Marcos

Please provide: - step-by-step instructions to reproduce it - logs collected by ESET Log Collector

Hello, 1, If you perform a factory (hard) reset of a mobile phone, you lose all data stored in the internal memory. On the other hand, backing up all data also brings a risk of including possible malware that might be on the phone. I would say that backing up only multimedia files and documents that you recognize (ie. without installed applications) should be relatively safe . 2, What you can do for better protection: use a phone from a trusted maker, install applications only from Google Play, install applications that you really need and have a good rating from a lot of users, use an antivirus and keep it up to date. 3, Whitelisting objects (apps in this case) is far more difficult than blacklisting malicious ones and it's basically impossible. If you ran into a 100% legit application not recognized by the AV maker, it would be blocked. It is beyond any AV maker to analyze all applications (be it in GP store or the others), determine whether an application is benign to permit it and to keep pace with new applications being added every day. 4, Most of detections (also called DNA smart detections) are nowadays based on a dynamic analysis of malware that is performed by advanced heuristics in an isolated virtual environment upon scanning a file. 5, V7 server products support ESET Dynamic Threat Defense (EDTD). In case of a mail server, with EDTD enabled suspicious files (attachments) are first sent to ESET's EDTD server for analysis. In an EDTD sandbox, the sample is run and evaluated by various mechanisms, including the Augur machine learning system that leverages neural networks. You can choose what type of files can be submitted as well as the retention period (e.g. files can be removed from EDTD servers immediately after analysis). Based on the result, such email is either delivered to the addressee if the attachment was evaluated as clean or it's blocked on the mail server. For more information about Augur, refer to https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/. For a list of techniques developed and leveraged by ESET products, please read https://www.eset.com/int/about/technology/.

This is a known issue. Please refer to https://forum.eset.com/topic/16476-after-upgrade-agent-to-v7-old-agent-is-also-visible/?do=findComment&comment=81383.

What error is listed in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or trace.log? If possible, post them here. I assume you have already upgraded ERA Server v6 to ESMC, haven't you? In case you still had ERA v6 installed, Agent v7 would be unable to communicate with it.

Try performing a factory reset of your router and install the latest version of firmware. What brand / model of the router do you use? Is the threat detected on every device connected through the router? Should the problem persist, change the router for another brand if you can. Should the problem persist, there's a change that the CoinMiner script is already injected at your ISP.

This is the place where you define file exclusions. They are applied to all scanners, including real-time protection: I wonder if you could provide some examples of exclusions you need to create and why. Basically the product should work alright without any exclusions defined. Each exclusion creates a potential security hole so we encourage users not to exclude anything unless inevitable. If exclusions need to be used, we'd like to hear about real use cases since we'd prefer to find another solution than using exclusions.

Also it appears there is already a newer Insider Preview build 17751 in the fast ring. Let's see if installing it resolves the issue. In the mean time I'll check with QA engineers if they are aware of any incompatibility issues with recent IP builds.

It doesn't mean that ESET is the culprit. Please read https://www.bleepingcomputer.com/news/google/google-chrome-showing-alerts-about-incompatible-applications/.

I recall there's a problem with slow connection to the repository servers from Australia but we should come up with a solution soon. My colleagues will correct me, if needed.

I'm not able to reproduce it. A detection is triggered but Chrome doesn't crash. Perhaps knowing the exact version of Chrome, operating system, ESET product and version of installed ESET modules along with step-by-step instructions would help us reproduce it:

There is already another topic on this detection. The ads provider will need to take certain steps and cease providing PUAs, malware, etc. via ads. To prevent duplicate topics, we'll draw this one to a close.

This has been already discussed in another topic. The problem is with ExoClick ads that are used on the website. One of the images was removed. Posting sexually explicit images is strictly prohibited in our forum To prevent duplicate topics, we'll draw this one to a close.

Since everything has been said and explained, we will draw this topic to a close. It's ExoClick's turn now.

Exoclick can contact us directly and we will explain them what the problem is. Our primary goal is to protect our users. The detection will remain unchanged until Exoclick sorts out the issues.

Please report incorrect website blocks to ESET as per https://support.eset.com/kb141/.

Again, the website was not blacklisted but it was a dodgy javascript that was detected there. Removing the script allowed users to visit the website without the html code being detected and blocked.

In this case it's probably a local infection because of the wscript.exe process. Please gather logs with ELC on that machine and provide me with the generated archive.

If you have an opportunity to try a router of a different brand, please do so and let us know if the issue goes away. I'd also suggest trying SysRescue and the browser included with it to see if the alert is still triggered to rule out a local system infection.

As itman said, the website is not blacklisted. It was a javascript that was detected and that might have been removed in the mean time by an admin of the website so it's no longer detected by ESET.

If you don't need telnet, disable it in your router's setup.

AdwCleaner detects also benign stuff / leftovers that are not normally subject to detection. Without getting and analyzing what it detected it's impossible to tell if that stuff was supposed to be detected or whether it was a false positive by AdwCleaner. Moreover, AdwCleaner is not an antivirus and works differently than AVs. Let's stay on topic, don't turn this topic into a A vs B discussion and keep polite tone.

You have a rootkit in the system. In safe mode, delete the files c:\windows\system32\drivers\winmon.sys and c:\windows\system32\drivers\winmonfs.sys. If necessary, boot from a clean medium (e.g. ESET SysRescue) first.

This is dangerous and not recommended to do since you won't be protected when opening malicious websites or downloading malware. Please enabled advanced protocol filtering logging and advanced network protection logging in the setup under Tools -> Diagnostics, reproduce the issue. When done, disable logging, gather logs with ELC and provide me with the generated archive.

Protecting you from malicious websites and scripts is not a serious mistake but something that a security product is supposed to do and expected to do. The fact that you opened the website with Web protection disabled which subsequently caused the browser to crash is not ESET's fault. We cannot prevent users from deliberately pausing protection and subsequently opening websites containing malicious or otherwise dangerous stuff.