Marcos

If possible, try connecting to the Internet through another ISP and see if the issue persists. There must be some connectivity issues on the way between your machine and the ISP or between the ISP and ESET's servers. Other users haven't reported such issues so it's not a global problem. If you can't resolve the issue, I'd suggest contacting your local ESET distributor.

Please refer to https://discussions.apple.com/thread/252166190.

This "Malware finding and cleaning" is the right forum to report problems with malware or false positives which is why have moved your topic here. Many Nirsoft tools can be exploited for malicious purpose in the wrong hands which is why they may be detected as potentially unsafe applications which are not detected by default. The application detected as potentially unwanted meets the criteria for PUA detection (https://support.eset.com/en/kb2629) which is optional and enabled only with user's consent. Our experts on detection analyze applications deeply prior to categorizing them as PUA/PUsA so there was a good reason for the PUA detection. Also exclusions work as supposed. However, when creating an exclusion to a junction (e.g. c:\documents and settings), we recommend creating also another one for the actual folder under c:\users.

I don't understand what you mean by "move back". If you are referring to this topic location, it's correct. This forum is about both malware and false positives. Anyways, none of the files detected on your machine was a false positive and all were correct detections and classifications.

Do you recognize this code which is highly suspicious? If not, it's very likely malicious and the detection is correct. If you think it's legit and you use it on purpose, I would ask colleagues with expertise to look into it.

Do you mean blocking DNS communication with a specific IP address so that the system would be forced to use the secondary DNS server configured in the system?

It's possible to set up the proxy server while creating an installer:

We've added a detection on May 6th. https://github.com/hfiref0x/KDU Id Vendor Driver Software package Version 52 Intel PmxDrv Intel(R) Management Engine Tools Driver 1.0.0.1003 and below

So there is no issue with ESET uninstalled? Does the issue return if you install ESET Endpoint Antivirus 7.4.1500?

What ESET product / version do you use? I would assume that the autoupdate tool downloads updates via https which is not scanned by ESET on MacOS. Do you use default settings in ESET?

You can ignore the AMSI error. It is probably a system where registration as an AMSI provider takes the system long during a system start. If disabling AMSI integration in the advanced setup, saving the changes and re-enabling it doesn't make any difference, you can temporarily turn off the appropriate application status so that the error is not reported in GUI. Network connectivity issues cannot be connected with the AMSI error. Please raise a support ticket for further investigation if the issues actually go away after temporarily uninstalling ESET and return as soon as you install the latest version with default settings.

Then it's very likely that the vulnerability has not been fixed yet. Please upload the latest driver to https://www.virustotal.com and provide a link to scan results.

It is probably some php files where ESET detects PHP/Agent.VQ upon create by ZohoWorkDriveTS which seems to be an alternative to Google Drive for desktop. It is not clear what are the files like D:\ZohoWorkDriveTS_15214227173253408199101426494295781001\.~$zstmp\Dno1y00967e349b4bf4e1f8ea8e48422f80a5e;kxltr97ca298838e74620a03135297a113d93~, whether C:\Program Files (x86)\Zoho\ZohoWorkDriveTS\bin\ZohoTS.exe creates them them because there are some PHP files being synced or they are some auxiliary files needed during sync by ZohoTS.exe. Please provide logs collected with ESET Log Collector and make sure to collect quarantined files.

The Rocky Linux-based ESET PROTECT VA has been temporarily pulled back due to a bug in the MySQL ODBC driver and certain issues with with SELinux as well. I assume that an updated version with fixes and the MySQL ODBC driver replaced with a MariaDB one will be available for download soon.

If you don't want to scan Internet http/https communication at all, you could disable the network traffic scanner. But why would you do that and allow to execute malware on compromised websites or not block known or new malware on malware urls?

Please raise a support ticket then. Downgrade to kernel 6.1.0-18-amd64 was confirmed to work around the issue so I assume that it should work with kernel 6.1.0-12-amd64 too.

