Jump to content

ESET Internet Security 14.0.22...bugs??


Recommended Posts

Hi...

I'm new in this forum...and I have 2 questions

1º If the network card goes into suspension mode to save energy ... when leaving the suspension, the firewall does not work ... I can ping the router and 8.8.8.8 ... but I cannot navigate or update any program
Solution: Restart Win10 (and disable power save)

 

2º Tools - Micosoft Windows Update ... I never update Win10 (formatting every 6 months) and I have the corresponding services disable ... Why if I select the option "No updates" it does not respect the configuration of my services and leaves them as they were ?
Solution: Disable services manually after setting "No updates"

Is this normal?

Thanks


Sorry for the google translation

Link to comment
Share on other sites

15 hours ago, HugoCar said:

1º If the network card goes into suspension mode to save energy ... when leaving the suspension, the firewall does not work ... I can ping the router and 8.8.8.8 ... but I cannot navigate or update any program
Solution: Restart Win10 (and disable power save)

Below are my network adapter power settings:

Eset_Network.png.67c33b855fbaedb56d5837ebee2220f6.png

Also, Win 10 PCI-E LInk State Power Management setting is set to Moderate.

I have no network adapter issues with Eset upon resume from sleep mode or otherwise.

15 hours ago, HugoCar said:

2º Tools - Micosoft Windows Update ... I never update Win10 (formatting every 6 months) and I have the corresponding services disable ... Why if I select the option "No updates" it does not respect the configuration of my services and leaves them as they were ?

Eset queries the Win Update Catalog to determine if applicable Win OS updates are available. If such exist, it just shows in the GUI that this status exists. Eset does not affect current Win Update OS settings in any way. If this Eset option is set to "No Updates," it should not be displaying in the Eset GUI that Win Updates are available.

Link to comment
Share on other sites

1º Have you tried it or has the network card never been put to sleep? ... I can see the network icon on the taskbar change to "Offline" and when I move the mouse it changes back to "Internet Access" ... and only ping works

 

2º All this is very good if in the Advanced Configuration - Tools - Microsift Windows Update you select any option of "Update ..." but if you select "Do not update" why does not leave the services as it was?

My config before install ESET with Windows Update services disables

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004


After install ESET...Windows Update services are enable

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc]
"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000003

 

Why??

 

Thanks

 

Link to comment
Share on other sites

 

17 hours ago, HugoCar said:

1º Have you tried it or has the network card never been put to sleep? ... I can see the network icon on the taskbar change to "Offline" and when I move the mouse it changes back to "Internet Access" ... and only ping works

The only time I have observed the desktop toolbar network behavior you described is when there is a network connectivity issue; i.e. no IPv4 connection established. I have never observed it in regards to network adapter entering sleep mode while desktop was active. I have seen the "globe" status appear on the icon after resume from PC sleep mode on the Win 10 sign on screen. It immediately disappears on the subsequent password entry screen.

17 hours ago, HugoCar said:

ll this is very good if in the Advanced Configuration - Tools - Microsift Windows Update you select any option of "Update ..." but if you select "Do not update" why does not leave the services as it was?

The only service related directly to Win Updating is wuauserv of those you posted. Again, I can't see in any way Eset changing that or any other of the services you posted startup type in the registry. I do know that disabling BITS service will cause major issues with your Windows installation.

-EDIT- I will also note this. By disabling Windows update capability, you are exposing your device to undue risk of malware infection. At the minimum Windows updating should be configured to receive security updates. This will cover you against OS and Microsoft app software vulnerabilities.

An alternative that would require you to keep up to date on all the above noted vulnerabilities and security issues is to download these updates via Windows Update Catalog web site.

Edited by itman
Link to comment
Share on other sites

As far as disabling wuauserv service via registry start setting, scroll down to "Option 3" section in this article: https://www.tenforums.com/tutorials/8013-enable-disable-windows-update-automatic-updates-windows-10-a.html#option7 . It doesn't work on Win 10 Home versions.

As far as manually disabling wuauserv service via services.msc, scroll down to "Option 6" section and note this:

Quote

Windows 10 is notorious about randomly automatically enabling the Windows Update service (even if disabled), so this option is not always reliable.

 

Link to comment
Share on other sites

Hi..!!

1º I always disable energy saving in all my devices ... I only commented on it because it has happened to me 2 or 3 times and I thought it could be a bug

I am trying to reproduce the error in VMWare but now it does not come out ... if it comes out again I will try to save the data to check and get rid of doubts

 

2º The services are related to each other ... for example wuauserv cannot work without BITS, by the way I have also read

https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html

"According to security researchers at cyber-security firm ESET, since BITS tasks are more likely permitted by host-based firewalls and the functionality automatically adjusts the data transfer rate, it allows malware to stealthily operate in the background without raising any red flags."

https://www.thewindowsclub.com/windows-update-medic-service

https://www.thewindowsclub.com/update-orchestrator-service-in-windows-10

I do this "WubLock"=dword:00000001 to prevent changes in the service

 

Thanks!!

Link to comment
Share on other sites

2 hours ago, HugoCar said:

"According to security researchers at cyber-security firm ESET, since BITS tasks are more likely permitted by host-based firewalls and the functionality automatically adjusts the data transfer rate, it allows malware to stealthily operate in the background without raising any red flags."

I am not really concerned about an ATP actor attacker targeting me. From the same Eset write up you quoted:

Quote

The Win32/StealthFalcon backdoor, which appears to have been created in 2015, allows the attacker to control the compromised computer remotely. We have seen a small number of targets in UAE, Saudi Arabia, Thailand, and the Netherlands; in the latter case, the target was a diplomatic mission of a Middle Eastern country.

I also monitor all PowerShell execution and have my e-mail client totally locked down:

Quote

The key component in the attack documented in the Citizen Lab report was a PowerShell-based backdoor, delivered via a weaponized document that was included in a malicious email.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...