nod123

[ 30 October, 2009] NOD32 latest escalation ID

a@b.com (kevin) — Fri, 30 Oct 2009 23:50:00 +0800

Username:TRIAL-23779717
Password:5uef66uupb

Username:TRIAL-23779721
Password:3vupvk7x73

Username:TRIAL-23883159
Password:urfpd8uhe3

Username:EAV-22819751
Password:e2d3xbhcmm

Username:EAV-22819754
Password:xtk5sxtadv

Username:EAV-23369964
Password:4x3kb5rej4

Username:EAV-23546466
Password:mem57djuh6

Username:EAV-17446823
Password:c56dbs7jjd

Username:EAV-23485187
Password:ntebmedu2v

Username:TRIAL-23649878
Password:fkr3nvpj3s

Username:TRIAL-23649887
Password:fbmd5jme33

Username:TRIAL-23779708
Password:x38rt3muuh

Username:EAV-23624052
Password:2nc8p56xnb

Username:EAV-23540739
Password:exkx8ba4dh

Username:EAV-23540757
Password:mhp3fb5dav

Username:EAV-23540772
Password:3st3h58d76

Username:EAV-23540790
Password:u7rxsb4hb5

Username:EAV-23540793
Password:bchuxnrmjt

Username:EAV-23540802
Password:7fb6mjhmp3

Username:EAV-23540814
Password:6kn7j2xhdj

Username:EAV-23540815
Password:sde3j7xbn5

Configuring and using eset personal firewall rules

a@b.com (kevin) — Wed, 23 Sep 2009 08:16:36 +0800

Rules represent a set of conditions used to meaningfully test all network connections and all actions assigned to these conditions. In personal firewall, you can define what action to take, if a connection defined by a rule is established.

To access the rule filtering setup, navigate to Advanced setup (F5) > Personal firewall > Rules and zones. To display the current configuration, click Setup in the Rule and zone editor section. If the personal firewall is set to automatic filtering mode, these settings are not available.

In the setup window, an overview of rules or zones is displayed (based on the currently selected tab). The window is divided into two sections. The upper section lists all rules in a shortened view. The lower section displays details about the rule currently selected in the upper section. At the very bottom are the buttons New, Edit, and Delete, which allow the user to configure rules.

If taking into account the direction of communication, connections can be divided into incoming and outgoing connections. Incoming connections are initiated by a remote computer attempting to establish connection with the local system. Outgoing connections work in the opposite way - the local side contacts a remote computer.

If a new unknown communication is detected, you must carefully consider whether to allow or deny it. Unsolicited, unsecured or totally unknown connections pose a security risk to the system. If such a connection is established, it is recommended that you pay particular attention to the remote side and the application attempting to connect to your computer. Many infiltrations try to obtain and send private data, or download other malicious applications to the host workstations. The personal firewall allows the user to detect and terminate such connections.

Why does my Protection status icon turn red after installing Service Pack 2 for Microsoft Windows Vista or Windows Server 2008?

a@b.com (kevin) — Sat, 12 Sep 2009 00:05:36 +0800

Problem: The ESET icon next to the system clock turns red after installing Service Pack 2 for Windows Vista or Windows Server 2008.

Solution: Service Pack 2 for Microsoft Windows Vista and Windows Server 2008 can conflict with version 4.0 of ESET Smart Security and ESET NOD32 Antivirus. If you are running version 4.0 of either ESET Smart Security or ESET NOD32 Antivirus and have installed the latest update for Microsoft Windows Vista and Windows Server 2008, which includes Service Pack 2, you may be experiencing issues with your ESET security product.

An incompatibility between Service Pack 2 and the 4.0 versions of ESET Smart Security and ESET NOD32 Antivirus may prevent the proper functioning of real-time file-system protection. If your computer is experiencing this issue, the ESET icon next to the system clock will turn red, alerting you that maximum protection is not ensured. It may also notify you that your ESET security product needs to be reinstalled. However, reinstalling will not fix the issue. An update for version 4.0 ESET security products has been released and automatically distributed.

