-
Posts
36,244 -
Joined
-
Last visited
-
Days Won
1,441
Marcos last won the day on April 24
Marcos had the most liked content!
About Marcos
-
Rank
Newbie
Profile Information
-
Gender
Not Telling
-
Location
Slovakia
-
-
I assume that it's not an environment that would simulate real use of the system. I assume that protection was paused when you copied malware to the machine? In a real-world scenario, users don't pause protection when they copy or download files.
-
Marcos started following Why does the upgrade task not work but completes correctly? , Ransomware infection , Will HTTPS site analysis be available on MacOS soon? and 6 others
-
It looks like that most files are detected. Many of them are not ransomware. At least some if not all undetected files are clean, we'll check them out. I have doubts that they all come from an infected system since it's a mix of Windows PE files and Linux ELF files. There's also a GameHack detection among the file set which is surely not malicious. 0da3f18d4b0f96c36d59f5c619d2aeefa7cc83290b0a8077170a1415063a7862.elf a variant of Linux/Mirai.CEA trojan 44b285e42398b11a5e3939f6092db161b0e0ab9cce1962d0f8e7e453ec52b04f.elf a variant of Linux/Mirai.CEA trojan 4a7768dbfab5529f147bd69c389b1aadc067355c0f28f1c09531dc131ec9250f.elf a variant of Linux/Mirai.CEA trojan 4c4ca68c0d1c13caadbd019d1e06d931083204adae3f56395f0f35e83a2eba34.elf a variant of Linux/Mirai.CEA trojan 5e455f9f5b3098bc140eceafcb830cf027d45b7ae7021c0612fb3026788601b4.elf a variant of Linux/Mirai.CEA trojan b3ddea0c4d25df77c7248808b6bacf27c446e8cd0e3f77a11ef3b473fc752e43.elf a variant of Linux/Mirai.CEA trojan d5a4748e56180f5a6e2af83e692b41a9579107d5030155f0595ca00a580a64fd.elf a variant of Linux/Mirai.CEA trojan edca4bc9921a016e48b8b30b0caa9a185628a0509af50fed5c80d86dbe841007.elf a variant of Linux/Mirai.CEA trojan 6a91ec0aee3b05c509dacafc3f0e3ec680b19db469db0737ceffdaa75d32a08e.elf a variant of Linux/Mirai.CEH trojan ce747d87f3805e50067214a9fc38452fcaaed89567b1998627cc526d0665e8a1.elf a variant of Linux/Mirai.CGA trojan 7628ace4f2627bc65377a8123ce9e05849e4e4b3fd5b862e03ffcee42274ccfb.exe a variant of MSIL/GenKryptik.GWYV trojan 5d6a67ab649ed8610da623191e8925e4804c9d0eb424b8f50be64b20c098a890.exe a variant of MSIL/Injector.FCD trojan a5b0d190fc09cd5c1ea07fa6b12a7dd4ab5f517c778fb60e4e14060e00ddecc8.exe a variant of MSIL/Kryptik.AJTQ trojan 31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99.exe a variant of MSIL/Kryptik.ALLQ trojan e62d890d90cb121e7fb678dea021786d5558ba433bc1499580b3e327bc85e847.exe a variant of MSIL/Spy.Agent.DTP trojan 62c2c1f7335ed8b0a2120b1cf42a4c55cae1869a0245bef10d51de037e0d7ddf.exe a variant of MSIL/Spy.RedLine.A trojan 9545ddef182171d1fd3a8e74fb6ba72614b7ca243aa70c7425157f5d0ec9963e.ps1 MSIL/Spy.RedLine.B trojan 64a71b664d76641b35dac312161cb356b3b3b5f0b45c9d88c8afa547b4902580.exe,a variant of Win32/ClipBanker AGen.J trojan 062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1.exe a variant of Win32/Filecoder.BlackMatter.O trojan 1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2.exe a variant of Win32/Filecoder.BlackMatter.O trojan f0cc3d397a4670c6dba01bb870d7ae1d07df27d2d3817d3f8c2d7140e3f5557f.dll,a variant of Win32/Packed.PrivateEXEProtector AGen.A suspicious application 652e2c35d36d4b96fdda843b6339c185eab3263b0b8acdb6349df240d1b9f8e4.dll a variant of Win32/Packed.VMProtect.AAH trojan a3ebc58cb7aebd21137225e16f6686642708e665fceb1f77e54c2413f6c0e706.exe Win32/PSW.Fareit.L trojan 495a744f783348c8a6ef1c048ea3e62d3903b00c66e9be21bb374d59d18b682e.exe a variant of Win32/Spy.Agent.PRG trojan e7a503f0a7bc1acf71034abc36329b1733f0b67aa6e07bd06688bfd9e333e871.exe a variant of Win64/HackTool.GameHack.Q trojan A detection for 67DD4AC7EB8C193B39149B34D3A0D5BC21C3F200 (@Trojan.Win32/Filecoder.BlackMatter) was added in July 2022.
-
You have posted a screenshot with the version of ESET Server Security and at the same time mentioned running an ESET PROTECT component upgrade task which upgrades only the management agent on clients. I'd recommend using an auto-update policy. If you want to control what version ESET Server Security can update to automatically, you can set the desired version in the auto-update policy.
-
Failure of Upload Quarantine File
Marcos replied to alepetpan's topic in ESET PROTECT On-prem (Remote Management)
Error 12000 is "unspecified error" returned by Endpoint so further investigation will be needed. -
JS/Agent.RMN site infection
Marcos replied to andrzejewski_lukasz's topic in Malware Finding and Cleaning
-
Please raise a support ticket and provide your instance ID from your EBA account.
-
Agent for Linux installation failed
Marcos replied to sdnian's topic in ESET PROTECT On-prem (Remote Management)
It appears that you use OpenSSL FIPS so this KB should apply: https://support.eset.com/en/kb8210-eset-protect-agent-upgrade-fails-on-os-with-openssl-fips -
It is not clear if you are referring to IP addresses in the ESET firewall, url management or what exactly. If you have created your own blacklist, you can export ESET configuration and parse the data from the generated xml.