-
Posts
38,068 -
Joined
-
Last visited
-
Days Won
1,509
Everything posted by Marcos
-
Windows web Site - JS/CoinMiner
Marcos replied to Pambos Zeniou's topic in Malware Finding and Cleaning
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-–-First-we-cryptojack-Brazil,-then-we-take-the-World-/ ESET had recognized this hack a couple of days or weeks before the reports went public. -
Aren't process exclusions locked by a policy?
-
Windows web Site - JS/CoinMiner
Marcos replied to Pambos Zeniou's topic in Malware Finding and Cleaning
If you are using a Mikrotik router, reset it to factory settings and upgrade the firmware to the latest version. If that doesn't help, it could be that your ISP is using a compromised Mikrotik router. -
Filtering by attachment extensions or file types is possible only in products for mail servers.
-
[EES 7] Threat reported with no automatic action taken.
Marcos replied to V.T.L's topic in ESET Endpoint Products
This detection requires user's interaction. No action is logged if the user selects "No action" when asked to select the desired action. Setting strict cleaning mode in the Web access protection setup should terminate the connection automatically in such case. -
Tool missing after the update to 11.2
Marcos replied to Klausen Wifall's topic in ESET NOD32 Antivirus
That was already discussed here: https://forum.eset.com/topic/16623-how-do-i-see-what-objectwebsites-are-being-scanned-in-real-time. In order to prevent duplicate topics on a subject, we'll draw this one to a close. -
There was a 3rd party FP on this host. Although it was blocked with a path, it might have caused false positives. You should be now able to access the host alright.
-
Updating computers using the ERA Proxy Server
Marcos replied to SGorski's topic in ESET PROTECT On-prem (Remote Management)
Updates of Endpoint products have nothing to do with ERA/ESMC. Do you use ESET HTTP Proxy or another proxy server? Most likely it alters update files and Endpoint cannot apply such files if integrity is not ensured. -
Problems with EES V7
Marcos replied to Trooper311's topic in ESET PROTECT On-prem (Remote Management)
If you mean the issue when both the previous and new agent are reported to be installed, this will be addressed in the upcoming service release that is planned to be released within a few weeks. -
Server Offline Activation and Micro Updates
Marcos replied to mayowa's topic in ESET Products for Windows Servers
Micro PCU (uPCU) updates are intended for upgrading the program from ESET's repository. Are the servers are completely offline or it's possible they could connect through another machine running HTTP Proxy? If that's not an option, then you could create an offline mirror using an ESET Endpoint or server product on a machine with Internet connection and make it accessible to the offline server (e.g. via a local http server or by transferring the mirror content, e.g. via a USB flash disk). -
https:// console issue after ESET 7.0 upgrade
Marcos replied to Manikandan R's topic in ESET Endpoint Products
Also does temporarily disabling SSL/TLS filtering in Endpoint make a difference? -
ESMC v7 - Hyper-V checkpoint problem
Marcos replied to bbahes's topic in ESET PROTECT On-prem (Remote Management)
Download era.war from ESET's download page and copy it to /var/lib/tomcat7/webapps/ (https://help.eset.com/era_install/64/en-US/index.html?component_installation_webconsole_linux.htm). It may take a few minutes to extract files from it automatically. Afterwards you should be able to log in to the console. -
ESMC all in one installers and Agent
Marcos replied to Ritesh Sharma's topic in ESET Endpoint Products
If you want to migrate to ESMC from ERAv5, use the Migration assistant downloadable from https://www.eset.com/int/business/security-management-center/download/#standalone For help with migration from ERAv5, please read https://help.eset.com/esmc_install/70/en-US/migration_assistant.html?migration_from_era5.html. If you would like to start from scratch: 1, Install ESMC (ideally using the All-in-one installer or importing a virtual appliance into a hypervisor). 2, Add an EBA account in the ESMC License manager to manage your licenses. 3, Deploy agent on clients. The clients will become manageable by ESMC afterwards. 4, Send a software install task with the appropriate security product and license selected. Should you need further help, feel free to ask. -
UEFI detections cannot be cleaned. You have the following options: 1, Upgrade the UEFI firmware to a version that doesn't contain the Computrace application, if available. 2, Exclude Computrace from detection by the detection name. 3, Disable detection of potentially unsafe applications (not recommended).
-
Do you know by chance what malware it was? It could be a Filecoder which encrypts also binary files and thus renders the system unusable. In case of ransomware infection, it is very common that an attacker performs a brute-force RDP attack, connects via RDP as an admin, disables or uninstalls the AV and then runs ransomware to encrypt files. The question is if you have RDP disallowed from outside the network, whether ESET's settings were password protected and detection of pot. unsafe applications enabled.