-
Posts
37,937 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
Clear threats on device
Marcos replied to Palmolive's topic in ESET PROTECT On-prem (Remote Management)
50,000 and more is way too many threats. If new threats are continually being detected on endpoints, it's important to solve that first. If running a scan with strict cleaning mode as suggested by MichalJ doesn't resolve the issue, please collect logs with ELC on such Endpoint and provide me with the generated archive for perusal. -
Please email the file to samples[at]eset.com in an archive protected with the password "infected" and provide more information about the purpose of the application, vendor's website, official download link, etc. Ideally the file should be digitally signed.
-
Anti-Phishing protection is non-functional
Marcos replied to ProximityEdges's topic in ESET Endpoint Products
We'll need advanced firewall logs from ESET Endpoint Security. Please temporarily install it on one of the troublesome machines instead of ESET Endpoint Antivirus and create an advanced firewall log as per my instructions above. I'll generate a temporary EES license for you and provide you with details in a personal message momentarily. -
The payment instructions are dropped by ransomware usually after encrypting files in a particular folder, therefore it's likely you also had encrypted files with the wallet, btcware or another unusual extension in these folders. Running a disk scan should detect all files with instructions and offer you an option to delete them at the end of the scan.
-
Application modified on permissive rule
Marcos replied to pps's topic in ESET PROTECT On-prem (Remote Management)
You have a permissive fw rule for ccmeval.exe created and detection of application modification is turned on. You can disable detection of application modification completely or exclude the app from monitoring if you want to keep the permissive firewall rule. -
Unfortunately, files encrypted by Filecoder.BTCWare cannot be decoded. Most likely attackers carried out a bruteforce RDP attack, disabled ESET and ran the ransomware. I'd strongly recommend hardening RDP, e.g. by limiting RDP connections to specific users, IP addresses or ranges, using strong passwords and installing all Windows updates that address vulnerabilities especially in RDP.
-
There's no difference in priority. Please provide me with the logs that I asked for above.
-
Odd Virus/Malware and how to remove it if possible
Marcos replied to Dominik's topic in Malware Finding and Cleaning
Re. error ACT.33 during activation, it's necessary to contact the distributor or reseller from whom you purchased your license. Most likely the license was issued in another country and is locked to it. The distributor should be able to tell what's going on and suggest the best way how to resolve it. Did you contact ESET DE? Do you have an ID assigned to your support ticket? -
"Your license file does not contain a Username or Password."
Marcos replied to Cousin Vinny's topic in ESET Endpoint Products
If you click 'Show all modules" in the Update panel, do you get a list of installed modules or it's empty? If empty, after rebooting the computer ekrn should load alright and upgrade should finish alright as well. -
Anti-Phishing protection is non-functional
Marcos replied to ProximityEdges's topic in ESET Endpoint Products
Please drop me a private message with a download link enclosed. -
Web threat detected, but no notification is shown
Marcos replied to kapela86's topic in ESET Endpoint Products
Information about the address may not be always available, especially if it doesn't pertain to http communication. We'll see if this could be improved in the future. Currently the following alert is displayed to the user upon detection: Please collect logs with ELC and provide me with the generated zip file via a personal message. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link. -
Please contact ESET ME who is the official distributor for the region. We don't have information about their partners in particular countries.
-
The following is an official website of the distributor for the ME region: https://www.eset.com/me/.