-
Posts
165 -
Joined
-
Last visited
-
Days Won
5
Posts posted by toxinon12345
-
-
Ok, another plus would make a Directory tree Read-only.
For example, I designed my HD partition 'F:' as Read only by creating this rule:
Blocked file writes for:
This source app
----> [userFolder]\appData\Local\temp\svchost.exe
These file path
---> F:\*.*
So F: and any subfolder would be protected against Locky
-
We even could block application execution from %temp% folder.
Create a rule blocking application start for :
---> [userFolder]\appData\Local\Temp\svchost.exe
as far as I know, Locky writes to this path as part of its install
-
HIPS is for geek users.
I created a HIPS rule as a mitigation for the LOCKY threat (Filecoder):
---> Log enabled, notification enabled
---> Registry keys [blocked] for
√[Renaming]
√[Modify] operations
HKEY_USERS\*\software\LOCKY\*
Then make sure to remove any existing LOCKY regkey at that location
-
i speak about .locky files (second screen capture)
The only requirement is the 'drive:\' prefix
Anyway I'm not sure if that is recursive for all nested directory levels
-
Esto es similar a un problema con ekrn.exe o con los módulos del programa... Realizó una nueva/fresca instalación?
-
HIPS is for geek users.
It seems you must use the notation HKEY_USERS rather than HKEY_CURRENT_USER.
-
Should the AMS submit suspected fileless threats for analysis?
-
not a malware, but a greyware . Anyway you should be prompted for action after end of the scan.
-
afaik, The only way to achieve that is to enable presentation/gamer mode for all your clients in combination with Standard cleaning
-
Description: counting of "OFF/stopped" items
Detail: I would like to see counting of "Permanently disabled" items at "Setup Pane".
Also with no-color always. (Black and white)
something similar to this, but in that case would be a '3' in Black/white
https://forum.eset.com/uploads/post-6339-0-20654900-1457971762.png
-
Merely just by info, could you tell us what options has you disabled in Application Statuses, since that is a setting you afirmatively mentioned?
-
I am running version 9.0.375 in Windows 7, but noticed some problems when using the User Interface in Windows 10
-
sounds like you have the protocol filtering chain interrupted at some place: maybe the HTTP scanner or the protocol filtering itself. If I am correct, you should already know, no?
-
That program is very suspicious xD
-
I remembered back this page from ~7 years ago https://www.facebook.com/lostclusters
-
@Swex: This incident could be just an "annoying" FP, but this ocurred over what threat name?
As far as I know (and ironically), ScrInject and Phishing could be as simple as Autorun INF plain text?
Incidents like this makes me wonder if specific features like Exploit Blocker local mechanisms are enhanced with LiveGrid requests? . . .should enhance that precision and reduce any significant amount of affected users?
-
I cant see all the log... why dont you copy/paste the text instead?
-
actually the logic is the opposite: show ALL presumably potential problems only when they ocurrs in that screen. This a good kept behavior from previous release.
I understand The contrast of the GUI, but you could combine the actual grey + cyan Hue to lower the excessive brightness. also the switch buttons could have rounded corners
-
What areas of the system is a Smart Scan suppose to scan? Does it still scan all of C drive? I conducted a Smart Scan, and it scanned my external drive as well. I'm using ESS 9.0.117.0
All the system, with Smart Optimization Enabled (aka fingerprinting and LiveGrid whitelisting)
-
I think these modules are more frequent in Beta testing of new releases, example: right now it would be the internet protection module (1203b), HIPS module (1186b), the new config module (1134b) and translation support module (1363b)
i suppose precedence of module download would be beta channel first, then your prefered update channel (usually regular) and then your not prefered channel (usually pre-release)
-
-
maybe is toó late but I would see the Idle scanner evolve into some type of regularly scheduled "extended startup scan" and monthly "full scan", also by default auto scan USB storage in smart mode (no archives)
-
Add to wishlist: Performance enhancements to Emulation
I noticed when scanning an UPX packed Icon Resource Library, it needs to unpack that section too....... but when removed the icons/bitmaps from the DLL, then UPXed and scanned all is OK back again
-
Descr:experimental auto-whitelist in Filesystem protectin
Details:limited to write-execute events & UPX bigger than ~3MB
Annoying parental control alerts
in ESET Internet Security & ESET Smart Security Premium
Posted
On your taskbar tray, right click the ESET icon and click the Log option, from the dropdown select Websites filtered and copy it here in the forum. Do the same with the parental log