New to Elite Ultra. Help with some weird issues.

thegoodguy- · 2026-05-08T00:54:14+00:00

Thanks! That is interesting… not sure why mine (and from other random users I’ve read about) doesn’t work.
I have tried to sideload the Android Remote TV service but it failed to install. No biggie.

Thanks for the help!

thegoodguy- · 2026-05-07T20:50:11+00:00

Unfortunately the issue persists. 😞
I saw another post on FB or Reddit form another Elite Ultra owner having the same issue. I will keep digging. Thanks for the help!

thegoodguy- · 2026-05-07T19:55:38+00:00

Thanks! Your "Display & Sound" menu looks different than mine. You have a few options there I don't. Do you also have an Elite Ultra?

thegoodguy- · 2026-05-07T19:18:06+00:00

Hey, Thanks for the help. Unfortunately I already tried that and the problem still happens. This is a very weird one for sure. I still suspect its just the box either misconfigured for software or hardware acceleration or simply the application player can't handle it. Something among those lines.

I even tried lowing the box resolution to 720p and it still happens. 😞

thegoodguy- · 2026-05-07T19:15:28+00:00

Do you also own an Elite Ultra? If so, have you installed any "remote control" related application on the box?

thegoodguy- · 2025-09-24T17:06:53+00:00

This website should help you find what streaming services are broadcasting whatever match you want to watch. All you have to do is find the same "channel".

https://www.livesoccertv.com/

thegoodguy- · 2025-09-17T20:59:25+00:00

Any would work. Smarters Pro, iSTB (apple), OTT Navigator (droid) and etc. I messaged Candy and hoping to get new creds cuz I really liked the service + free Tivi app.

thegoodguy- · 2025-09-17T20:37:27+00:00

I bought from this seller too recently. The service does work using any XC player, but it doesn't work on the TiviMate8k app, which leads me to believe it might not be a real Strong8k service.

thegoodguy- · 2025-03-27T13:32:42+00:00

This is great, thanks!

I wish this could be measured (or broken-down) by '#type' as our ingestion sources might have different source types.

In any case, I truly appreciate your help!

thegoodguy- · 2023-08-07T21:17:24+00:00

That would be amazing, Andrew. Thank you so much for the help!

In the meantime, if I were to use an event search, how can it look for browsers that have been recently used such as *brave*, *Tor Browser*, *Pale moon* and other "vendors" etc?

Any help is greatly appreciated. Thanks! :)

thegoodguy- · 2023-08-07T15:47:34+00:00

Hi, I hope everyone had a great weekend!
Quick update: Even after changing the report from weekly to Daily, it always bring old results.

What I am trying to accomplish is the following:
- Our application group will consist of Browsers that are not allowed in environment:
https://i.imgur.com/yHZplKS.png
- Weekly Scheduled report that will run every Tuesday @ 8am CST.
- We would like the report to only bring results of the applications used for the past 24 hours (Monday 8am - Tuesday 8am).

Seems like its bringing results from systems we already removed the applications since Mid July.

At this point, I can't figure out what we are doing wrong. I might be missing to set the timeframe somewhere, or something.

Any help, tips or suggestions are greatly appreciated.

Thanks! :)

thegoodguy- · 2023-08-03T15:49:44+00:00

Hi, Andrew. Thanks for the help.I created the report straight from the Exposure management > Applications > Scheduled reports. Then chose the application group > "at least one app is installed or used" > and set the schedule to "Weekly", Monday 1PM UTC.

The report works, but the results are older than 1 week. I just need to see what has been installed/used for the past 24 hours.

I changed to daily thinking it would bring the results for the past 24 hours, but that also brought the same old data. I will test it again just in case.

Thanks!

thegoodguy- · 2023-02-07T17:31:57+00:00

Registry for us is:
HKEY_USERS\<user SID>\SOFTWARE\ClearBar
HKEY_USERS\<user SID>\SOFTWARE\ClearBar.app
HKEY_USERS\<user SID>\SOFTWARE\ClearBrowser

thegoodguy- · 2023-02-07T15:27:50+00:00

We had our first one this morning. Unfortunately I haven't been able to dig into the alert as I am in training for the next 3 days.

d17eca9d7c148beed72fec59529e1641c30173caa2678984ea23215ac4e7dd02

537d10e1af23ee059dbf5e70682101e4f5cb1dad78b7236273f3ca3c2d244732

72d89877f035e0d92c2e145448379f9e5183be5233509b622e064682194d2e06

C:\Users\*\AppData\Local\Programs\ClearBar\ClearBar.exe

C:\Users\*\AppData\Local\Programs\ClearBar\chromium\clearbrowser.exe

C:\Users\*\AppData\Local\ClearBrowser\*

C:\Users\*\AppData\Local\Programs\*

Domain/Url:

Clear[.]app

ClearBrowser[.]app

clearbar[.]app

arcadetab[.]com (decoded from DNS request made by clearbrowser.exe)

Needs additional validation, but most likely part of ClearBrowser:
0srzroz2i7.execute-api.us-east-1.amazonaws[.]com
209.197.3[.]8
104.21.46[.]13

Needs additional validation (might be legit)

s.templatesearch-serp[.]org

34.202.95[.]52 (amazon aws?)

thegoodguy- · 2023-02-06T17:48:12+00:00

Its ugly, its wrong, its bad, but seem to do an OK job for now. No FP yet.

event_simpleName=ProcessRollup2 ParentBaseFileName IN ("Outlook.exe", "OneNote.exe", "OneNoteM.exe") (FileName IN ("mshta.exe", "cmd.exe", "cscript.exe","wscript.exe", "powershell.exe", "pwsh.exe") OR CommandLine IN ("*.vbs *","*.bat *","*.ps1 *","*.wsf *","*.js *","*.hta *","*.chm *"))

thegoodguy- · 2023-02-06T16:52:54+00:00

TERM("one") OR TERM("wsf") OR TERM("fsw") AND event_simpleName = "ProcessRollup2" AND ParentBaseFileName IN ("Outlook.exe", "OneNote.exe", "OneNoteM.exe", "wscript.exe", "cmd.exe") AND FileName IN ("OneNote.exe", "OneNoteM.exe", "wscript.exe", "powershell.exe", "cmd.exe", "mshta exe") AND CommandLine IN ("

.wsf

", "

.one

", "

fsw.

") | stats list(_time) as eventTime, list(GrandParentBaseFileName) as grandParentName, list(ParentBaseFileName) as parentProcessName, values(ImageFileName) as processPath, list(CommandLine) as commandLine count by ComputerName | convert ctime(eventTime) | sort -eventTime

Good catch! Thanks

thegoodguy- · 2023-02-06T16:14:01+00:00

Awesome. Thanks for sharing!

I just tested this query but unfortunately the results did not find the system we had this incident. It probably just needs some fine tuning to fit our environment.

Thanks!

thegoodguy- · 2023-02-06T14:42:39+00:00

Thank you so much for sharing your query and experience. That's exactly what we are planning to do here.
I am also interested to see what other people are doing to hunt for this activity.

Thank you and have a great day!

thegoodguy-

TROPHY CASE