Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

"Compilation Of Tutorials, Guides, Tips & Updates"

dcs18

By dcs18
in Guides & Tutorials

Recommended Posts

  • Replies 7.3k
  • Views 1m
  • Created
  • Last Reply
mara-

mara-

Posted
Posted

You were wrong most of the time - this is the first time you are right, congratulations - seriously!!! The only 3 folks who were genuinely interested were skunk1966, idmresettrial and HNB.

While the activation lasted, you could have have harvested the whole situation for your own fix - if you were not so determined to disprove the firewall method (upon which you base your new fix.)

ps:--

My observation is that ESET activates the copy online but stores the activation, on the Users' HDD - you may choose to believe or disbelieve me.

BTW, about the IP that you were so desperately wanting to find out the method I used - all my IP are published using only industry-grade professional network sniffers based on the Surgeon's approach (not the Butcher method that some employ.) I do allow or block my IPs based on mere suspicion.

I wasn't desperate at all. I was just waiting to see results, and at the beginning I rushed with the new fix, but then I stopped when I realized that there is only 10% chance this will work. I was genuinely interested, and I was right in everything I said, but no, you didn't listen because you think that only you're right. Activation is stored in registry, but not expiration. Expiration is not stored since Eset v4. And once again we go back to that I was right. Updates servers do check for user name and password, but since we blocked expiration server, there is probably some delay in communication between update server and expiration server, and that's why we could use that user name and password for a little longer. And harvesting for my fix? :lol: :lol: :lol: Do you really think it's important to me which fix is working for Eset? Absolutely not! Only important thing is that there IS some fix for it.

Cheers ;)

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted

You weren't desperate - you mean people called you filthy names, just for the heck of it?

Do you want me to post links and images to prove your desperation?

Link to comment
Share on other sites
mara-

mara-

Posted
Posted

That just proves how low is their level of culture, and you are even worse for keeping those images. And to put it simply, I was right all the time. :showoff: Deal with it!

BTW, I don't care about your posts.

Cheers ;)

Link to comment
Share on other sites
jamesDDI

jamesDDI

Posted
Posted

@mara- so there will be not any new fix for eset right? So when the v4 update servers will be closed the only choise will be to reset the trial license every months?

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted

BTW, I don't care about your posts.

Cheers ;)

So, then - what brings you here (if you don't care about my posts?)

Link to comment
Share on other sites
mara-

mara-

Posted
Posted

@mara- so there will be not any new fix for eset right? So when the v4 update servers will be closed the only choise will be to reset the trial license every months?

I will update the fix so it works before installation of Eset v8, and will use v4 servers as always. And when v4 servers stops working, currently I only see that solution - to reset every month. That could be also automated, but it would require keeping self-defence disabled.

BTW, I don't care about your posts.

Cheers ;)

So, then - what brings you here (if you don't care about my posts?)

I just came to say that I was right. And just because you created the topic does not mean that I can't communicate with other members here, but I'm done with you, that's for sure.

Cheers ;)

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted

I just came to say that I was right. And just because you created the topic does not mean that I can't communicate with other members here, but I'm done with you, that's for sure.

Cheers ;)

I was done with you, long ago - feel welcome to communicate with anyone (hopefully, on a new start - on a constructive note rather than the usual critical note.) ;)

Link to comment
Share on other sites
idmresettrial

idmresettrial

Posted
Posted

I will update the fix so it works before installation of Eset v8, and will use v4 servers as always. And when v4 servers stops working, currently I only see that solution - to reset every month. That could be also automated, but it would require keeping self-defence disabled.

Can a kernel driver bypass eset self-protecting?

I don't have enough knowledge to write a driver. Can you write one to do that test?

Link to comment
Share on other sites
mara-

mara-

Posted
Posted

What would be the point of self-defence if kernel driver can bypass it? Then virus could do the same thing. And I'm pretty sure that kernel drivers needs to be signed in order for Windows to accept it.

Cheers ;)

Link to comment
Share on other sites
idmresettrial

idmresettrial

Posted
Posted

What would be the point of self-defence if kernel driver can bypass it? Then virus could do the same thing. And I'm pretty sure that kernel drivers needs to be signed in order for Windows to accept it.

Cheers ;)

Have you had a look at microsoft kmdf?

I think it doesn't need to sign the driver.

Link to comment
Share on other sites
rudrax

rudrax

Posted
Posted

screenshot_1414497914.png

The above is a screenshot of WFC. You can see there 3 entries for the same file. The file is one of the executables from BlueSoleil package. The block rule for the file is defined by me. But, even the block rule for the specified file is there, BlueSoleil adds two allow rules for the same file and WFC doesn't know anything about it as it do not provide me any notification regarding those allow entries. Here WFC's capabilities comes under doubt.

