Jump to content

camelia

Members
  • Content Count

    93
  • Joined

  • Last visited


Kudos

  1. Upvote
    camelia gave kudos to BeanSlappers in Refer a friend   
    I got it now, I just rebooted my PC.
  2. Upvote
    camelia received kudos from BeanSlappers in Am I having too many Edge connections?   
    ESET HIPS rule created successful 😎
    Thanks @itman
    Camelia
  3. Upvote
    camelia gave kudos to TomFace in AV-Comparatives Real-World Protection Test February-June 2018   
    In Windows 7 (which is what I run) it acts as an antispyware program.
    In Windows 10, I "think" it tries to act as an A/V scanner. See https://forum.eset.com/topic/19330-another-av-to-complement-eset/?do=findComment&comment=94318  
    A Win 10 user can add their input.
    Regards,
    Tom
     
  4. Upvote
    camelia gave kudos to itman in Am I having too many Edge connections?   
    Oh, my. This is one reason why I am always hesitant about showing my HIPS rules when asked. You should review HIPS rule creation using Eset built-in online help on the subject.
    1. For the first screen shot. change the Rule name prefix from "CameRule:" to "User rule:" All user created rules should use this prefix. No need to log any events since you already know you're blocking Edge start up. Click the "Next" button.
    2. As far as the second screen - Source applications, you ignored my previously posted instructions. Click on the down arrow next to where "Specific applications" is displayed and select "All applications." Click the "Next" button.
    3. Your next screen displayed at this point should be Application operations. Deselect "All application operations." Select "Start new application." Click the "Next" button.
    4. The next screen displayed should be "Applications." Click on the down arrow next to where "All applications" is displayed and select "Specific applications." Click on the "Add" tab. Now enter the full path name for Edge there. Warning - verify that the EDGE .exe is actually stored at that location. Remember what I posted previously is for ver. 1809. Click on the "Finish" button.
    5. Click on any subsequent "OK" button shown to save your newly created HIPS rule.
    6. Reopen the HIPS section and verify that your rule was created as specified.
    Note this is my last instruction posting to you on how to create HIPS rules.
  5. Upvote
    camelia gave kudos to itman in AV-Comparatives Real-World Protection Test February-June 2018   
    Microsoft a while back got a lot of free press on how Windows Defender ATP was able to detect a a zero day malware. What Microsoft didn't publicly disclose at the time but did so later via a blog detailed analysis of the incident is the following. At least 6 WD ATP installations were infected by the malware prior to Azure AI cloud server analysis returned a positive identification of malware status. BTW - those infected installations were all located in a specific region within Russia.
    Bottom line - there is no such thing as 100% 0-day protection. If there was, that concern would in short order be the only security solution used and all other AV vendors would cease to exist.
  6. Upvote
    camelia gave kudos to itman in Am I having too many Edge connections?   
    The Eset HIPS rule I monitor Edge execution with is shown below. Source applications setting for this rule is "All applications."
    Note: This rule works for me using Win 10 x(64) 1809. I haven't validated that this is so on 1903 since I haven't installed it yet.

     
  7. Upvote
    camelia gave kudos to BeanSlappers in Am I having too many Edge connections?   
    Thank you for that, I hate edge, and I don't like anything google either.
  8. Upvote
    camelia gave kudos to itman in Am I having too many Edge connections?   
    https://www.wilderssecurity.com/threads/how-do-i-stop-edge-from-automatically-starting.406358/
  9. Upvote
    camelia gave kudos to itman in Am I having too many Edge connections?   
    Refer to wilderssecurity.com that has multiple postings on this issue.
    In summary, Win 10 will try it's darnedest to keep Edge always running. Since I don't use Edge as my browser, I just block its start up with an Eset HIPS rule. This has resolved the issue for me.
  10. Upvote
    camelia gave kudos to cybot in Importing setting to new HDD?   
    don't know if your system is used by others, but if it is not, then I would not worry about this issue. the security hole from the article can only be exploited locally, as in sitting at the machine. Unless you are going to be performing DDOS attacks or hacking into your own system, then your safe. If it's your own system, your should already have Admin level access to the OS available to you. the only way for to be vulnerable is if you allow access to your machine to a untrusted remote user using Remote Desktop, Teamviewer or other similar software.
  11. Upvote
    camelia gave kudos to itman in Importing setting to new HDD?   
    https://forums.geforce.com/default/topic/1056140/geforce-drivers/defeating-nvidias-telemetry/post/5830317/#5830317
    Personally, I just disable the Nvidia Telemetry service and leave it at that. I haven't seen any outbound Nvidia traffic after that. I also can't vouche the the above rundll32 method since I never used it.
    As far as blocking GeForce Experience outbound activity, the best way to stop it is never install it or uninstall it. Also according to this article, nothing Nvidia Telemetry or Geforce Experience does is supposedly nefarious: https://www.howtogeek.com/280101/relax-nvidias-telemetry-didnt-just-start-spying-on-you/
  12. Upvote
    camelia gave kudos to itman in Importing setting to new HDD?   
    Since it appears you want to still use GeForce and not uninstall it, you can download the latest non-vulnerable update here: https://www.geforce.com/geforce-experience/download . That should eliminate the update alert you have been receiving.
    As far as your other nVidia drivers, you have a problem. For any drivers less that release 390.65, you're vulnerable to the Spectre and Meldown vulnerablities noted here: https://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-driver-security-updates-for-cpu-speculative-side . I would serious considering updating your graphics card.
  13. Upvote
    camelia gave kudos to itman in Importing setting to new HDD?   
    To begin with, there is a serious security vulnerability in regards to Nvidia GeForce versions prior to 3.18. You can read about that here: https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-geforce-experience-vulnerability
    The article also refers to Nvidia driver vulnerabilities that have been recently discovered. So you have to verify if your Nvidia drivers have been have recently updated.
    As far as your screen shot goes, your Nvidia software is indicating that a GeForce software update is available. In light of the above posted, you probably want to perform the update. BTW - you don't need the GeForce software for your Nvidia drivers to function properly. It's primary purpose is to inform you that NVidia driver updates are available. It can be uninstalled via Control Panel -> Programs option.
  14. Upvote
    camelia gave kudos to itman in Importing setting to new HDD?   
    Guess I am not following you on this one. Each time you export your settings, a new .xml file is created. Just import the latest .xml file you created.
  15. Upvote
    camelia gave kudos to TomFace in Select Scan Target   
    Yes there are some very smart folks on this Forum. Everyone brings something different to the table.
    I try to learn something new every time I visit (from folks like Marcos, Aryeh, foneil, itman, TomasP, SCR, cyberhash, Peter...among others).
  16. Upvote
    camelia gave kudos to TomFace in Select Scan Target   
    If you trust Google.
    I do not trust Google with anything.
    Regards,
    Tom
     
  17. Upvote
    camelia gave kudos to itman in Select Scan Target   
    Appears  /private/var/vm is used as some type of virtual memory swap disk on MacIntosh's:
    https://www.bleepingcomputer.com/forums/t/682395/what-is-the-purpose-of-this-vm-folder/
    Remember that Google search is "your best friend" on questions like this.
  18. Upvote
    camelia received kudos from EnjoyBoast in Select Scan Target   
    Hello,
    Why do I have a target called "VM' ? AND is part of macOS Mojave the folder .HFS+ Private Directory Data?
    Thanks
    Came


×
×
  • Create New...