-
Posts
37,926 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Please make sure that you enter the password correctly. The password is case sensitive.
-
PowerShell infection by Win64/Agent.IV trojan
Marcos replied to Lockbits's topic in Malware Finding and Cleaning
I can't tell now how they will be detected but I'd like to have a generic detection for similar malware. -
PowerShell infection by Win64/Agent.IV trojan
Marcos replied to Lockbits's topic in Malware Finding and Cleaning
Please move the following files elsewhere, e.g. to c:\!eset and reboot the machines: Evelyn: c:\windows\system32\tasks\a0d88a9b-c6fc-5f0a-199ecc066929f55b Marcelo: c:\windows\system32\tasks\8d4f1036-2a47-533a-5234b217253d09ac Mnunez: c:\windows\system32\tasks\7db67a1a-1f84-5fad-933343f1082c255a Sonia: c:\windows\system32\tasks\eadb615c-36a6-5fb5-5273d4f164f0ff69 Then encrypt the files with the password "infected", upload the archive to a safe location and drop me a message with a download link. Only after I acknowledge receipt, delete the files. -
PowerShell infection by Win64/Agent.IV trojan
Marcos replied to Lockbits's topic in Malware Finding and Cleaning
I'm gonna check the logs. In the mean time you can try switching to pre-release updates so that the latest cleaner module with improved scanning and cleaning of WMI malware is downloaded. -
Eset Smart Security Premium VS Bitdefender Total Security 2018
Marcos replied to Facundo's topic in General Discussion
A vs B discussions are not allowed. You can try both products and choose the one that suits you best. ESET products have very small footprint and employ various technologies to protect you from newly emerging malware. For more information, please read https://www.eset.com/int/about/technology/. -
No and it's very unlikely that the authors, police or someone else will ever disclose a master decryption key.
-
If you create an Ubuntu boot disk, does it work with your graphic card alright?
-
ERA agent not connecting to ERA server
Marcos replied to fchelp's topic in ESET PROTECT On-prem (Remote Management)
Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log for possible errors. -
ESET File Security block outgoing remote PS
Marcos replied to Thomas Haggren's topic in ESET Products for Windows Servers
I don't see any reason why this would be blocked by ESET. Does renaming ekrn.exe in safe mode has any effect? -
As for the blocked communication from the notebook, engineers confirmed that none was blocked. The only blocked packet in the log was the following one, probably because of the zero length: 63608 8849.616791 2018-02-23 15:37:17,302570 192.168.0.10 192.168.0.14 UDP 42 5355 → 50416 Len=0 BLOCK Please try the following: - Disconnect the notebook from your network - Disable firewall on the notebook - Enable advanced firewall logging on the computer - Restart the computer - Connect the notebook to the network and reproduce the issue by attempting to connect to the computer - Disable logging - Collect logs with ELC.
-
ESET File Security block outgoing remote PS
Marcos replied to Thomas Haggren's topic in ESET Products for Windows Servers
Does temporarily disabling HIPS and rebooting the server make a difference? If not, what about temporarily disabling automatic start of real-time protection followed by a reboot? -
If you have an idea how advanced setup should look like if not as a setup tree, feel free to tell. In the internal version I have installed, the width of columns is preserved. If it doesn't work like that in the current v11, it should change in future builds. Please provide a complete record from the Detected threats log. ESET NOD32 Antivirus partially contains a firewall. However, it's responsible only for protocol filtering. Please provide a screen shot.
-
Endpoint antivirus disapper when joining Windows Server 2012 domain
Marcos replied to 1di9's topic in ESET Endpoint Products
Does temporarily setting the ESET Remote Administrator Agent service to not start automatically and rebooting the system make a difference? This would confirm or deny that it's cause by applying an ERA policy. -
Unfortunately we still do not know what is triggering the issue. A customer that our engineers were working with said that the issue stopped occurring without any intervention or changes made. If we have some news, we'll let you know. Leaving scanning of sent email is basically safe since users do not normally attach fresh malware to email and even in such case the file would be scanned by real-time protection.
-
Constant Coinminer.D from Coinhive
Marcos replied to PurpleRanarr's topic in Malware Finding and Cleaning
If you are ok with Coinminer running on the machines, did you exclude @NAME=JS/CoinMiner.D and @NAME=JS/CoinMiner.F for whole drives, ie. with * as the path?