-
Posts
169 -
Joined
-
Last visited
Kudos
-
el el amiril gave kudos to Marcos in Qualcomm driver detection false?
It's detected by 1 AV according to the screenshot, most likely it's a false positive. You can contact the vendor for an opinion on their detection so that they can fix it.
-
el el amiril gave kudos to itman in ESET vs Ransomware
Eset consumer products have the same protection mechanisms as its Endpoint Products. That is;
1. NOD32 is equivalent to EEA.
2. Internet Security is equivalent to EES.
3. Smart Security Premium is equivalent to EES + EDTD.
-
el el amiril gave kudos to Marcos in ESET vs Ransomware
No security solution detects 100% of all threats with zero false positives. ESET is very good at malware detection no matter whether it's ransomware or other threats. You can refer to MGR Effitas tests which tests AVs against ransomware too: https://www.mrg-effitas.com/wp-content/uploads/2023/02/MRG_Effitas_360_Q4_2022.pdf
-
el el amiril gave kudos to Marcos in s/spy.banker.iv false positive or true ?
I strongly discourage you from opening websites on physical machines that another person reports as possibly infected. And yes, the detection occurs under specific conditions.
-
el el amiril gave kudos to Marcos in s/spy.banker.iv false positive or true ?
Also ESET is not the only AV to detect the threat:
-
el el amiril gave kudos to Nightowl in Comodo Webiste Compromised??
Since you modified it brother , you broke the signature, you modified the contents as then the signature of the maker is broken
This will give an indicator to A.I scanners that this file might be malicious.
Because the A.I usually knows this software/installer as trusted and signed , then suddenly you uploaded it differently and unsigned , it will look suspicious to the Bots(A.I).
The new un-modified installer that you uploaded got 2 detections , those are false-positives , the A.I might detect them because installer is new , it might feel it's a bit suspicous
once you played with the HEX and added ZEROs, 2 more A.I hated your modification and found it suspicious and also you broke the signature of the developers.
Since I was marked as a solution , I may be wrong or not 100% accurate , if I am mistaken , please correct me
-
el el amiril gave kudos to Marcos in Comodo Webiste Compromised??
Corrupt, not subject to detection.
-
el el amiril gave kudos to Marcos in Comodo Webiste Compromised??
A clean file with a valid Comodo digital signature, not subject to detection.
-
el el amiril gave kudos to stackz in Comodo Webiste Compromised??
By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).
-
el el amiril gave kudos to stackz in Suspicious startup app
That entry is a leftover from a removed app that was located in one of the Program Files folders, Download Autoruns.
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
Extract Autoruns64.exe and right click run as administrator. Accept the EULA. When it finishes scanning, select the Logon tab, the entry will be highlighted in yellow. Right click on the entry and delete it.
-
el el amiril gave kudos to Marcos in Suspicious startup app
Didn't find anything suspicious. I have no idea where Task manager gets it from since the string was not present in registry keys containing applications that were disabled from running.
-
el el amiril gave kudos to Marcos in win64/agent cfm/ osx agent
It's a forum announcement for those who have encountered the said detections and have 3CX Desktop application installed. The announcement redirects to an alert on 3CX vendor's website.
-
el el amiril gave kudos to Marcos in Suspicious startup app
Please provide logs collected with ESET Log Collector. Only screenshots are useless.
-
el el amiril gave kudos to Marcos in Cannot download driverpack using idm
It's a potentially unwanted application. If you want to use it regardless, add the blocked url to the list of allowed URLs in the advanced setup -> Web access protection -> URL management.
-
el el amiril gave kudos to itman in I have Ransomware virus. what can I do?
Assumed is the OP did not have Eset installed when he was infected with ransomware. If Eset was installed, he would be "ranting" how Eset didn't detect it.
-
el el amiril gave kudos to Marcos in I have Ransomware virus. what can I do?
I've just come across a case where the user downloaded a KMS "activator":
27. 3. 2023 20:33:45 Real-time file system protection file D:\SOFT WIN10\Ofimatika\Office Professional Plus 2021 AIO 2 In 1 - 2202 (build 14931.20132) - Ita (23 Aprile 2022) by GRISU\Activator_KMS_VL_ALL_AIO\KMS_VL_ALL_AIO.exe Win32/Filecoder.Crysis.P trojan cleaned by deleting Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (6DAB8C3822A0CAB5B621FD2B7F16AEBB159BCB56).
Because it was detected and ESET allegedly prevented it from running, he paused protection, thinking that activation will succeed then. Instead the ransomware was run and encrypted files.
-
el el amiril gave kudos to Marcos in for those who thinking Windows7 and Nod32 is safe
Microsoft ended support for Windows 7 on Jan 14, 2020:
https://support.microsoft.com/en-us/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962
As of then the OS became vulnerable since no security updates were released. Also you have NOD32 Antivirus installed which provides basic protection, ie. network protection is missing as well as ESET LiveGuard (available in ESET Smart Security Premium) which performs analysis of suspicious downloaded files in a cloud sandbox before the files are allowed to run.
-
el el amiril gave kudos to Marcos in False positives of Windows system file detection
More AVs detected those files initially, some were detected by Microsoft as well. We hope that Microsoft will start to sign their files or take other measures in cooperation with AV vendors to prevent false positives on non-prevalent files.
-
el el amiril gave kudos to itman in memory integrity windows 10
Win 10/11 HVMI and HVCI should never be disabled unless there are serious operational problems with using Windows on the device. Win10/11 advanced protection mechanisms rely on HVMI and HVCI being operational.