If you had previously disabled the Anti-Stealth and Self-defense options and/or enabled Test Mode to receive the update module, follow the steps below to restore your ESET security product's settings:

Disable Test Mode

Open the main program window by clicking the ESET icon next to the system clock or by clicking Start → All Programs → ESET → ESET Smart Security or ESET NOD32 Antivirus.
Press the F5 key to open the Advanced Setup window.
Click Update in the Advanced Setup tree and then click the Setup... button to enter the Advanced update setup window.

Fig. 1-1
Deselect Enable test mode.

Fig. 1-2
Click OK in the Advanced update setup window to confirm the changes.

NOTE: The test modules you downloaded while in Test Mode may be replaced with publicly released modules during a subsequent virus signature database update.

Enable Anti-Stealth and Self-defense

If you had previously disabled the Anti-Stealth and Self-defense options, re-enable them by following the steps below:

Open the main program window by clicking the ESET icon next to the system clock or by clicking Start → All Programs → ESET → ESET Smart Security or ESET NOD32 Antivirus.
Press the F5 key to enter the Advanced Setup window and then from the Advanced Setup tree, click Antivirus and antispyware.
Select the following two options to the right:
Enable Anti-Stealth technology
Enable Self-defense

Fig. 1-3

Click OK in the Setup pop-up window and OK again to close the Advanced setup window.
Restart your computer.

Adding/Editing/Deleting a Whitelist entry (3.0)

a@b.com (kevin) — Tue, 08 Sep 2009 23:17:08 +0800

A whitelist is a list of email addresses or domains that you have designated as legitimate email contacts. Messages from these contacts will not be blocked automatically, and will be delivered successfully to your inbox.

To more effectively filter spam, use the Whitelist in conjunction with the Blacklist. A Blacklist is a list of specific email addresses or domains considered to be associated with spam.

Adding an email address to the Whitelist

Open the main program window by clicking the ESET icon next to the system clock or by clicking Start → All Programs → ESET → ESET Smart Security.
If you seee the message Display: Standard mode in the lower left corner, toggle to Advanced mode by clicking Toggle Advanced mode, or by pressing CTRL + M on your keyboard.
From the main menu, click Setup → Antispam module.
The Antispam module will be displayed. In the middle of the window, click Whitelist.

Fig. 1-1
The Whitelist window will appear. From here you can Add, Edit, or Remove Whitelist entries. To add an email address to the Whitelist, click the Add button.
The New item window will appear. In the Email address field, enter the email address you want whitelisted. In the Name field, enter the company or individual associated with the address.
If you wish to whitelist the entire email domain, select the Whole domain option at the bottom of the window. This can be useful if you wish to allow email mesages from all individuals in a specified organization.

Fig. 1-2
Click OK to finish.

Editing a Whitelist entry

While in the Whitelist window from step 5 above, select the address you wish to edit, and click the Edit button.
The Item change window will appear, allowing you to change the email address or name of the entry. Click OK to finish.

Fig. 1-3

Removing a Whitelist entry

While in the Whitelist window from step 5 above, select one or more email addresses, and click the Remove button.
A dialog box will ask you to verify the action. Click OK to confirm.
Close the Whitelist window when you are finished adding, editing, or removing entries.

Use eset personal firewall to Creating new rules and Editing rules

a@b.com (kevin) — Mon, 10 Aug 2009 08:51:29 +0800

Creating new rules

When installing a new application which accesses the network, or if there was a modification to an existing connection (remote side, port number, etc.), a new rule must be created.

To add a new rule, click on the New button in the Zone and rule setup window. Clicking on this button opens a new dialog window which allows the specification of a new rule. The upper part of the window contains three tabs:

General: Specifies the name of the rule, direction, action and protocol. Direction is either in or out (or both). Action means allowing or denying the given connection.
Local side: Displays information about the local side of the connection. The information comprises the number of the local port or port range and the name of the communicating application.
Remote side: This tab contains information about the remote port (port range). It also allows the user to define a list of remote IP addresses or zones for a given rule.

