[ESET internet Security Pop-Up]

1 minute ago, itman said:

There is no manual mode. Perhaps you meant Interactive mode. If this was the mode, OP would be bombarded with HIPS alerts.

Strange - And I did presume that but I've never had a hips alert myself. Unless it was set to smart?

[ESET internet Security Pop-Up]

7 minutes ago, itman said:

Based on the limited information posted, I would say it is still hiding in your PC. I you receive any further Eset HIPS or other alerts, this would be confirmation that the malware possibly still exists. Note however that there is still no direct proof that the HIPS alert was indeed malware related. You mention that a Trojan was downloaded. How did you determine that?

One thing I am wondering is if the HIPS is set to manual, which is something I would not recommend for general users. I just have it set to automatic because while I have some knowledge it is not enough and I would probably end up blocking or allowing the wrong thing

[advanced > rules ... nothing appears when interactive]

1 hour ago, TheReservoirDag said:

Hello everyone,

Firstly thanks for taking the time to help. I have included two screenshots

1. Windows defender et al is being controlled by ESET but it would seem not the puboic profile.
2. The rules area. As you will see no rules exist therefore I cannot delete rules to start from scratch. I cannot create rules at all.

Thanks - any suggesgtions would be greatly appreciated

A few things to try. Firstly if your on 12 update to 13. Did you try to switch to learning mode for the firewall instead of interactive mode?

It does sound like something is corrupt. You could try to repair eset by going to add/remove programs ans find eset. When you try to uninstal there should be a repair option that could repair and fix the issue. You could always back up your settings if needs be but there is a risk the issue could get copied. You could also uninstall if the repair does not help and reinstall from scratch.

If a full uninstall does not help you may need to uninstall with esets uninstall tool in safe mode available from https://support.eset.com/en/uninstall-eset-manually-using-the-eset-uninstaller-tool although hopefully the repair will work and avoid all this

[Eset Mobile Security for Android]

8 hours ago, serlockwright said:

Dear Team,

We are having a problem with connect to my.eset,com from app on mobile, we can't configure anti-thief from app. Error code: 20512000.

Note: All our customers are currently experiencing this error, not just personally. Please check and fix it

Thanks and Regards.

According to a similar post

2051 2005 means incorrect password. On the other hand, 2051 2000 means that you are trying to associate the device with the name that already exists in your device list.

 

[IT Consultant]

15 hours ago, Little Tech Solutions said:

Internet Security 13 is telling me my operating system is outdated but I am running Windows 7 Pro SP1

Just to add windows 7 will end most support in january

[NOD32 over air gapped network]

1 hour ago, Marcos said:

ESET products require either a wire or wi-fi Internet connection to update. There are no other options how to update them.

Am I correct in assuming non home products can download and then install updates on an offline device or have I read that wrong somewhere

[Re-enable notifications]

7 minutes ago, itman said:

Yes. Export will save all your existing Eset settings. You can then Import them after Eset is reinstalled.

One issue here is if this missing Notifications issue is a setting saved via Export feature. If it is, you will be back to the same situation when you Import your prior settings.

Try doing an Eset repair uninstall first and see if that resolves the issue. This is done via Win uninstall programs feature. Eset will ask you whether you want to uninstall or repair. Select repair. This option will not affect any of your current Eset custom settings and hopefully will resolve the missing Notifications issue.

Can you save the rules on their own?

[System cleaner]

24 minutes ago, Tio said:

Hey Marcos, thanks for the reply. 

The thing is that my Eset hadn't found any malware nor have I made any changes especially the mentions 2 above and I found it strange should I just reset them ? And another issue is that I can't see when or what changes where made ..... 

The problem with the system cleaner for me is it does not give enough information. It is handy that it tells you a setting has been changed but would be handier if it was able to tell you what actual setting so you could decide better. However like Marcos has said it is okay to ignore if you do not suspect malare which to me it sounds like you are safe. I also think it would be handy if after you could see the spefic settings you could add them into some kind of exception.

When this feature first came out I gave it a try. Problem was I saw nothing to indicate what got changed and it did not make any logs and there is no way to undo it. Again it might be a good feature for people trying to clean up the leftover mess from an infection but thats it as there is for me not enough info and could actually cause issues with people chaging stuff and not knowing what

[Re-enable notifications]

1 hour ago, TCS said:

I do not have that option under my TOOLS menu:

Weird I'm not 100 percent but looks like there might be a problem which has caused it to get removed. Possibly uninstalling and reinstalling or running the uninstall and choosing repair. You can always try to backup any custom settings before you do this.