Link to comment
Share on other sites
jamesDDI

jamesDDI

Posted
Posted

What would be the point of self-defence if kernel driver can bypass it? Then virus could do the same thing. And I'm pretty sure that kernel drivers needs to be signed in order for Windows to accept it.

Cheers ;)

Have you had a look at microsoft kmdf?

I think it doesn't need to sign the driver.

Hope in this new way ..
Link to comment
Share on other sites
rudrax

rudrax

Posted
Posted

This happens neither with my own copy of WFC nor with any of the hundreds of others that I administer. 5F7Wk2b.gif

When did you start using BlueSoleil? :o

Link to comment
Share on other sites
rudrax

rudrax

Posted
Posted

This happens neither with my own copy of WFC nor with any of the hundreds of others that I administer. 5F7Wk2b.gif

When did you start using BlueSoleil? :o

No need for BlueSoleil - have already heard that complaint. ;)

Nope, in case of BlueSoleil, it's different. At that time ESET created the allow rule itself, I didn't have "Secure rule" checked. Now I have. But don't know how BlueSoleil is being able to create the rule without my permission and even after I've created block rule for the same file. These chinese things are shocking sometimes. Can you test drive the latest version of BlueSoleil and see if you face this issue. If you do (unless PL is restricting it), this will be a bug, which I think, you will be able to report the developers.

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted

This happens neither with my own copy of WFC nor with any of the hundreds of others that I administer. 5F7Wk2b.gif

When did you start using BlueSoleil? :o
No need for BlueSoleil - have already heard that complaint. ;)
Nope, in case of BlueSoleil, it's different. At that time ESET created the allow rule itself, I didn't have "Secure rule" checked. Now I have. But don't know how BlueSoleil is being able to create the rule without my permission and even after I've created block rule for the same file. These chinese things are shocking sometimes. Can you test drive the latest version of BlueSoleil and see if you face this issue. If you do (unless PL is restricting it), this will be a bug, which I think, you will be able to report the developers.

Can't replicate your issue - since you are the only one reporting this issue, it is better you concentrate on streamlining your own configurations (WFC + PLP + others) instead of me wasting time with some unwanted and avoidable Chinese creation. Z4s1GY7.gif

Link to comment
Share on other sites
rudrax

rudrax

Posted
Posted

If there were any problem, then why don't other programs be able to bypass WFC notification, not even ESET. So the problem is with BlueSoleil itself. There may be some chinese code that WFC is not understanding. I can't find any better solution than BlueSoleil. Do you have any alternative to suggest?

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted
It screws up with UAC. ;)

have u experienced the same in ur sys ?

bcoz i have been using it(secure boot) and there is no problem with UAC...

Here is the bug where Secure Boot is being shown to have failed, at boot - on one of those very rare moments:--

99cpDWR.png

Link to comment
Share on other sites
rudrax

rudrax

Posted
Posted
It screws up with UAC. ;)

have u experienced the same in ur sys ?

bcoz i have been using it(secure boot) and there is no problem with UAC...

Here is the bug where Secure Boot is being shown to have failed, at boot - on one of those very rare moments:--

99cpDWR.png

When one's computer is not connected to the internet during boot, in that case, does "secure boot" feature of WFC has any role to play?

Link to comment
Share on other sites
kantry123

kantry123

Posted
Posted

It screws up with UAC. ;)

have u experienced the same in ur sys ?

bcoz i have been using it(secure boot) and there is no problem with UAC...

Here is the bug where Secure Boot is being shown to have failed, at boot - on one of those very rare moments:--

99cpDWR.png

When one's computer is not connected to the internet during boot, in that case, does "secure boot" feature of WFC has any role to play?
Parsonally I feel it's useless

As it always screws up my internet

Regards

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted

It screws up with UAC. ;)

have u experienced the same in ur sys ?

bcoz i have been using it(secure boot) and there is no problem with UAC...

Here is the bug where Secure Boot is being shown to have failed, at boot - on one of those very rare moments:--

99cpDWR.png

When one's computer is not connected to the internet during boot, in that case, does "secure boot" feature of WFC has any role to play?

It locks your firewall rules - this prevents other applications and programs from making changes to your firewall rules, during boot.

However, it is not completely bug-free, ATM.

Link to comment
Share on other sites
dcs18

dcs18

Posted
  • Author
Posted

As for my configuration there is no chance of misconfiguration as i always keep clean images...

A clean image is undeniably at its most mis-configured state because it is not as per personal preference - but, as per Microsoft dictats.

I have a Customer coming in with his system to rectify this particular issue of Regular Maintenance hogging prime resources. I shall be having a hands-on opportunity to check out what I have configured differently on my system for my Regular Maintenance to remain disabled without having its task to be deleted.

Let me know if you are interested - if yes, I would take the effort to publish the same here.

Link to comment
Share on other sites
  • Matrix locked this topic
  • Reefa unlocked this topic

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...