Jump to content

mayowa

Members
  • Posts

    89
  • Joined

  • Last visited

Posts posted by mayowa

  1. Hello All,

    We initiate a full disk encryption from the ESET management console and we waited over night for encryption to complete but when we try to access the laptop today we noticed the work station has a message on the screen "Work station disabled" hence the reason we had to escalate here , although we have read all the remedial steps on the help center and knowledge based both no topic is related to these issue stated 

    Kindly advise on a work around 

     

    Below is the issue experienced Image

     

  2. Dear All, 

     

    please how can you help to restore

     Here below are the steps we underwent 

    From where the computer was working fine.

    It started update and shutdown.

    Then I force shutdown

    when I restarted, it attempted recovery but was not recovering.

    I formatted it thinking that it the OS had crashed.

    I try decryption but did not see the Decryption workstation ID.

    Used a Recovery tool software to recover the data files from the HDD.

    Tried to decrypt again but still did not see the Decryption workstation ID.

    Cleaned the HDD and saved only the recovery data files on the Hard Drive.

    Tried to decrypt the third time but still did not see the Decryption workstation ID.

  3.  

    Dear All,

     

    I have a couple of systems where FDE is installed but encryption is not started on them.

     

    From the ESMC I can't see any report or notification as to why the encryption is unable to start. I understand I can check this from the system itself but going from system to system to check this is not exactly feasible.

     

    Also, I am trying to generate a report that will show me systems that FDE is not started on them but I can't see any item to add to reports that will show this. I have to start checking the status from system to system which is quite cumbersome.

     

    Kindly assist.

     

  4. Dear All,

    We are unable to access our ECA , please advise on a work around 

    Here below are the errors encountered 

    *version : ECA7.2.92.0*
    *locale : en_US*
    *user.agent : Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 (safari)*
    *document : https://eu02.eca.eset.com/era/webconsole/AB2453E48CAED0B8E299458A8CE28778.cache.html*
    *url: https://eu02.eca.eset.com/era/webconsole/*
            
    An uncaught exception has ocurred! (com.google.gwt.core.client.JavaScriptException: (TypeError) : Cannot read property 'getAuthorization' of undefined)
    @Unknown.QOi(Unknown Source:300)@
    @Unknown.lFe(Unknown Source:157)@
    @Unknown.EGe(Unknown Source:146)@
    @Unknown.uh(Unknown Source:135)@
    @Unknown.anonymous(Unknown Source:139)@
    @Unknown.Xn(Unknown Source:309)@
    @Unknown.$n(Unknown Source:361)@
    @Unknown.anonymous(Unknown Source:78)@

    Javascript cause: <br/>@TypeError: Cannot read property &#39;getAuthorization&#39; of undefined@ 

     

    image.thumb.png.c9e85d01d020f85002e0aef3132754e1.png

     

    image.thumb.png.62921a28e52d3fba9d62f79dc55e42aa.png

    image.png

  5. Dear All,

    With regards to the subject matter, please kindly advise on how to use ESMC to view system firmware.

    A customer would like to roll-out EFDE to all endpoints in their infrastructure but need to view the firmware of all computer to know which system is running on legacy bios or UEFI and how to export a legacy bios computer list for an upgrade or conversion to UEFI

     

    We await your response 

     

    Thank you

     

    Regards 

  6. Hello All,

    After installing ESET Endpoint Security we are unable to deploy EFDE , we encountered error installation seen below

    image.thumb.png.01e6f47dbca0ccf70b94a0be128cb1dd.png

    Kindly Note: ESET Endpoint security is the only AV installed on the PC

     

    We need a workaround for 300 manage systems, after troubleshooting we had to resolve to uninstall EES before deploying EFDE, moreover we cant do that for 300 systems at different branches by uninstalling previously installed product for another

     

    Please kindly advise

     

  7. On 7/12/2020 at 3:57 PM, MartinK said:

    There seems to be some kind of network issue preventing clients from connection. Endpoint read failed error indicates that connection is probably opened, but dropped prematurely - might be caused by firewall or proxies. I would recommend to check all such components in between of ESMC and not-connecting clients. From screenshot it seems that there is at least one device still connecting, so maybe it is affecting only part of network?

