Mauricio Osorio
-
Posts
107 -
Joined
-
Last visited
Posts posted by Mauricio Osorio
-
-
Hi guys,
Why ESET Sysinspector is showing this Windows task as dangerous:
You can see the Sysinspector log in the attachment.
My customer is asking about this but i dont know why this is dangerous. Can someone help me?
Regards.
-
The local support is very bad, so I turn to this forum, you should really check your local representatives at the support level, because at the sales level they are very good, but in support definitely not. I mean in Colombia is really bad, but in Argentina is really good, we wish to change local support at least for Argentina support.
-
6 minutes ago, Marcos said:
If you are an ESET reseller or work for our partner, please contact ESET HQ 24x7 support re. this.
Do you have a phone number or mail that i can use?.
Regards.
-
This explanation help us a lot. Thanks you all because we are more close to keep this client with ESET's Solutions. Today we are testing EEI and EDTD.
Regards.
-
Hi Everyone,
I recently installed EMS on a Linux server that my client is using with ZIMBRA as a mail server. How can I verify if EMS is compatible with this type of mail server?
The server is configured like this:MTAVersion glibc : 2.17Version Kernel : 3.10.0-957.21.3.el7.x86_64Version SO : centos-release-7-6.1810.2.el7.centos.x86_64Version ZImbra : Release 8.8.12_GA_3794.RHEL7_64_20190329045002 RHEL7_64 NETWORK edition, Patch 8.8.12_P1 proxy.LDAPVersion glibc : 2.17Version Kernel : 3.10.0-957.21.3.el7.x86_64Version SO : centos-release-7-6.1810.2.el7.centos.x86_64Version ZImbra : Release 8.8.12_GA_3794.RHEL7_64_20190329045002 RHEL7_64 NETWORK edition.MBX1Version glibc : 2.17Version Kernel : 3.10.0-957.21.3.el7.x86_64Version SO : centos-release-7-6.1810.2.el7.centos.x86_64Version ZImbra : Release 8.8.12_GA_3794.RHEL7_64_20190329045002 RHEL7_64 NETWORK edition, Patch 8.8.12_P3.MBX2Version glibc : 2.17Version Kernel : 3.10.0-957.21.3.el7.x86_64Version SO : centos-release-7-6.1810.2.el7.centos.x86_64Version ZImbra : Release 8.8.12_GA_3794.RHEL7_64_20190329045002 RHEL7_64 NETWORK edition, Patch 8.8.12_P3.Regards. -
-
The product does not show anything disable.
Thanks.
-
Hi guys,
Thanks for that answers, it is really important for us defend the brand in front of our clients and your contributions help us a lot!. Really appreciate your comments.
We are now presenting a report with this information, but i have an extra question to make you:
based on the logs of the product, this had its modules disabled?
I ask because when i saw the logs file it show me this:
Regards.
-
You can see the report here: https://we.tl/t-4YzLo8kS6B
Thanks.
-
Hi everyone,
A few days ago one of the most important customers we have shows us an executive report about a test made by a program named cymulate, in that report (it is attached by the way) show how the ESET Endpoint solution could not detect some types attacks.
Im not really sure about this report but i need to justify our solutions because this report has put in doubt the antivirus and he told us that if we do not configure the antivirus so that these attacks do not happen it will not renew the subscription and it is a client of 1200 machines, a very important client for us.
They run the test in one machine, i took the logs and a sysinspector if that can useful to examine the case. The module used in CYMULATE was the one called web gateway.
There is a few questions:
- Can we detect those attacks and how i must configure the endpoint policy?
- Cymulate make a real vulnerability test?
- How ESET as a brand can respond in this case?
I hope you can help me in this one!.
report_executive_web_gateway__2019_06_20__15_43_50.pdfRegards.
-
9 minutes ago, Mauricio Osorio said:
Hi guys,
I need to upgrade all my endpoints (2800) but i have a recurrent issue with the apache proxy, then, i want to send the installation from local repository, but i have a question, can i put both .msi (x86 and x64) in the same folder so that the console chooses which one to install according to the architecture of the system?.
Which is the best way to accomplish this task?
Thanks and regards.
A little bit more information:
Today i have 2800 endpoints with agent v.7 and EES v.6.6 and all of those have Windows O.S.
I have ESET Security Management Center.
Regards.
-
Hi guys,
I need to upgrade all my endpoints (2800) but i have a recurrent issue with the apache proxy, then, i want to send the installation from local repository, but i have a question, can i put both .msi (x86 and x64) in the same folder so that the console chooses which one to install according to the architecture of the system?.
