which uses the Smart scan profile by default.
    If it isn't obvious that a registry scan is running which should be, scroll to the top of files being scanned window where the scan parameters are shown. You will indeed note that a registry and WMI scan has been selected by default.
  18. Upvote
    itman received kudos from mallard65 in Slow Virus Scan After Update   
    This doesn't work! Any profile based scan auto scans registry and WMI. Doesn't bode well for anyone that has set up Eset scheduled scans,
    Only thing that appears to bypass the registry and WMI scanning is a Custom scan with of course, those options not selected.
  19. Upvote
    itman received kudos from r1man in Manual update   
    Yes.
  20. Upvote
    itman received kudos from r1man in How many devices per one ESET Internet Security key??   
    I would simplify it further; "Used" and "Available for use."
  21. Upvote
    itman received kudos from r1man in Manual update   
    I will also add that in-product updating is always a more secure update method that manual updating; contrary to popular belief. Manual updating opens one up to a phishing attack. A recent example is the WastedLocker ransomware that deployed a fake Google Chrome update request.
  22. Upvote
    itman received kudos from r1man in How many devices per one ESET Internet Security key??   
    What it's showing is one license seat has been activated and one license seat is available.
    Eset's uses the term "seat" to refer to how many devices Eset can be installed on. In your case, you only have one Eset license issued to you and that license can be installed on up two a maximum of two devices; i.e. seats.
  23. Upvote
    itman received kudos from r1man in WMI provider crash   
    Periodic WMI crashes have occured before: https://support.microsoft.com/en-us/help/959493/the-wmi-provider-host-program-wmiprvse-exe-may-crash-on-a-windows-serv
    So I  suspect an issue exists in Win 10 2004 given all its problems to date. Why this might manifest with Eset installed remains to be determined.
  24. Upvote
    itman received kudos from Azure Phoenix in Future changes to ESET Internet Security and ESET Smart Security Premium   
    Microsoft added Tamper Protection in Win 10 1903. Oddly, it has to be manually enabled.
    I keep looking for a published bypass if it, but so far so good for Microsoft. It also appears to "have held its own" against the latest and greatest version of Trickbot which tried its darnedest to disable it:
    https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/
    Such can not be said for MalwareBytes or Sophos.
  25. Upvote
    itman received kudos from persian-boy in Future changes to ESET Internet Security and ESET Smart Security Premium   
    Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI.
    Justification
    Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine.
    Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/
×
×
  • Create New...