HugoCar 0 Posted February 8, 2021 Share Posted February 8, 2021 Hi... I'm new in this forum...and I have 2 questions 1º If the network card goes into suspension mode to save energy ... when leaving the suspension, the firewall does not work ... I can ping the router and 8.8.8.8 ... but I cannot navigate or update any program Solution: Restart Win10 (and disable power save) 2º Tools - Micosoft Windows Update ... I never update Win10 (formatting every 6 months) and I have the corresponding services disable ... Why if I select the option "No updates" it does not respect the configuration of my services and leaves them as they were ? Solution: Disable services manually after setting "No updates" Is this normal? Thanks Sorry for the google translation Link to comment Share on other sites More sharing options...
itman 1,659 Posted February 8, 2021 Share Posted February 8, 2021 15 hours ago, HugoCar said: 1º If the network card goes into suspension mode to save energy ... when leaving the suspension, the firewall does not work ... I can ping the router and 8.8.8.8 ... but I cannot navigate or update any program Solution: Restart Win10 (and disable power save) Below are my network adapter power settings: Also, Win 10 PCI-E LInk State Power Management setting is set to Moderate. I have no network adapter issues with Eset upon resume from sleep mode or otherwise. 15 hours ago, HugoCar said: 2º Tools - Micosoft Windows Update ... I never update Win10 (formatting every 6 months) and I have the corresponding services disable ... Why if I select the option "No updates" it does not respect the configuration of my services and leaves them as they were ? Eset queries the Win Update Catalog to determine if applicable Win OS updates are available. If such exist, it just shows in the GUI that this status exists. Eset does not affect current Win Update OS settings in any way. If this Eset option is set to "No Updates," it should not be displaying in the Eset GUI that Win Updates are available. Link to comment Share on other sites More sharing options...
HugoCar 0 Posted February 8, 2021 Author Share Posted February 8, 2021 1º Have you tried it or has the network card never been put to sleep? ... I can see the network icon on the taskbar change to "Offline" and when I move the mouse it changes back to "Internet Access" ... and only ping works 2º All this is very good if in the Advanced Configuration - Tools - Microsift Windows Update you select any option of "Update ..." but if you select "Do not update" why does not leave the services as it was? My config before install ESET with Windows Update services disables [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "Start"=dword:00000004 After install ESET...Windows Update services are enable [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc] "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc] "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc] "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "Start"=dword:00000003 Why?? Thanks Link to comment Share on other sites More sharing options...
itman 1,659 Posted February 9, 2021 Share Posted February 9, 2021 (edited) 17 hours ago, HugoCar said: 1º Have you tried it or has the network card never been put to sleep? ... I can see the network icon on the taskbar change to "Offline" and when I move the mouse it changes back to "Internet Access" ... and only ping works The only time I have observed the desktop toolbar network behavior you described is when there is a network connectivity issue; i.e. no IPv4 connection established. I have never observed it in regards to network adapter entering sleep mode while desktop was active. I have seen the "globe" status appear on the icon after resume from PC sleep mode on the Win 10 sign on screen. It immediately disappears on the subsequent password entry screen. 17 hours ago, HugoCar said: ll this is very good if in the Advanced Configuration - Tools - Microsift Windows Update you select any option of "Update ..." but if you select "Do not update" why does not leave the services as it was? The only service related directly to Win Updating is wuauserv of those you posted. Again, I can't see in any way Eset changing that or any other of the services you posted startup type in the registry. I do know that disabling BITS service will cause major issues with your Windows installation. -EDIT- I will also note this. By disabling Windows update capability, you are exposing your device to undue risk of malware infection. At the minimum Windows updating should be configured to receive security updates. This will cover you against OS and Microsoft app software vulnerabilities. An alternative that would require you to keep up to date on all the above noted vulnerabilities and security issues is to download these updates via Windows Update Catalog web site. Edited February 9, 2021 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted February 9, 2021 Share Posted February 9, 2021 As far as disabling wuauserv service via registry start setting, scroll down to "Option 3" section in this article: https://www.tenforums.com/tutorials/8013-enable-disable-windows-update-automatic-updates-windows-10-a.html#option7 . It doesn't work on Win 10 Home versions. As far as manually disabling wuauserv service via services.msc, scroll down to "Option 6" section and note this: Quote Windows 10 is notorious about randomly automatically enabling the Windows Update service (even if disabled), so this option is not always reliable. Link to comment Share on other sites More sharing options...
HugoCar 0 Posted February 9, 2021 Author Share Posted February 9, 2021 Hi..!! 1º I always disable energy saving in all my devices ... I only commented on it because it has happened to me 2 or 3 times and I thought it could be a bug I am trying to reproduce the error in VMWare but now it does not come out ... if it comes out again I will try to save the data to check and get rid of doubts 2º The services are related to each other ... for example wuauserv cannot work without BITS, by the way I have also read https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html "According to security researchers at cyber-security firm ESET, since BITS tasks are more likely permitted by host-based firewalls and the functionality automatically adjusts the data transfer rate, it allows malware to stealthily operate in the background without raising any red flags." https://www.thewindowsclub.com/windows-update-medic-service https://www.thewindowsclub.com/update-orchestrator-service-in-windows-10 I do this "WubLock"=dword:00000001 to prevent changes in the service Thanks!! Link to comment Share on other sites More sharing options...
itman 1,659 Posted February 10, 2021 Share Posted February 10, 2021 2 hours ago, HugoCar said: "According to security researchers at cyber-security firm ESET, since BITS tasks are more likely permitted by host-based firewalls and the functionality automatically adjusts the data transfer rate, it allows malware to stealthily operate in the background without raising any red flags." I am not really concerned about an ATP actor attacker targeting me. From the same Eset write up you quoted: Quote The Win32/StealthFalcon backdoor, which appears to have been created in 2015, allows the attacker to control the compromised computer remotely. We have seen a small number of targets in UAE, Saudi Arabia, Thailand, and the Netherlands; in the latter case, the target was a diplomatic mission of a Middle Eastern country. I also monitor all PowerShell execution and have my e-mail client totally locked down: Quote The key component in the attack documented in the Citizen Lab report was a PowerShell-based backdoor, delivered via a weaponized document that was included in a malicious email. Link to comment Share on other sites More sharing options...
HugoCar 0 Posted February 10, 2021 Author Share Posted February 10, 2021 Hi..!! OK I will check the services every time I install ESET Link to comment Share on other sites More sharing options...
Recommended Posts