mandrix
-
Posts
11 -
Joined
-
Last visited
Posts posted by mandrix
-
-
13 minutes ago, itman said:
First, what is a backend API app: https://www.quora.com/What-is-an-API-backend-process
Next there is a high likelihood that this activity is related to some mobile app/device on the local network: https://devblogs.microsoft.com/xamarin/add-a-backend-to-your-app-in-10-minutes/
Additional ref. here: https://hackernoon.com/mobile-api-security-techniques-682a5da4fe10
Finally, if Eset URL blocking alerts are originating from wscript.exe, this is highly suspicious unless one created a script to perform like activity. Assuming one is not using wscript.exe, I would create a HIPS rule to block anything from starting C:\Windows\System32\wscript.exe and C:\Windows\SysWOW64\wscript.exe. Make sure logging is enabled on the rule and its level is set to Warning. Your Eset HIPS log entries will inform you as to what process is attempting to start wscript.exe. You can then work backwards in diagnostics from this point. Ensure you disable logging for this rule afterwards so your HIPS log doesn't fill up with related block entries.
Thank you. That was very informative....and I can confirm I created no scripts.
Curiously enough, two days ago Windows 10 would not boot, saying there was a missing file. But even booting up my Macrium USB stick and accessing the DOS like environment (sorry, having a senior moment) I ran SFC and it returned negative. Another curious thing is my most recent 2 C drive backups were corrupt, something I've never experienced before since using Macrium for years now.
So I ended up just installing Windows from scratch. Since I had no reliable backups I've been working through installing the many programs I use for music, etc., and so far no more messages. However I'm now getting evidence of possible corruption on yet another HDD though I've yet to pin it down since I just stumbled on it a few minutes ago. (I have all SATA data slots filled and an add-in board with 4 more SATA ports for 30+ TB)
For now I'm golden and although I want to understand the root of the problem, I'm so worn down with these recent problems I just want to forget about them for a bit.
I thank you for your help and very informative replies, and should the problem reappear I will attempt to set proper rules to point the way to the guilty parties.
mandrix
-
I will try moving the new rule to the top. These attacks are coming really fast.
-
1 hour ago, itman said:
Do you have a surveillance DVR attached to your network?
no.
-
I see someone else is having a problem with hxxp://api.backend-app.com:8880
I have made an entry in the firewall rules, listed the port, listed the remote URL, no good. Must be missing something. I'll have to think about it...I haven't had to do this in a long time, but I'll figure it out.
Mainly wanted to say others aren't alone in this attack.
-
49 minutes ago, itman said:
If the blocks are occurring when your browser is open, check for like entries in Eset's Filtered websites log. Otherwise, check for entries in the Detections log.
Thanks. Why I didn't think of logs, I dunno. It's been a day.
But any way, there is an application under attack and I'm not sure why as it's nothing too special.
Anyway, Thanks itman,
mandrix
-
Internet Security is blocking a URL at the rate of at least 20 times/minute. Is there any provision for finding out which app is reaching out?
All the message lists is the URL address and that it has been blocked. I would like to know what is being blocked, exactly.
Thanks for any help. It's getting really annoying watching this box pop up constantly.
-
The link to ESET Log Collector as well as the instructions on its usage can be found at hxxp://support.eset.com/kb3466/
Thanks, I found it.
OK I reinstalled ESET on the current problem machine but did one thing different. In the past whenever I have to install/reinstall ESET I have used a saved ESET settings .xml file that I import with my settings. Since this was actually made several versions and/or licenses back, could this have been causing the problems? I mean I don't know if username/password gets imbedded into the saved setup file somehow but this time I manually setup ESET to allow traffic with the rest of my home network instead of using the saved setup file.
So far, so good, I will see how it goes over coming days as I have time to access the computer and see if it continues to work well or throws up another message.
-
Ok I found the utility. Will attempt reinstallation on the current problem pc this morning.
-
Please collect logs using ESET Log Collector and send it to me via a personal message along with a screen shot of the warning you're getting.
I will attempt reinstalling. Is ESET Log Collector a separate utility? If so where do I get it?
-
Hello,
Long time ESET user.
I have a 3 pc license good until January.
Recently after installing Windows 10, I can only run two licenses at a time. Always one or the other of two of the pc's will tell me within an hour of reinstalling/reactivation that the license has expired and throws a big message across the screen to either uninstall or renew the license!
I completely uninstalled Smart security on these two machines, and started over using only name/password. Within an hour activation will fail on one of them at random, so for now I gave up and uninstalled ESET on one of the machines that is used less. Also it did not matter if one of the pc's had ESET installed with only the activation code, it would randomly fail as well. Right now the two pc's still running ESET use the name/password activation.
Fortunately the third pc in another room has not been affected.
Any help? I do have a support email in but in the mean time one pc is not protected.
Thanks.
ESET I.S. Agressively blocking URL, can't find app
in Malware Finding and Cleaning
Posted
Good find!