[Automatically upgrade to 12.2.30.0 OR uninstall the old version and install manually on 12.1.34.0 ?]

13 minutes ago, sabrina_germ said:

Thank you, but I believe that I have understanding problems. You would help me a lot if I knew what to do in practice. So that it will run safely and no problems will occur. Thank you very much!

I'd recommend downloading the live installer for the latest. I see you had problems with a previous version. Version 13 seems stable but if you have any issues you can report them. Problem is by downgrading it avoids the problem being fixed. Newer versions also often have better improvements and newer technologies

[Introduce yourself]

11 hours ago, Crystal_Lake_Camper said:

Hi evryone! My Name is Crystal_Lake_Camper and I live in the Netherlands. I have used eset in the past , when it still was nod32 , and also a brief time when smart security 5 was coming out. I decided to give v13 a trial run , and I must say that I am very impressed with its progress. when trial runs I out , I will buy a license for sure . like my user name suggest I am a huge fan of 80s horror and slasher movies and am passionate about computers and security. I am so glad to join this forum , and hope to interact and learn a lot here , thanks for reading and having me here!

Welcome to the forum. Glad to see a fellow horror fan to. I love slasher and giallo films

[uTorrent problem after 13.0.22.0 install]

1 hour ago, Marcos said:

It is dangerous to disable that option. If you want to use utorrent, exclude the executable in performance exclusions.

Just a quick question. I presume excluding utorrent would mean torrents and their files downloaded via utorrent would still be scanned

[BAD REPUTATION]

35 minutes ago, itman said:

Only if Eset had a full signature for it. Per real-time default settings, advanced heuristics and DNA signatures are only applied at program execution time. Additionally, the ransomware shield is a HIPS protection which also implies it is deployed at program execution time.

I actually posted this in the wrong post. My question was actually in regards to the zerocrypt ransomware from this post 

my question is as the user in the video didn't show us him downloading the ransomware does that mean it was probably detected and he conveniently did not show this part.

 

[BAD REPUTATION]

Just wanted to share a video by the same user for another AV where the developer of that AV has claimed the user has been using bad practises including in the video secretly whitelisting one of the malicious files

It shows that you have to take tests with a pinch of salt

 

[BAD REPUTATION]

2 hours ago, Marcos said:

And most importantly - back up, back up, back up. By doing so you will protect your data even against sudden hardware failures.

Can I just confirm - would the user in the video have had to disable eset to download this ransomware. Obviously it shows in the video eset didn't detect once run but I presume eset would have blocked it from actually being downloaded in the first place?

[BAD REPUTATION]

12 minutes ago, nile said:

How to prevent disabling or kiling ESET proceses !!!

As mentioned this ransomware with a few others get in by brute force. Is RDP enabled. What tends to happen is they use brute force to figure out the login to get in. They then attempt to disable eset which is made much easier if eset doesn't have a password set for its settings. You can set it so that RDP has a set number of login attempts before locking a user out. Also it's important to make sure you are fully patched with windows updates

[Eset Antivirus + Windows10 + Games stotter]

1 hour ago, Riesjart said:

thanks for your reply.
I'm going to reinstall windows and reinstall Eset.
See if this helps

You don't need to do that yet. Have you tried to disable the mentioned eset settings and test it?

[ESET failed to protect against ZeroCrypt ransomware]

2 hours ago, itman said:

https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptoapi-system-architecture

Additionally, applications use the Win crypto API to protect their own sensitive data.

Using Process Explorer, display some app .dlls. One that you will find used extensively is crypt32.dll.

I did wonder but it's something I have been curious about for a while so thanks for the link. I persume ransomware could also abuse/hijack this so adding microsoft ones into a whitelist and warning about others would not be a reliable option? 

[ESET failed to protect against ZeroCrypt ransomware]

1 hour ago, itman said:

There's a detailed analysis of ZeroCrypt ransomware here: https://www.hybrid-analysis.com/sample/08f194844dafe43972c507da7f75f98cd0e7bddae9011b482da60d80b281967b?environmentId=100 .

Aside from the forked ADS stream, there isn't a lot of obvious fromt-end malicious behavior to it.

Maybe you can answer this question - I have windows 10 pro - I do not encrypt anything - I have played around in the past with securedata for testing purposes but that is it. Does windows do any encrypting itself without a user enabling it.