A good example of adding a new rule is allowing your Internet browser to access the network. The following must be provided in this case:

On the General tab, enable outgoing communication via the TCP & UDP protocol
Add the process representing your browser application (for Internet Explorer it is iexplore.exe) on the Local tab
On the Remote tab, enable port number 80 if you wish to allow standard World Wide Web services only

Editing rules

To modify an existing rule, click on the Edit button. All the above-mentioned parameters (which are described in the chapter Creating new rules) can be modified.

Modification is required each time any of the monitored parameters are changed. As a result, the rule does not fulfill the conditions and the specified action cannot be applied. In the end, the given connection may be refused, which can result in problems with operation of the application in question. An example is a change of network address or port number for the remote side.

How do I temporarily disable the startup scan?

a@b.com (kevin) — Mon, 11 May 2009 00:08:46 +0800

By default, your ESET security product will scan programs and memory at startup. If your system startup scan is taking an unusually long time to complete, you may have conflicting programs set to run at start up. You cannot cancel the startup scan once it has started, but you can temporarily disable the scan from running on system startup by following the directions below:

Open the main program window by clicking the icon in the Windows notification area or by clicking Start → All Programs → ESET → ESET Smart Security or ESET NOD32 Antivirus.
Toggle to Advanced mode by clicking Change... in the lower left corner and then clicking Yes if you are prompted to confirm or by pressing CTRL + M on your keyboard.
In the left column, click Tools → Scheduler. The Scheduler/Planner window will be displayed.
Deselect Automatic startup file check | System Startup file check. | User logon. By default, this is the fourth option down.

Fig. 1-1
Restart your computer. Your startup scan is now disabled.

Important! Disabling the ESET startup scan exposes your computer to risk and is only a temporary fix for a third-party application conflict. If possible, we recommend checking for other applications which are scheduled to run at startup and either deselecting their startup features or uninstalling the conflicting software from your computer. ESET is unable to provide support for other third-party applications.

Email functionality issues: Solution checklist

a@b.com (kevin) — Thu, 16 Apr 2009 06:27:31 +0800

Occasionally, features designed to protect your computer from malware can interfere with your email functionality. Below are known issues and instructions for resolving them.

Difficulty sending or receiving email

Problem: I can receive incoming email but cannot send outgoing mail.

Solution: Modify the email filtering to avoid conflicts. Click here for instructions.

Problem: Immediately after installing ESET Smart Security I can no longer send or receive email.

Solution: Modify the rules governing the behavior of your ESET Personal firewall to allow email traffic. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Problem: My email stopped working after I installed my ESET security product on a computer which already had another antivirus or antispam program installed on it.

Solution: Third-party antivirus and antispam programs, as well as other software firewalls such as Outpost, Zone Alarm or Kerio, can create conflicts when your ESET security product is installed on top of them. You will need to uninstall your ESET security product and uninstall the third party software and then reinstall your ESET security product. Click the Knowledgebase link below that corresponds to your software version:

Problem: I am using ESET Smart Security 4.0 with Mozilla Thunderbird and my email client is behaving strangely, garbling data, losing messages, etc.

Solution: An early version of ESET Smart Security 4.0 created conflicts with Thunderbird. These issues were fixed in Version 4.0.437. Click here for instructions to uninstall and reinstall the latest version of ESET Smart Security 4.0.

Problem: I am using a non-standard email client and my ESET security product seems to be blocking my email traffic.

Solution: Your ESET security product's protocol filtering may not recognize email clients other than Microsoft Outlook, Outlook Express, Windows Mail or Mozilla Thunderbird. If you are using a client such as Eudora, Kerio MailServer, Opera Mail, The Bat!, etc., you should deselect that program from Email client protection scanning. Click the Knowledgebase link below that corresponds to your software version:

ESET Antispam issues

Problem: The ESET Smart Security Antispam Toolbar does not appear in my email client.

Solution: You may need to modify your settings or ensure that you are using a version that is compatible with your email client. For example, full email integration on Mozilla Thunderbird is supported only in ESET Smart Security 4.0 and later. Click the Knowledgebase link below that corresponds to your software version:

Problem: I want to remove the ESET Smart Security Antispam Toolbar from my email client.

