Marcos

Administrators
  • Content count

    10,228
  • Joined

  • Last visited

  • Days Won

    472

Marcos last won the day on January 21

Marcos had the most liked content!

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

7,645 profile views
  1. We've already released an ERA Configuration module to several dozens of users which fixes the issue for those who haven't upgraded to v6.6.2072 yet. After a computer restart Endpoint should work alright.
  2. FAILED TO ADD LICENSE

    On the computer with ERA Server installed please capture the network communication with Wireshark at the time you attempt to add the license to ERA and provide me with the generated pcap log. Does the machine connect directly to the Internet or through a proxy server?
  3. Win32/FileCoder.BTCWare

    After running a full disk scan you should be prompted for an action. Selecting Delete or Clean should remove the detected text files. Also we don't recommend using MBAM together with ESET. With versions 1-2 there were no issues as long as its real-time protection was kept disabled but allegedly v3 clashes with ESET.
  4. Please temporarily uninstall ESET NOD32 Antivirus and install ESET Internet Security. Activate a 30-day trial version after installation. Then enable advanced firewall logging under Tools -> Diagnostics and reboot the computer. Next disable logging and collect logs with ELC. When done, upload the generated zip archive to a safe location and drop me a private message with a download link.
  5. Freezes My Mac

    Please refer to this alert: Spectre/Meltdown mitigations cause errors on macOS 10.13.2 and earlier with ESET Cyber Security and Cyber Security Pro.
  6. Currently this is not possible but it will be improved in ESMC (ERA v7). I'd recommend upgrading Endpoints gradually, not at once.
  7. Clear threats on device

    50,000 and more is way too many threats. If new threats are continually being detected on endpoints, it's important to solve that first. If running a scan with strict cleaning mode as suggested by MichalJ doesn't resolve the issue, please collect logs with ELC on such Endpoint and provide me with the generated archive for perusal.
  8. White list application

    Please email the file to samples[at]eset.com in an archive protected with the password "infected" and provide more information about the purpose of the application, vendor's website, official download link, etc. Ideally the file should be digitally signed.
  9. Anti-Phishing protection is non-functional

    We'll need advanced firewall logs from ESET Endpoint Security. Please temporarily install it on one of the troublesome machines instead of ESET Endpoint Antivirus and create an advanced firewall log as per my instructions above. I'll generate a temporary EES license for you and provide you with details in a personal message momentarily.
  10. Win32/FileCoder.BTCWare

    The payment instructions are dropped by ransomware usually after encrypting files in a particular folder, therefore it's likely you also had encrypted files with the wallet, btcware or another unusual extension in these folders. Running a disk scan should detect all files with instructions and offer you an option to delete them at the end of the scan.
  11. You have a permissive fw rule for ccmeval.exe created and detection of application modification is turned on. You can disable detection of application modification completely or exclude the app from monitoring if you want to keep the permissive firewall rule.
  12. Win32/FileCoder.BTCWare

    Unfortunately, files encrypted by Filecoder.BTCWare cannot be decoded. Most likely attackers carried out a bruteforce RDP attack, disabled ESET and ran the ransomware. I'd strongly recommend hardening RDP, e.g. by limiting RDP connections to specific users, IP addresses or ranges, using strong passwords and installing all Windows updates that address vulnerabilities especially in RDP.
  13. Server not found

    There's no difference in priority. Please provide me with the logs that I asked for above.
  14. Re. error ACT.33 during activation, it's necessary to contact the distributor or reseller from whom you purchased your license. Most likely the license was issued in another country and is locked to it. The distributor should be able to tell what's going on and suggest the best way how to resolve it. Did you contact ESET DE? Do you have an ID assigned to your support ticket?