m0unds

Member
  • Content count

    99
  • Joined

  • Last visited

Community Reputation

2 Neutral

About m0unds

  • Rank
    Active Member

Profile Information

  • Gender
    Not Telling
  • Location
    Albuquerque, NM

Recent Profile Visitors

5654 profile views
  1. m0unds

    What is JS:Trojan.Emeka.204(B)

    yea, BD's name for it is strange. it's a banker/dropper trojan (fareit family)
  2. will your filtering be further impacted when the chromium project (and chrome by extension) start blocking third party code injection altogether?
  3. m0unds

    Need Help

    Seems to me like it might be a bug with isthisfilesafe.com
  4. m0unds

    DNS Servers

    yea, DNS cache poisoning is increasingly rare because common DNS servers like bind, unbound, etc. do it by default
  5. m0unds

    DNS Servers

    Yup, you're correct. OpenDNS has limited malicious/bad site blocking (they focus on long-lived stuff like botnets) and phishing protection. Quad9 uses a bunch of vendors' threat intelligence feeds to block malicious and phishing sites. Comodo is vague, but claim they use RBLs. They aren't RFC-compliant with regard to DNS TTLs. No idea whether they redirect on NXDOMAIN (I don't trust Comodo as a company, so I haven't used this svc) Norton uses their own threat intelligence feeds to block phishing, malicious sites, etc, but last I checked, they redirect instead of returning NXDOMAIN, and partner with ask.com for that monetization stuff (yuck).
  6. m0unds

    DNS Servers

    Quad 9 is another good option w/malicious site blocking, but they're still working out some routing quirks in certain regions (Oceania, Eastern Europe, South America)
  7. Seems like it's this blocklist: https://iplists.firehol.org/?ipset=bbcan177_ms1 this particular list hasn't been touched since january 8, 2018 - not like stuff on the internet changes all that often, right? imo, a lot of these user-submitted lists are junk and are really poorly maintained - this particular list includes IP ranges belonging to CDNs used by a ton of reputable services including github (and emsisoft, and any other customer of highwinds). maybe that's why the maintainer hasn't updated - he can't push his changes to the git repo
  8. i agree, this would be a nice feature - you can always query https://www.isthisfilesafe.com with the file hash (sha-1 or md5) or executable name, but that's a bit unintuitive
  9. m0unds

    Why are logs migrated into forensics?

    looks like you might be on an older product build. this is what the current one looks like:
  10. m0unds

    Why are logs migrated into forensics?

    in "view" dropdown, under "components", untick "select all", tick "scanner"
  11. Sure thing - I took two screenshots and put them both on the same image:
  12. No issue observed with Norton, Webroot or ESET products on systems with the fall creators update. Each machine with any of the aforementioned products shows a green check mark and Windows Defender Security Center indicates "no actions needed".
  13. m0unds

    CLOSED Beta 12 build 7904

    yea, there must be a setting because I only have FF for testing and it's always up-to-date on launch. in task scheduler on my system (win10), it shows next run/last run and last exec status (successful, etc) - last execution in my case coincided w/system boot. looks like the task parameters for one are "at logon" and "at 19:09 daily", second task fires at 19:09 and executes hourly for one day then stops.
  14. m0unds

    CLOSED Beta 12 build 7904

    I was asking because if Opera is like Chrome or Firefox or lots of other browsers, it has a silent automatic update process that launches when the machine starts, and can update the browser regardless of whether you're actively using it. The folder hierarchy reminds me of Chrome (version # in the path) and it would make sense if it had updated, and the version change removed the old folder, causing EAM to remove the rule because it no longer applies.
  15. m0unds

    CLOSED Beta 12 build 7904

    Did opera happen to auto-update before eam deleted the application rule?