-
Posts
37,874 -
Joined
-
Last visited
-
Days Won
1,502
Everything posted by Marcos
-
8692We'll be adding detections for new Koreplug variants in update 8692. When available, update the signature database and run a full disk scan. Should it still be detected only in memory, I'll check your SysInspector log for suspicious files.
-
Please create a SysInspector log as per the instructions here and send it to me as an attachment to a private message.
-
It seems a reply was sent to you that the domain was removed from blacklist.
-
ESET File Security - Backup Processes
Marcos replied to a topic in ESET Products for Windows Servers
The best course of action would be to log file operations during a backup using Process Monitor and to supply Customer care with the log created as well as with a SysInspector log for perusal. It will be enough to leave Process Monitor logging operations only for about a minute. When you have the logs ready, you can upload them to a safe location and PM me the download link or contact Customer care. -
Please post a complete record related to the detection from your threat log. The record should look like as follows: 18. 7. 2013 13:59:44 Real-time file system protection file D:\test\kogabontusiq.exe a variant of Win32/Kryptik.BFXC trojan cleaned by deleting - quarantined domain\admin Event occurred during an attempt to access the file by the application:
-
Check your PM, I've sent you instructions how to fix the issue.
-
Please check if the issue with CPU spiking goes away after disabling real-time protection. If so, capture all file operations using Process Monitor while reproducing the issue. When done, compress the log along with a current SysInspector log into an archive, upload it to a safe location and pm me the download link.
-
Does this happen regardless of what browser you use? It sounds more like a browser issue than an actual threat symptom.
-
Try disabling each of the protection modules in the following order, one at a time, to see if it makes a difference: - disable web protection - disable protocol filtering in the advanced setup - change firewall integration to Personal firewall is completely disabled and restart the computer - disable Parental control - disable HIPS and restart the computer
-
I confirm that the detection is correct, it's not a false positive. If the above mentioned detection is triggered, the website was compromised and a malicious java script is injected into the web page.
-
A list of updates with signatures added is available at hxxp://www.virusradar.com.
-
Yes, because EMS v2 has been released just recently and this is actually just a newly discovered issue stemming from the design of Android 4.3. We plan to address it in future builds of EMS v2.
-
If possible, please answer the following questions: - What type of Internet connection do you use? (3G, wi-fi,...) - Are you able to open websites in a browser when experiencing the issue? - Does changing the type of connection make a difference? - Does uninstalling EMS v1 and installing EMS v2 make a difference?
-
Is there a message displayed on your screen when you tap "Update Threat Database" or simply nothing happens at all?
-
Has the client actually connected to ERAS to download the list of tasks? Try temporarily setting the interval for connecting to ERAS to 0 on a client and see if the task is downloaded and started.
-
Tested with Kaspersky, Antivir, Avast, it was possible to kill all 3 via the Task manager. As I wrote, it's a system problem of Android on Samsung mobile phones.
-
ESET File Security and Microsoft WSUS
Marcos replied to Mihlfeld's topic in ESET Products for Windows Servers
I wonder if you browse websites that you need to keep http checking enabled on the server. It's always been disabled by default on servers as it may cause issues, for instance, due to bugs in Windows Filtering Platform. Do you have SSL scanning disabled? -
Are you able to modify all other settings? If so, try to reproduce the issue while logging all operations and events using Process monitor. When done, save the log, compress it, upload it to a safe location and pm me the download link.
-
Not necessarily. Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread as described here.