Marcos

Is she using Windows XP that she has v9 installed? If not, then I'd suggest uninstalling v9 and installing the latest v11. Also is it ESET NOD32 Antivirus or ESET Smart Security installed?

Unfortunately, you've posted in the General forum so we don't know what ESET product and version you are using. Please provide that info so that we can move this topic to the appropriate forum. Also let us know if disabling protocol filtering in the advanced setup make a difference.

Did you remove the license by uninstalling ESET Mobile Security or what exactly did you do? Please drop me a private message with your email address associated with my.eset.com.

Please read https://askubuntu.com/questions/145902/unable-to-mount-windows-ntfs-filesystem-due-to-hibernation/532753 for instance.

Later this year. No exact date has been set yet. We'll keep you posted.

Correct.

All recent ESET products support WSL in terms of real-time protection. There's no specific setting for that, however.

First of all, please post in English, otherwise most moderators and users will not understand you and won't be able to help. ESET is fully compatible with Windows 7. We even still support Windows XP with ESET consumer products v9.

Malicious domain? Which one? I see that egui contacted ocsp.comodoca.com to check if the certificate used by a particular server has not been revoked. This could happen if ESET warns you about an untrusted certificate and you check certificate details from the warning window.

This will be supported as of Endpoint v7 / ESCM (ERA v7) which will enable you to control how policies will be applied against each other and against local settings

Please refer to https://support.eset.com/kb374/ and https://support.eset.com/kb3641/. We strongly recommend using an HTTP Proxy instead of a mirror to cache install and update files to save bandwidth and to use update files effectively, without downloading files that will likely never be requested by clients.

If you download eicar from https://secure.eicar.org/eicar.com, is it detected by real-time protection and cleaned automatically? Does it appear in yellow in the ERA Console, ie. as an inactive threat? Also please check the details of the active threats and let us know what scanner (on-demand or real-time) is listed there.

Unfortunately, migration between different types of databases is not supported.

Sync issues occur if a particular email is modified concurrently, e.g. when scanned both on the server and client at the same time or when downloaded on more devices. If email is scanned on the email server, you can disable integration with Outlook. We've been working on a plug-in overhaul last months which will prevent sync issues and it will be included in Endpoint 7.0.X.

First of all, please collect logs with ELC and drop me a message with the generated archive attached. The last Filecoder.NPA we've got is from January 2018. It could be that an attacker remoted in via RDP and disabled protection prior to running the ransomware. The logs should shed more light.

I'll check if the version of VA downloadable from the mentioned website is really 6.5.31.0. This version has ERA Server v6.5.417.0 included which is supported by the repository.

It was most likely downloaded when opening a another website which was either compromised or downloaded it on purpose. That CoinMiner was detected and blocked. All you can do is avoid visiting websites that load CoinMiner if you don't want them to be detected.

Which of the above packages did you select when creating a Software install task?

Are you using Windows 10 Fall Creators Update?

I have often seen Filecoders to be detected both in TS shares and on local disks which means they were detected and blocked, however, the attacker had to disable real-time or even other protection mechanisms in order to be able to run the ransomware. Did you have detection of potentially unsafe applications enabled? I'm asking because detection is disabled by default as it covers legitimate tools that can be misused in the wrong hands, however.

Please post a screen shot of what package you selected in the repository.

First of all, if an attacker gains administrator access to a computer, he or she can do virtually anything, including killing the security programs you use. In this case it's not the firewall that would have prevented the ransomware from being executed by the attacker; they typically disable real-time protection which would have otherwise prevented the ransomware from being executed. Besides hardening or completely disabling RDP, if not really needed, you should consider: - keeping the OS up to date, installing all critical security patches asap - using a non-default port for RDP connections - limiting users with RDP access - using strong passwords - limiting IP addresses / ranges for RDP connections - set a password to protect ESET settings - enable detection of potentially unsafe applications to detect legit tools that can be used to kill running applications.

The attacker would have to run this command from the ERA console.

Please collect logs with ELC after the install fails and drop me a message with the generated archive attached.

What was detected by ESET and what by the other AV you mentioned? Was it files which were detected? Do you still have them at least in quarantine? I assume you are talking about a Mac device, aren't you?