Solution: You can remove the Antispam Toolbar from a single session or remove it from your client entirely. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Problem: I cannot find messages that the ESET Antispam module is marking as spam. Where are they being sent?

Solution: You can choose the destination folder that ESET Smart Security is sending messages it flags as spam. Click the Knowledgebase link below that matches your version of ESET Smart Security:

Problem: How do I tell the Antispam module which email addresses are trusted (Whitelist) contacts and which ones are known spam sources (Blacklist)?

Solution: You can add and modify the Whitelist and Blacklist that your ESET Antispam module uses to protect you from spam while allowing trusted email. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Version 4.0: modifying entries to the Whitelist and the Blacklist

Version 3.0: modifying entries to the Whitelist and the Blacklist

NOTE: You can also export your Whitelist or Blacklist from one computer and import them onto another.

Problem: My ESET Antispam module is adding an unwanted note to my incoming and/or outgoing mail that says the message has been scanned.

Solution: You can configure or disable the scanned message tag that appears at the end of emails that your ESET security product has scanned. Click the Knowledgebase link below that corresponds to your version of ESET Smart Security:

Other

Problem: I want to disable my ESET security product's email protection entirely.

Solution: It is possible, but not recommended, to disable the ESET Antispam module. Doing so will expose your computer to added risk. if you wish to proceed, click the Knowledgebase link below that corresponds to your software version:

Why does the Protection status icon change color and what does each color mean?

a@b.com (kevin) — Wed, 15 Apr 2009 00:00:17 +0800

Your ESET security product displays your current level of protection in the Protection status area, located on the left of the main program window. It displays information related to your computer's security, including:

Protection status level, with color-coded Protection status monitor icon
The number of attacks on your computer that your ESET security product has blocked
The current version of the virus signature database
The date your license expires

Fig. 1-1

What does each color mean?

Green - Maximum protection

The green Protection status icon with a white checkmark indicates that your computer is fully protected. If you are using ESET Smart Security, Antivirus and antispyware, Personal firewall and Antispam module will be visible and marked with green checkmarks indicating that each is updating correctly and functioning optimally. If you are using ESET NOD32 Antivirus, Antivirus and antispyware will be marked with a green checkmark.

Fig. 1-2

NOTE: If your Antivirus and antispyware or Personal firewall are not updated or functioning optimally, one or both will be marked with a red exclamation point and your Protection status icon will change. If your Antispam module is not fully updated or functioning optimally, it will be marked with a red exclamation point; however, your computer's Protection status will not change because the Antispam module protects your email only.

Yellow - Maximum protection may not be ensured
The yellow Protection status icon with a white letter 'i' indicates that maximum protection status is not ensured. This means your computer is still being protected, but one or more of the recommended or default protection features is disabled or not functioning correctly and may be exposing you to added risk.

If your virus signature database is unable to update, your Protection status icon will turn yellow.
If you have not downloaded the latest updates for Windows, your Protection status icon will change to yellow by default in version 4.0 of your ESET security product.
Instructions for modifying or disabling your ESET security product's Windows update notification features are available here.
Your Protection status icon will also turn yellow when your ESET security product's license has 10 days remaining or fewer before it expires.
When it expires, your ESET security product will be unable to update and your Protection status will then change to red. Instructions for renewing your license are available here.
If you disable Document protection, Email client protection or Web access protection, your Protection status icon will change to yellow.
If you select Block all network traffic on the ESET Personal firewall, your computer will not be exposed to risk but your Protection status icon will turn yellow because no network services, such as updates, will be available.

Generally, you can restore the green maximum Protection status icon by following the instruction in the alert box below the yellow Protection status icon.

Fig. 1-3

Red - Maximum protection is not ensured
A red Protection status icon with a white exclamation point appears when maximum protection is not ensured and your computer is vulnerable to threats. Generally, you will see an alert message explaining why maximum protection is not ensured and recommending actions to take. One or both of the Antivirus and antispyware or the Personal firewall modules may have red exclamation points next to them.