    Hello,

    Please see the link below for logs, we have excluded all ports ESET uses on the hardware firewall but still faced the same issue 

    ftp://ftp.nod.sk/support/log/

    @Marcos  @MartinK

    We await your kind response 

    Thank you and Warm regards 

  8. Hello All,

    A customer was infected with a virus encrypting their documents with file extension .pgp requesting they contact openpgp@foxmail.com.pgp  for them to make payments and a decryptor sent to them

    Note: all features are enable on the AV -see attached document

    Kindly confirm if they is a decryptor or a ways to decrypt encrypted documents 

    -See attached for encrypted documents 

    Encrypted Data.zip Encrypted Data.pdf ESET CP shots.pdf

  9. 3 hours ago, mayowa said:

    Hello Marcos,

     

    Please follow the link below as requested 

    ftp://ftp.nod.sk/support/Gmerlog & Dumps/

    Fine below link for log retrieved from the second server 

    The files includes log for GMER, PROCESS MONITOR (BOOT LOG) and screen shots for the below. Also attached a screen shot of event log details which shows before restarting of server! However it does not create memory dump file!
    Thanks,

    ftp://ftp.nod.sk/support/EKHotels/

     

    Anticipating your response as always \

     

    Thank you and warm regards 

  10. 7 minutes ago, mayowa said:

    Hello Marcos ,

    Please follow the link below for the procmon log & ESET Log Collector log

    ftp://ftp.nod.sk/support/EKOHOTELS/

    Awaiting your swift response 

    We also noticed this in their malware notification alert 

    NEW NOTIFICATION

    Malicious file Win32/Delf.TXX was detected on computer eko-itmgrsvr.ekohotels.com

    Threat type: trojan
    Threat name: Win32/Delf.TXX
    Computer name: eko-itmgrsvr.ekohotels.com
    Logged user:
    Time of occurrence: 6/11/20, 8:36:27 AM UTC
    Scanner: Startup scanner
    Action performed: cleaned

    But notification alert kept on coming after the action performed to be cleaned 

  11. On 6/10/2020 at 3:58 PM, Marcos said:

    Is the trojan detected immediately after a computer restart, e.g. when you run an on-demand scanner of the operating memory?

    If so, please provide a Procmon boot log. After a reboot stop logging only after the threat has been detected. With the Procmon log please provide also fresh ESET Log Collector logs. Also provide logs from Gmer.

    I'd also recommend:
    - Running a scan with ESET SysRescue to rule out the possibility that a rootkit is hiding malicious files. Delf.BTT seems to be rootkit-related.
    - Temporarily disconnecting the machine from network to find out if the threat is detected even if the machine is isolated.

    Please do not delete any suspicious files without keeping a copy. We'll need them for perusal.

    Hello Marcos ,

    Please follow the link below for the procmon log & ESET Log Collector log

    ftp://ftp.nod.sk/support/EKOHOTELS/

    Awaiting your swift response 

  12. 5 minutes ago, itman said:

    There's another thread on this rootkit Trojan here: https://forum.eset.com/topic/22184-win32trojandownloaderdelfbtt/

    OP got rid of it by moving the file to another directory. He then ran an Eset context scan on that file which deleted it and moved it to quarantine folder. The file can then be submitted to Eset from the quarantine folder.

    Thank you for the response i will do as suggested 

  13. One of our servers with EFSW installed popup with a message that TROJAN detected and restart required to clean. After restart same error pop is encountered even when a policy from the management console '' maximum security '' is integrated to the AV (i.e in-depth scan and strict cleaning )

    Please have a look at it and your earliest response is much appreciated 

    Attached is log for the servers 

    efsw_logs_6.zip

×
×
  • Create New...