Jump to content

Marcos

Administrators
  • Content Count

    20,046
  • Joined

  • Last visited

  • Days Won

    866

Everything posted by Marcos

  1. I had to reproduce it myself to find out how threats in email attachments are reported to ESMC. The way they are reported may change with different versions of ESMC and maybe module updates could affect it as well.
  2. Does the issue persist after temporarily disabling HIPS or Self-defense in Endpoint and rebooting the machine?
  3. I would recommend posting this in https://forum.eset.com/topic/14271-future-changes-to-eset-security-management-center-eset-remote-administrator which is monitored by ESET staff who is responsible for deciding about features to implement.
  4. Please upload it to a safe location, e.g. OneDrive, Dropbox, etc. and drop me a private message with a download link.
  5. Please carry on as follows: - in the adv. setup -> tools -> diagnostics select to generate complete dumps and click OK - at the same location in the adv. setup, click Create to generate a complete application dump of ekrn - collect logs with ESET Log Collector and upload the generated archive here.
  6. It's FIlecoder.Phobos, however, files encrypted by this ransowmare cannot be decoded. Please make sure that you have ESET File Security 7.1 installed on the server. Protect settings with a password and also make sure that RDP is secured in case you cannot disable it completely. If you would like us to check the configuration of your system and ESET product, please email the following to samples[at]eset.com: - logs collected with ESET Log Collector (ESET must be installed, activated and running) - a handful of encrypted files - the ransomware note with payment instructions.
  7. With ESET not installed yet, please configure Windows to generate complete or active memory dumps as per https://support.eset.com/en/kb380-how-do-i-generate-a-memory-dump-manually. Then install the latest v13.2.15. Does the issue occur immediately after installation? Or after the next reboot? When the issue occurs, please trigger a crash to generate a memory dump as per the instructions above. Compress it and provide it to us for perusal along with logs collected with ESET Log Collector.
  8. You can provide us with logs as follows: - enable advanced logging under Help and supprort -> Details for customer care - reboot the machine - reproduce the issue with blocked communication (avoid using other apps that generate network communication) - stop logging - collect logs with ESET Log Collector and upload the generated archive.
  9. Please stop trolling and turning every question or user's issue against ESET. This topic is about the firewall which blocks inbound communication in case a rule doesn't exist for the communication and you again speak about it being a bug. Please stop doing that, trolling and ranting will not be tolerated. On the other hand, constructive feedback is always welcome.
  10. It sounds like the appropriate rules allowing inbound communication are missing. Check the firewall wizard for a list of recently blocked communications and allow the desired ones. If necessary, adjust the appropriate rules and make them more general.
  11. You can find a comparison of the above products here: https://www.eset.com/us/business/endpoint-security/windows/
  12. The domain is not resolved. Please check logs for information about the application that attempted to access it.
  13. Please see my answer above. Try uninstalling EAV, temporarily install ESET Internet Security with default settings and activate it with a trial license. Does the problem persist?
  14. An action was actually taken according to the logs and attachments were cleaned: PDF/Phishing.A.Gen trojan contained infected files a variant of MSIL/Kryptik.SXL trojan contained infected files a variant of MSIL/Kryptik.SXL trojan contained infected files I've made a test and found out that separate records are generated for the parent email and each attachment. The parent email was delivered, hence no action was logged. However, the attachment was detected and cleaned (removed), hence the action pertaining to the attachment reads "deleted".
  15. Since this is an English forum, we kindly ask you to post in English so that the others can understand you and be able to help. As for the issue, please make sure that you have the Cleaner module 1211.1 installed.
  16. Please provide logs collected with ESET Log Collector where no action was logged for the 2 detections.
  17. Actually aggressive vs balanced settings affect only detection, not scanning and currently affect mainly Augur detection only. We plan to make further optimizations to reduce scan times.
  18. Could you please uninstall EAV, reboot the machine and install ESET Internet Security using default settings? You can activate a trial version. The thing is EIS can generate advanced network protection logs which might help with troubleshooting the issue.
  19. Files were encrypted by Filecoder.Crysis. Unfortunately decryption is not possible. A typical way how Crysis is used to encrypt files is via RDP when attackers perform a brute-force attack, log into the system, pause or disable the AV and then run the ransomware. If the user had ESET installed, please email samples[at]eset.com and provide: - logs collected with ESET Log Collector (ESET must be installed and running) - a handful of examples of encrypted files - the ransomware note.
  20. First of all please check if you have the latest version of ESET CyberSecurity Pro installed. You can try uninstalling it and installing it from scratch to make sure that default settings are used. Should the issue persist, please collect logs as per https://support.eset.com/en/kb3404-use-eset-logcollector-on-macos-and-send-the-logs-to-eset-technical-support and open a ticket with your local ESET support.
  21. The new module was supposed to fix file opening errors which wasn't supposed to decrease the scan time significantly.
  22. We get information about missing updates from the OS and trigger an update if you send the task to update the OS. E.g. on Linux we merely issue the command "apt-get upgrade" and it's the OS which performs the update itself.
  23. This could be a good start point to learn more about ESMC: https://help.eset.com/esmc_admin/72/en-US/index.html If you have any questions or if something is unclear, feel free to ask. I would like to take this opportunity to inform you about ESET Dynamic Threat Defense which is available as an additional service to your existing ESET products and substantially improves protection against zero day malware by submitting files potentially carrying malware to an EST cloud sandbox where the files are run and also evaluated by machine learning. All machines in your organization are then informed about the result which you can also see in the ESMC console. It's also possible to block access to email attachments on mail servers and files downloaded on clients until a result from EDTD is received.
  24. ESET gets information about missing updates from the OS. We don't do anything else than reporting.
  25. Does the problem persist after switching to the pre-release channel in the advanced update setup?
×
×
  • Create New...