Basically if windows does not encrypt anything without a user enabling it and average users do not encrypt stuff could an AV not use this to implement an allowow/deny kind of process e.g. we have detected something attempting to encrypt files if you have not initiated this it might be ransomware and the user can allow it e.g. if they were the ones running it or block it.

Now I know ransomware will hide the fact it is ransomware but would an AV be able to detect the encryption itself before it did any damage? Maybe even have an option to block encryption which could be enabled/disabled in the settings that would automatically block any kind of encryption of files.

[Virtual Network Showing up?]

53 minutes ago, Fluessig said:

I have just (1) desktop PC that has a wired connection to a WIFI router which connects to my cable modem. (I did install virtuabox on my windows 10 desktop)

The WIFI router is used for my WIFI Epson Printer, Macbook, XBOX, and my phone.

What is this Virtual Network?

Any help or pointers in the right direction would be greatly appreciated!

Thank you kindly,

Steven

 

could be linked to virtualbox. Do you have a VPN installed?

[ESET failed to protect against ZeroCrypt ransomware]

4 hours ago, Marcos said:

Massive encryption activities themselves are not enough for recognition of ransomware since encryption per se is not a bad thing and is often used for legit reasons. An example could be moving files to a password encrypted archive. Although it's not very common, the action itself is not malicious if carried out with the knowledge of the user.

Anyways, we'll check what conditions were not fulfilled in order for RS to trigger detection.

Could eset not have an option to detect any encryption and warn the user. As you stated average users probably wouldn't use encryption so if there was an option that warned everyone these users would then probably know it was dangerous as they aren't encrypting something.

Does windows itself encrypt files without a user telling it to - as that is the only issue if windows was doing encryption and it was getting flagged.

1 hour ago, SeriousHoax said:

I don't think it matters and it's not a good way to defend ESET here. Imagine an user downloading a cracked version of a program or lets say a pirated game. Pirated games doesn't often comes with malwares unlike pirated softwares. But if the crack file was replaced by the uploader with this ransomware exe then the user's data would've been compromised and ESET would be blamed for not being able to detect that by their signatures or other modules. For this ZeroCrypt ransomware, it's good to know that ESET has added signature again.

Now this is a nice response. It would be nice to know what conditions were not fullfilled. I like it ESET and only want it to get better so that's why I posted this.

The video is better than most videos as most I have seen disable key things and then run the virus and then claim eset is bad trying to ignore the fact they made eset bad by disabling the stuff that would have detected it.

However - like a lot of these videos it doesn't show everything. Would eset have blocked the virus from downloading in the first place - that is the key thing. Eset might not have picked it up when it was run but that doesn't mean it didn't detect it being downloaded and the uploader may have had to disable eset to download the virus - which means eset was protecting the user they just chose to ignore it.

[Eset Antivirus + Windows10 + Games stotter]

11 hours ago, Riesjart said:

 I haven't tried that yet, but I have  do that every time I want to play ??

No, we just need to troubleshoot so if disabling the things work we can see what part is causing the issue e.g. real time protection, HIPS etc.

Are you on version 13  by the way?

[advanced > rules ... nothing appears when interactive]

Are you on version 13 - if you haven't got many rules try deleting them and then starting again possibly trying learning mode as Marcos has suggested. You could always try and back things up e.g. rules before deleting them

[Getting "ARP Cache Poisoning Attack" messages all day!]

1 hour ago, GSMiller said:

Just getting back to this. I am most concerned with figuring out if I trust the remote computer so I know if I trust it.

 

The instructions you offered, Wiseman, are more complicated than I understand. Can you give me a little more detail? After clicking on the Windows Start button, should I see an "All Programs" and "Accessories" link or graphic? It lists all the programs but I don't know what the next step is. I don't see a command prompt, though I can search on it.  I'm sure I'm missing something simple but need your help to point me in the right direction!

 

Thanks.

depends on what version of windows you have. For example windows 10, you can right click start and click command prompt or powershell which I believe is the same but with advanced stuff (and looking at it windows seems to have replaced command prompt in the right click start menu with powershell)

[Security issues arising when sharing WiFi with a neighbor.]

59 minutes ago, Vilket Namn said:

Thank you. So should I just change the type of my network from Home to Public? Can I have some more information regarding how I can protect myself and prevent the worst? Do you think I should really purchase my own router? 

I think I might have to do the latter.

With a router you'd also need to sign up for an internet service I presume.

Not sure if legal issues could effect each other to e.g. if one user was downloading illegal files, copyrighted etc. Although not sure if the person with the router would be held responsible