-
Posts
37,944 -
Joined
-
Last visited
-
Days Won
1,504
Everything posted by Marcos
-
As far as I know, this Filecoder is run manually by an attacker after remoting in via RDP for instance. Therefore besides upgrading to v10 which contains ransowmare protection module, you should also consider disabling RDP or at least securing it.
-
Virus ?
Marcos replied to happyggv's topic in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
The url was opened by Edge, hence I'd start off by checking and removing extensions, one at a time. -
That should be ok. In my opinion, ERA should manage that number of clients even in shorter intervals but it depends also on the hw configuration and the amount of data transferred by clients to ERAS.
-
Run Command Client Task as Domain Admin
Marcos replied to whitelistCMD's topic in ESET PROTECT On-prem (Remote Management)
What about using psexec? https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx -
Please contact your local distributor. They should be able to provide you with upgrade to ESSP for a small upgrade fee. If you have purchased ESET Internet Security, your license covers ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security (but not the Premium version which also includes Data encryption and Password manager).
-
Have you tried running the ESET Uninstall tool in safe mode and then installing ESET from scratch? Should the problem persist, provide me with logs collected by ESET Log Collector as per the instructions linked in my signature.
-
Virus ?
Marcos replied to happyggv's topic in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
The certificate issued for *.cdn.hiberniacdn.com expired on May 6th. The owner of the domain should replace it with a valid certificate. You can allow the communication if you trust it or choose Block if you are not sure. -
If the clients are in a domain, click "Select SID from ERA" to browse users in AD.
-
All mentioned protection features will work even without active firewall.
-
I see. The progress bar was misleading; it showed progress for a particular drive, not for all scan targets and it was quite common that it got to ~90% quickly because of folders with a few files inside and then it took long to scan the remaining 10% because of many files in the Windows and Users folders.
-
Do ekrn.exe and egui.exe exist in the Eset install folder in Program files?
-
How do you know it's not running? Does running "sc query ekrn" as an administrator tell that it's stopped or that the service does not exist?