If your Protection status icon turns red immediately after you install ESET Smart Security or ESET NOD32 Antivirus, check to make sure your username and password are entered correctly. A typo in the username or password fields will prevent your ESET security product from updating.
If one of your ESET security product's critical protection modules, such as Antivirus and antispyware, is disabled, the Protection status icon will turn red.
If your Protection status icon is red because Real-time file system protection is disabled, you can re-enable it from the main program window in Advanced mode by clicking Setup → Antivirus and antispyware protection → Real-time file system protection → Enable. Click here for more information about how to exclude certain files from Real-time file system scanning without disabling the module entirely.
If your Protection status icon is red because your ESET Personal firewall is disabled, you can re-enable it from the main program window in Advanced mode by clicking Setup→ Personal firewall → Network traffic filtering → Switch to filtering mode. Click here for more information about configuring your Personal firewall.

Fig. 1-4

How do I use ESET Remote Administrator to disable notifications about Windows updates?

a@b.com (kevin) — Tue, 14 Apr 2009 03:18:12 +0800

When Windows updates are missing, ESET Smart Security and/or ESET NOD32 Antivirus display notifications requesting the updates. You can use ESET Remote Administrator (ERA) to suppress these notifications on client computers that report to the ERA server. To create a configuration that suppresses these notifications and push that configuration out to client computers, follow the steps below:

Open the ESET Remote Administrator Console (ERAC) by clicking Start → All Programs → ESET → ESET Remote Administrator Console.
Click Tools → ESET Configuration Editor.
In the ESET Configuration Editor menu on the left, click ESET Smart Security, ESET NOD32 Antivirus → ESET Kernel → Setup → Advanced → Notify about missing OS updates from level: Critical updates.

Fig. 1-1
Select No updates from the Value drop-down menu in the Setup area on the right. Click File → Save to save the configuration as a .xml file. Close the ESET Configuration Editor.

Fig. 1-2
In the ERA Console, click File → New Task....
In the New Task window, select Configuration. Click OK.
In the Configuration for Clients window, click the Select button and navigate to the .xml configuration file you created in the steps above. Click Next.

Fig. 1-3
Apply the .xml configuration file to the clients you want by dragging and dropping each client into the Selected items column. Click Next.

Fig. 1-4
A summary window will display the task type and list of clients to which it will be applied. In this window, you can set a time to apply the task, give the task a name and describe the task. Click Finish to complete the task setup and apply the configuration to client computers that report to the ERA server.

How do I disable the graphical user interface (egui.exe)?

a@b.com (kevin) — Thu, 02 Apr 2009 23:55:35 +0800

Although ESET does not recommend doing so, it is possible to disable the graphical user interface of your ESET security product. In certain cases, such as terminal server networks with extreme memory limitations, you may wish to disable each instance of the egui.exe. It is essential that you first configure ESET Remote Administrator to control terminal computers running instances of ekrn.exe because after disabling, there will be no graphical interface on the terminal computer.

Click here for more information about ESET Remote Administrator.
Click here for information about how to install ESET Remote Administrator and set up a Mirror server.
Click here for instructions on pushing out .xml configurations to your network client computers.

Warning: Do not proceed unless you are an experienced user and familiar with ESET Remote Administrator.

Disabling the graphical user interface
Follow the steps below to disable egui.exe on an individual client:

Click Start → Run (Windows Vista users: Click Start, type Run and press ENTER).
Enter the following string into the command-line field and click OK:

REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui /f

Recommended settings
You may encounter a variety of issues once egui.exe is disabled. Below is a list of potential solution configurations that can be pushed out through ESET Remote Administrator to address these issues. In general, you should configure your ESET security product to minimize the number of user interactions required because the lack of a graphical user interface makes such interactions more difficult.

Antivirus and antispyware

Cleaning
We recommend you set the cleaning level in the ThreatSense engine parameter setup window to Strict cleaning in all modules. Click here for illustrated instructions.

