-
Posts
36,312 -
Joined
-
Last visited
-
Days Won
1,444
Posts posted by Marcos
-
-
As stated in the read-before-you-post instructions:
Do not report blocked websites
After cleaning a website from malware and taking measures to prevent further re-infection, request a re-check as per the instructions in the FAQ. This forum does not serve as a channel for requesting website re-check or disputing blocks or detections.Having said that, we'll draw this topic to a close.
-
You could start with checking SonicWalls logs for information about blocked connections with ESET's update servers (https://support.eset.com/kb332/#downloadupdates).
-
-
-
On a machine with ESET installed and activated with a paid version, run ESET Log Collector and gather logs. Next compress a handful of encrypted files (ideally Office documents) along with the ransomware notes, upload all stuff to a safe location (either ESET's ftp or OneDrive, DropBox, etc.) and email samples[at]eset.com with a download link included.
-
I'm sorry, I meant advanced setup -> Tools -> Diagnostics.
-
4 minutes ago, bbahes said:
Can you provide Fortinet FortiOS version, IPS rule that does this? We have Fortigate on multiple location but I have never noticed any corruption. Does this effect v5 or v6 and v7 also?
See https://forum.eset.com/topic/17535-eset-corrupted-file/ for more information.
-
Please enable network protection and update engine advanced logging in the advanced setup -> tools and run update. Next disable logging, gather logs with ESET Log Collector and provide the generated archive.
Also if possible, try updating one machine directly, bypassing the firewall just in case.
-
What do you mean by that you can't get ESET to run? Are you able to install and activate ESET? Are you getting an error during install or afterwards? Could you provide some screen shots for clarification?
-
Do you or your ISP use a Fortinet firewall or IPS? They are known to corrupt bigger update files.
-
Does excluding these folders from scanning (EAV -> Preferences -> General -> Exclusions) make a difference?
/private/etc/
/Library/Application Support/ESET/esets/modules/ -
Is that real spam coming from gmail and not just a test using a legitimate email address? Antispam basically checks the IP addresses of the SMTP servers in the email headers so it should work reliably even if a gmail address is spoofed.
-
-
What version of the ESMC Server do you use? Is it the last one available on ESET's download servers?
-
It was already fixed on April 1st.
-
We extensively test upgrades of Windows 10 to newer version with ESET installed and never experienced issues that hadn't been fixed prior to the final release of the new version.
If you are able to reproduce it, the best would be to create an image of the disk and provide it to ESET for replication and debugging.
-
Some posts were hid while being reviewed.
-
ESET doesn't access your webcam but asks you for an action if another application attempts to access it. You can disable webcam protection in the main gui.
-
Can you explain the purpose of blank javacripts loaded from js.genieessp.com and cfts1tifqr.com? To me it appears the site was hacked.
-
Please provide logs gathered with ESET Log Collector so that we can check if there are duplicate rules created.
-
If I remember correctly, running a scan of a file with esets_scan will also show a list of installed modules.
-
Please gather logs with ESET Log Collector and post the generated archive here so that we can check the version of installed modules and a list of software that is installed on the machine.
-
Edit the rule that has both the local and remote IP addresses same. Use only local IP addresses if you want to block any communication on these ports from outside.
-
The question is how often the issues occur. If it doesn't take too long to reproduce, I'd start with temporarily pausing real-time protection. During reproduction, generate logs as per https://support.eset.com/kb3404. When done, raise a support ticket for customer care so that the case is tracked properly and provide the logs.
Ramsomware Phoenix
in Malware Finding and Cleaning
Posted
Unfortunately, you attached encrypted files, not the ransomware note that I asked for.