Marcos

I've extracted the ransomware file from an archive and it was immediately detected and removed:

I assume that it's not an environment that would simulate real use of the system. I assume that protection was paused when you copied malware to the machine? In a real-world scenario, users don't pause protection when they copy or download files.

It looks like that most files are detected. Many of them are not ransomware. At least some if not all undetected files are clean, we'll check them out. I have doubts that they all come from an infected system since it's a mix of Windows PE files and Linux ELF files. There's also a GameHack detection among the file set which is surely not malicious. 0da3f18d4b0f96c36d59f5c619d2aeefa7cc83290b0a8077170a1415063a7862.elf a variant of Linux/Mirai.CEA trojan 44b285e42398b11a5e3939f6092db161b0e0ab9cce1962d0f8e7e453ec52b04f.elf a variant of Linux/Mirai.CEA trojan 4a7768dbfab5529f147bd69c389b1aadc067355c0f28f1c09531dc131ec9250f.elf a variant of Linux/Mirai.CEA trojan 4c4ca68c0d1c13caadbd019d1e06d931083204adae3f56395f0f35e83a2eba34.elf a variant of Linux/Mirai.CEA trojan 5e455f9f5b3098bc140eceafcb830cf027d45b7ae7021c0612fb3026788601b4.elf a variant of Linux/Mirai.CEA trojan b3ddea0c4d25df77c7248808b6bacf27c446e8cd0e3f77a11ef3b473fc752e43.elf a variant of Linux/Mirai.CEA trojan d5a4748e56180f5a6e2af83e692b41a9579107d5030155f0595ca00a580a64fd.elf a variant of Linux/Mirai.CEA trojan edca4bc9921a016e48b8b30b0caa9a185628a0509af50fed5c80d86dbe841007.elf a variant of Linux/Mirai.CEA trojan 6a91ec0aee3b05c509dacafc3f0e3ec680b19db469db0737ceffdaa75d32a08e.elf a variant of Linux/Mirai.CEH trojan ce747d87f3805e50067214a9fc38452fcaaed89567b1998627cc526d0665e8a1.elf a variant of Linux/Mirai.CGA trojan 7628ace4f2627bc65377a8123ce9e05849e4e4b3fd5b862e03ffcee42274ccfb.exe a variant of MSIL/GenKryptik.GWYV trojan 5d6a67ab649ed8610da623191e8925e4804c9d0eb424b8f50be64b20c098a890.exe a variant of MSIL/Injector.FCD trojan a5b0d190fc09cd5c1ea07fa6b12a7dd4ab5f517c778fb60e4e14060e00ddecc8.exe a variant of MSIL/Kryptik.AJTQ trojan 31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99.exe a variant of MSIL/Kryptik.ALLQ trojan e62d890d90cb121e7fb678dea021786d5558ba433bc1499580b3e327bc85e847.exe a variant of MSIL/Spy.Agent.DTP trojan 62c2c1f7335ed8b0a2120b1cf42a4c55cae1869a0245bef10d51de037e0d7ddf.exe a variant of MSIL/Spy.RedLine.A trojan 9545ddef182171d1fd3a8e74fb6ba72614b7ca243aa70c7425157f5d0ec9963e.ps1 MSIL/Spy.RedLine.B trojan 64a71b664d76641b35dac312161cb356b3b3b5f0b45c9d88c8afa547b4902580.exe,a variant of Win32/ClipBanker AGen.J trojan 062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1.exe a variant of Win32/Filecoder.BlackMatter.O trojan 1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2.exe a variant of Win32/Filecoder.BlackMatter.O trojan f0cc3d397a4670c6dba01bb870d7ae1d07df27d2d3817d3f8c2d7140e3f5557f.dll,a variant of Win32/Packed.PrivateEXEProtector AGen.A suspicious application 652e2c35d36d4b96fdda843b6339c185eab3263b0b8acdb6349df240d1b9f8e4.dll a variant of Win32/Packed.VMProtect.AAH trojan a3ebc58cb7aebd21137225e16f6686642708e665fceb1f77e54c2413f6c0e706.exe Win32/PSW.Fareit.L trojan 495a744f783348c8a6ef1c048ea3e62d3903b00c66e9be21bb374d59d18b682e.exe a variant of Win32/Spy.Agent.PRG trojan e7a503f0a7bc1acf71034abc36329b1733f0b67aa6e07bd06688bfd9e333e871.exe a variant of Win64/HackTool.GameHack.Q trojan A detection for 67DD4AC7EB8C193B39149B34D3A0D5BC21C3F200 (@Trojan.Win32/Filecoder.BlackMatter) was added in July 2022.

It is planned but there is no ETA yet.

It is not clear to me what the issue is. Please raise a support ticket.

HTTPS communication is not currently scanned on MacOS.

An auto-update policy should be applied to All group automatically:

You have posted a screenshot with the version of ESET Server Security and at the same time mentioned running an ESET PROTECT component upgrade task which upgrades only the management agent on clients. I'd recommend using an auto-update policy. If you want to control what version ESET Server Security can update to automatically, you can set the desired version in the auto-update policy.

Running a "ESET PROTECT Component Update" on a client should upgrade the management agent to the latest version supported by your ESET PROTECT server.

Error 12000 is "unspecified error" returned by Endpoint so further investigation will be needed.

The website is infected: https://sitecheck.sucuri.net/results/https/nbta.pl

Please raise a support ticket and provide your instance ID from your EBA account.

It appears that you use OpenSSL FIPS so this KB should apply: https://support.eset.com/en/kb8210-eset-protect-agent-upgrade-fails-on-os-with-openssl-fips

It is not clear if you are referring to IP addresses in the ESET firewall, url management or what exactly. If you have created your own blacklist, you can export ESET configuration and parse the data from the generated xml.

What task did you run? A software install task?