-
Posts
165 -
Joined
-
Last visited
-
Days Won
5
Everything posted by toxinon12345
-
Ok, another plus would make a Directory tree Read-only. For example, I designed my HD partition 'F:' as Read only by creating this rule: Blocked file writes for: This source app ----> [userFolder]\appData\Local\temp\svchost.exe These file path ---> F:\*.* So F: and any subfolder would be protected against Locky
-
We even could block application execution from %temp% folder. Create a rule blocking application start for : ---> [userFolder]\appData\Local\Temp\svchost.exe as far as I know, Locky writes to this path as part of its install
-
HIPS is for geek users. I created a HIPS rule as a mitigation for the LOCKY threat (Filecoder): ---> Log enabled, notification enabled ---> Registry keys [blocked] for √[Renaming] √[Modify] operations HKEY_USERS\*\software\LOCKY\* Then make sure to remove any existing LOCKY regkey at that location
-
The only requirement is the 'drive:\' prefix Anyway I'm not sure if that is recursive for all nested directory levels
-
Help with this, please. I'm new in NOD32
toxinon12345 replied to chec23's topic in ESET NOD32 Antivirus
Esto es similar a un problema con ekrn.exe o con los módulos del programa... Realizó una nueva/fresca instalación?- 6 replies
-
- realtime protection
- HIPS
-
(and 1 more)
Tagged with:
-
HIPS is for geek users. It seems you must use the notation HKEY_USERS rather than HKEY_CURRENT_USER.
-
not a malware, but a greyware . Anyway you should be prompted for action after end of the scan.
-
Win32/Bundled.Toolbar.Ask.G - PUP handling
toxinon12345 replied to shaik's topic in Malware Finding and Cleaning
afaik, The only way to achieve that is to enable presentation/gamer mode for all your clients in combination with Standard cleaning -
Scheduled Scans
toxinon12345 replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Description: counting of "OFF/stopped" items Detail: I would like to see counting of "Permanently disabled" items at "Setup Pane". Also with no-color always. (Black and white) something similar to this, but in that case would be a '3' in Black/white https://forum.eset.com/uploads/post-6339-0-20654900-1457971762.png -
False Positive Detection not fixed
toxinon12345 replied to vsk121's topic in Malware Finding and Cleaning
That program is very suspicious xD -
I remembered back this page from ~7 years ago https://www.facebook.com/lostclusters
-
@Swex: This incident could be just an "annoying" FP, but this ocurred over what threat name? As far as I know (and ironically), ScrInject and Phishing could be as simple as Autorun INF plain text? Incidents like this makes me wonder if specific features like Exploit Blocker local mechanisms are enhanced with LiveGrid requests? . . .should enhance that precision and reduce any significant amount of affected users?
-
anyone know what this means in my scan log?
toxinon12345 replied to marshill's topic in ESET NOD32 Antivirus
I cant see all the log... why dont you copy/paste the text instead? -
actually the logic is the opposite: show ALL presumably potential problems only when they ocurrs in that screen. This a good kept behavior from previous release. I understand The contrast of the GUI, but you could combine the actual grey + cyan Hue to lower the excessive brightness. also the switch buttons could have rounded corners
-
Internet Protection Module 1173B.3 / 1173.5 / 1180
toxinon12345 replied to howardagoldberg's topic in ESET NOD32 Antivirus
I think these modules are more frequent in Beta testing of new releases, example: right now it would be the internet protection module (1203b), HIPS module (1186b), the new config module (1134b) and translation support module (1363b) i suppose precedence of module download would be beta channel first, then your prefered update channel (usually regular) and then your not prefered channel (usually pre-release) -
Scheduled Scans
toxinon12345 replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Add to wishlist: Performance enhancements to Emulation I noticed when scanning an UPX packed Icon Resource Library, it needs to unpack that section too....... but when removed the icons/bitmaps from the DLL, then UPXed and scanned all is OK back again -
Scheduled Scans
toxinon12345 replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Descr:experimental auto-whitelist in Filesystem protectin Details:limited to write-execute events & UPX bigger than ~3MB