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flightView the full article

If it's not possible to uninstall ESET Endpoint in a standard way, you can use the ESET Uninstall tool in safe mode. I assume that you want to keep the management agent installed and reinstall Endpoint. If you want to uninstall the agent as well, it will stop replicating to the ESET PROTECT server. In order to remove a client, we recommend to perform all 3 steps suggested by the client removal wizard:

Preposielam vyjadrenie k problemu od vyvojarov: Opravnenia (permissions) si menezuje Android OS a ESET aplikacia len kontroluje, ci dana permission je pridelena alebo nie. Ak sa Android rozhodne permission odobrat, tomu sa neda zabranit. Bohuzial informacie o heuristike, kedy toto Android robi, nie su k dispozicii. Moze odobrat permissions, ked napr. appky dava do deep sleepu a podobne, ale zaznam o tom neexistuje. Nemame vedomost, ze by prave All Files Access permission sposobovala problem. Odporucame sustredit sa na konkretneho uzivatela, ci nepouziva nejaky cleaner alebo inu security applikaciu, ktora by za neho ten permission menila. Taktiez odporucame skusit udelit vsetky vynimky, ako je napr. vynimka na battery saver a podobne podla navodov na https://dontkillmyapp.com/ Co sa tyka toho preco to chvilu fungovalo, dovodov moze byt viacero. Mozno sme v ramci verzie znizili a zase zvysili nejake naroky na OS (pocet beziacich servicov na pozadi atd.) cim sme sa zaradili niekam inam v ramci nejakej kategorizacie. Moze to byt hocico, napriklad aj zmena v target API. V ramci verzie 9 sa kod okolo permissions samotnych nemenil.

Malware typically spreads in the form of executable files or scripts that are associated with a script interpreter. In order for malware to be present in binary data files, a vulnerability would need to exist in the application that opens the files, in this case the game that the files belong to which is highly unlikely.

Release Date: May 6, 2024 ESET Cloud Office Security 409.3 has been released. Changelog Added: Ability to send encrypted Syslogs to user defined network endpoints in CEF, LEEF and json formats. Added: Automatic email re-scans for specific emails in order to decrease the number of false positive spam (missed spam) Updated: ESET HUB integration - Improved “per company” access permissions support for ESET HUB customers Portal: Added "Sender" field to email details in Quarantine, Detections and Scan Logs Portal: Update of license management pages Portal: Refreshed charts components Portal: Added warning for GWS tenant if ECOS app consent revoked (e.g. app deleted) Portal: Added info about infected mail body in scan detail Portal: Optimized certain portal requests in Quarantine and Detections logs to lower the chance of timeouts Portal: Added icon for Google Workspace suspended user Portal: Suspended companies are visible now Portal: Users can be filtered by clicking the company/site in the filtering tree Fixed: Other bugfixes and back-end improvements Improved: Google Workspace Admin Account Verification Support Resources For more information, visit the ESET Cloud Office Security help page or contact your local reseller, distributor or ESET office.

The website is indeed infected: https://sitecheck.sucuri.net/results/naturalinstinct.com

You can enable the firewall with a policy like this: Beforehand make sure to set up your trusted zone / networks properly, e.g. through Network access protection -> IP sets -> Trusted zone. By default, RDP is allowed only in the trusted zone / networks. A good practice is to apply a policy on one or a small group of machines only and to the others only if you have verified that it worked as supposed to prevent unexpected issues by applying wrong firewall or network protection settings.

Could you please provide a screenshot of the notification for clarification? The firewall should be turned off only if you are installing ESET during an RDP session to prevent the session from being disconnected.

Please elaborate more on what "ongoing migration" means. Does it involve also upgrading ESET Endpoint by sending a software install task from ESET PROTECT? What was the user doing shortly before the error showed up? Is the error showing up repeatedly? If it wasn't caused by an upgrade of ESET Endpoint, please provide logs collected with ESET Log Collector to find out if there are any signs of ekrn crashes.