SLL Protocol filtering
If administration of the SSL protocol is needed, we recommend turning on Block communication that uses the certificate. From the main program window, press the F5 key. From the Advanced Setup window, click Antivirus and antispyware → Protocol filtering → SSL → Certificates → End certificate validity.

Update
We recommend you select Never restart computer and Never update program components. From the main program window, press the F5 key to open the Advanced Setup window. From the Advanced Setup tree, click Update → Setup and then select these options under the Update mode tab.

Tools
If the ThreatSense.Net Early Warning System is enabled, we recommend selecting the Submit without asking option. From the main program window, press the F5 key to open the Advanced Setup window. From the Advanced Setup tree, click Tools → ThreatSense.Net → Advanced setup... and select the Submit without asking option in the Suspicious files tab.

Email clients and issues
The lack of a graphical user interface results in a few changes to the way your ESET security product works with email clients:

You must configure your ESET security product not to ask for user action in alert messages, since the alerts will not appear. From the Advanced Setup window, click Antivirus and antispyware → Email client protection → Setup... and move the slider to Strict cleaning.

Also, you must add addresses into antispam lists (trusted addresses, spam, list of inclusions) remotely, since those options will not be available on the client terminal.

Some items on the ESET Antispam Toolbar drop-down menu in your email client will be inactive, such as Antispam setup, Address books and Help.

NOTE: Under certain circumstances, a Microsoft Outlook integration error can occur or an existing integration can stop functioning. Microsoft Outlook may display the following message:

"The Add-in ESET Outlook Plugin (C:\PROGRA~1\ESETESETNO~1\EPLGOU~1.DLL) cannot be loaded and has been disabled by Outlook. If no update is available, please uninstall the Add-in."

If this occurs, delete the extend.dat file of the user account with the error. By default, this file can be found in C:\Documents and Settings\Username\Local Settings\Application Data\Microsoft\Outlook. Outlook will automatically recreate the .dat file at the next application startup and the issue should not occur again. Other clients, such as Microsoft Outlook Express, Microsoft Windows Mail and Microsoft Windows Live Mail can also have very rare integration issues, often caused by the presence of another security program in addition to your ESET security product.

Scheduler
Schedules triggered by the User logon event trigger will not work without the graphical user interface because your ESET security product monitors the launch of egui.exe at user logon. If any of your scheduled tasks require user logon to start, reconfigure them to trigger on a different event. From the main program window, toggle your ESET security product to Advanced mode click Tools → Scheduler. In the Scheduler/Planner area, click on existing rules that launch at user logon and click Edit.... From the Edit task window, select an event trigger other than User logon, such as Every time computer starts or The first time the computer starts each day.

Personal firewall

Warning: ESET strongly discourages installations of ESET Smart Security on servers (and ESET Customer Care North America does not support such installations) for a number of reasons. A primary concern is that the ESET Personal firewall can block connections to the server, even those by an administrator seeking to modify the server after the installation. Below are suggestions for Personal firewall configuration that may be necessary on a computer running ESET Smart Security with egui.exe disabled.

Filtering mode
ESET recommends you use one of the following filtering modes: Automatic mode, Automatic mode with exceptions or Policy-based mode. Click here for more information about the Personal firewall filtering modes.

Rules and zones
ESET recommends you set your desired Personal firewall behavior when changing the network adapter settings. From the main program window, press the F5 key. From the Advanced Setup window, click Personal firewall → Rules and zones → Trusted zone → Setup… → Advanced settings.... and select Do not show the dialog with protection mode settings of the computer in the network.

Application modification detection
You will need to add trusted applications that update occasionally to the List of applications excluded from checking, since the user will not be able to see alert notifications asking if such updates are permitted. To exclude an application, open the Advanced Setup window and click Personal firewall → Application modification detection. Then, click Add... to add the list of applications that are allowed to update without being checked.

NOTE: You can disable Application modification detection entirely by deselecting Enable detection of application modifications check box in the Detect modification of network-aware applications area, but this will decrease the security of your computer.