Which is the best way to accomplish this task?
Thanks and regards.
-
Hi everyone,
I used to install ESET Management Agent manually in hosted ESMC, but in cloud based console i don't know if this is possible. This is the procedure i used to use:
https://www.youtube.com/watch?v=zGZHLhoDfOw
Sorry i didn't find a newer video!.
I discover that the agents are reporting to this url: b62lngmggxteto72cw63mhz7ly.a.ecaserver.eset.com and i found the connection is made by port 443 instead of 2222 but I do not know which port is used instead of the 2223 that previously used in the local console or maybe this isnt possible.
I know that you can use the all in one packet downloaded directly from console, but i want to know if this way is possible or not.
Thanks for your help.
-
Thanks all of you.
Regards.
-
15 hours ago, itman said:
It's a new Matrix ransomware variant: https://twitter.com/demonslay335/status/1110188987690504193
Matrix ransomware attacks involved hacked RDP connections as described in this article:
Thanks!... this information is very usefull.
-
Hi every one,
Today one of our customer report to us a problem, he has 2 servers encrypted by a ransomware named SDEN, it changes file to a new .sden
They had ESET File Security installed but did not stop the attack. I know it's not just antivirus when we talk about ransomware, but I want to help my client so that it does not happen again. How can you help me with this case?. What kind of information do I send?
You can see in the attachment some snapshots about it.
-
3 hours ago, Marcos said:
You have Win32/Agent.AABQ trojan and Win32/TrojanDownloader.Agent.DVC trojan running there. The detection was added in Nov 2018 and Jan 2019 respectively. Please run a disk scan with ESET Online Scanner and clean the malware.
Move the following files to a new folder (e.g. c:\esetvir). Next reboot the machine, compress the content of the folder and submit the archive to samples[at]eset.com. Only after you receive a reply delete the content of the folder:
c:\windows\system32\s
c:\windows\system32\p
c:\windows\system32\tasks\DnsCore
c:\windows\system32\tasks\Microsoft\Windows\RegistryCore
c:\windows\system32\tasks\Mysa1
c:\windows\system32\tasks\Mysa2
c:\windows\system32\tasks\Mysa3Finally try to install ESET from scratch.
Thanks for your answer.
I'll try and tell you how it's going.
-
Maybe is there some information about this topic?.
Regards.
-
10 hours ago, Marcos said:
I'd better check ESET Log Collector logs since the warning from the ESMC console doesn't ring a bell.
For instructions how to gather ESET Log Collector logs, please refer to hxxp://support.eset.com/kb3466/.
Hi @Marcos,
On the attachment you can see the logcollector.
Thanks for your help!.
Regards.
-
Just now, Marcos said:
Let's start off by gathering logs with ESET Log Collector. It could be that ekrn.exe and egui.exe processes are running but the gui is not showing up for some reason. You can also check if the eicar test file is detected / blocked.
Thanks Marcos for your answer.
On ESMC you can see this error on that computer: (Attached) (eset product is installed but not running)
I will try to take out the Log Collector and upload it as soon as possible.
Thanks!.
-
Just now, axlgabo10 said:
Hello Mauricio, apparently you are installing an endpoint version on a server, you need the product eset file security on servers.
links file server:
32 bits:
https://download.eset.com/com/eset/apps/business/efs/windows/latest/efsw_nt32.msi
64 bits:
https://download.eset.com/com/eset/apps/business/efs/windows/latest/efsw_nt64.msi
Thanks for your answer, it isn't a server, that is a skin that my client uses to use!.
-
I have a problem with some computers on my client's network
When i try to install an EMA (Agent) everything works well but when i try to install EES it does not run. It install without any errors, but doesnt run anyway. I have tried to executed manually but does not work either.
Maybe its a malware problem but this answer is not enough for my client.
How can i solve this issue?.
On this link you can see the installation process and the problem with it: https://youtu.be/aSt5w7xMZvA
Regards.
-
This works very well... Thanks! you save me from reinstall all the machines.
Regards!.
Thank you @MartinK
-
Good news for my client!!...
I going to try and I will tell you how it is going.
Thanks!.
ESET Sysinspector show a windows task as dangerous
in Malware Finding and Cleaning
Posted
Thank you for the answer Marcos. Im going to say that to my client. Is there some training or something where we can learn how to read correctly a sysinspector log?.
Regards.