Jump to content

Marcos

Administrators
  • Posts

    35,860
  • Joined

  • Last visited

  • Days Won

    1,428

Everything posted by Marcos

  1. You can use any ESET security product since each contains the on-demand scanner or the command-line scanner ecls.exe or odscan on Linux.
  2. Please raise a support ticket since it will need to be investigated by developers.
  3. Unfortunately we can't help since it's Ivanti that doesn't recognize ESET v17.
  4. Only by temporarily uninstalling ESET you can confirm or deny a correlation between the issue and ESET. You can export the configuration and import it after re-installation if you use some non-default settings.
  5. Unfortunately ESET was not installed when logs were collected. Please install ESET, run a full disk scan and then collect fresh logs with ELC. Also provide logs collected with the tool that I'll supply you with via a private message.
  6. Please provide: 1, Logs collected with ESET Log Collector 2, A couple of encrypted files (ideally Office documents) 3, The ransomware note with payment instruction.
  7. Probably you have a license from ESET Canada. Please provide your public license ID in the form of XXX-XXX-XXX to identify your license.
  8. Before getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or informationView the full article
  9. I've tried it and created a rule for profile "1" in v16.1. After upgrade to v17, the rule was retained and correctly assigned to this profile:
  10. Please always create a support ticket for things when a replication in needed. It is very difficult for us moderators to replicate issues during holidays in our free time which requires quite a lot of time. It's different to answering relatively simple questions which takes a few minutes at most. Anyways, I'll try to reproduce the issue with firewall rules migration from v16.1 to v17 in the following days but I don't expect it to be a general issue, otherwise users who have upgraded to v17 would have reported it as well. Therefore I kindly ask you to raise a support ticket for proper investigation of the issue.
  11. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Reproduce the issue Stop logging Collect logs with ESET Log Collector and upload the generated archive here (only the ESET staff can access attachments). If the archive is too big to upload here, upload it to a file sharing service and drop me a private message with a download link.
  12. I've been trying to download the file but the download failed after an about an hour. The archive was too big, probably several GB in size. What makes you think it was malware?
  13. I assume the file would still contain vbaproject.bin inside but this was missing in the above xlsx file. I'll pass it to our researchers for a check though.
  14. The issue needs to be primarily investigated by Ivanti since we don't know how it internally works.
  15. How is the issue related to ESET? Are you able to install Adobe after ESET has been uninstalled?
  16. The Excel file doesn't seem to contain a macro. Couldn't it be that it was detected and removed by ESET?
  17. Then it must be related to Entrust cert. which expired on Dec 8. Please upload here C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64\????\em000_64.dll (where ???? is a 4-digit number).
  18. What plugins do you mean? Are they ESET related? If ESET is uninstalled, all its extensions are removed from the system.
  19. I've analyzed the script and at the final stage it downloads malware detected by ESET as Win32/Rescoms.B trojan. Please provide the Excel file with macro in an archive encrypted with the password "infected" to make sure that the macro is detected prior to execution.
  20. Are you positive that the heavily obfuscated script is legitimate?
  21. Do you have a supported version of agent installed? https://support-eol.eset.com/en/policy_business/product_tables.html Version Original Release Date Latest Build Latest Build Release Date Current Status Full Support Limited Support 11.0 December 13, 2023 11.0.503.0 December 13, 2023 Full Support Until next feature update (minimum until June 30, 2024) Until June 30, 2026 10.1 June 27, 2023 10.1.1292.0 August 22, 2023 Limited Support Ended (December 13, 2023) Until December 31, 2025 10.0 November 10, 2022 10.0.1126.0 November 10, 2022 Limited Support Ended (June 27, 2023) Until June 30, 2025 9.1 July 14, 2022 9.1.1298.0 July 27, 2022 Limited Support Ended (November 10, 2022) Until November 30, 2024 9.0 October 28, 2021 9.0.1141.0 October 28, 2021 Limited Support Ended (July 14, 2022) Until July 14, 2024 8.1 June 24, 2021 8.1.1223.0 October 7, 2021 End of Life Ended (October 28, 2021) Ended (October 31, 2023) 8.0 December 9, 2020 8.0.1238.0 February 11, 2021 End of Life Ended (June 23, 2021) Ended (June 30, 2023)
  22. You have both Hitman Pro and MalwareBytes installed. Please try uninstalling Hitman Pro and see if the issue goes away. As for MalwareBytes, make sure to use it only as a second opinion on-demand scanner since all its drivers are installed, including real-time protection.
  23. You can upload the logs here. Attachments are available only to ESET staff.
  24. For some reason I could not find epfwlog.dat log in the archive although the ELC log says otherwise. On Dec 14 there was a problem with DNS between 05:46:03 and 05:46:12. As to what was going on, we can't tell. The pcap log could at least tell if there was problem with network communication in general in this time frame.
  25. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Reproduce the issue Stop logging Collect logs with ESET Log Collector and upload the generated archive here (only the ESET staff can access attachments). If the archive is too big to upload here, upload it to a file sharing service and drop me a private message with a download link.
×
×
  • Create New...