mayowa
-
Posts
89 -
Joined
-
Last visited
Posts posted by mayowa
-
-
Thank you marcos i will do as advised and revert
-
Dear All,
We are unable to install ESET on our server
here below is the error encountered during installation
Attached is the log generated ESET Log Collector
-
Dear All,
please how can you help to restore
Here below are the steps we underwent
From where the computer was working fine.
It started update and shutdown.
Then I force shutdown
when I restarted, it attempted recovery but was not recovering.
I formatted it thinking that it the OS had crashed.
I try decryption but did not see the Decryption workstation ID.
Used a Recovery tool software to recover the data files from the HDD.
Tried to decrypt again but still did not see the Decryption workstation ID.
Cleaned the HDD and saved only the recovery data files on the Hard Drive.
Tried to decrypt the third time but still did not see the Decryption workstation ID.
-
Dear All,
I have a couple of systems where FDE is installed but encryption is not started on them.
From the ESMC I can't see any report or notification as to why the encryption is unable to start. I understand I can check this from the system itself but going from system to system to check this is not exactly feasible.
Also, I am trying to generate a report that will show me systems that FDE is not started on them but I can't see any item to add to reports that will show this. I have to start checking the status from system to system which is quite cumbersome.
Kindly assist.
-
19 hours ago, Marcos said:
Is only one user logged in ECA? If so, the issue is most likely caused by caused at the ISP. Try connecting to the Internet through another ISP at least for a test, if possible.
We did as advise but faced with the same issue
-
2 minutes ago, Marcos said:
Is only one user logged in ECA? If so, the issue is most likely caused by caused at the ISP. Try connecting to the Internet through another ISP at least for a test, if possible.
Thanks marcos, I will do as advised and revert
Regards
-
Dear All,
We are unable to access our ECA , please advise on a work around
Here below are the errors encountered
*version : ECA7.2.92.0*
*locale : en_US*
*user.agent : Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 (safari)*
*document : https://eu02.eca.eset.com/era/webconsole/AB2453E48CAED0B8E299458A8CE28778.cache.html*
*url: https://eu02.eca.eset.com/era/webconsole/*
An uncaught exception has ocurred! (com.google.gwt.core.client.JavaScriptException: (TypeError) : Cannot read property 'getAuthorization' of undefined)
@Unknown.QOi(Unknown Source:300)@
@Unknown.lFe(Unknown Source:157)@
@Unknown.EGe(Unknown Source:146)@
@Unknown.uh(Unknown Source:135)@
@Unknown.anonymous(Unknown Source:139)@
@Unknown.Xn(Unknown Source:309)@
@Unknown.$n(Unknown Source:361)@
@Unknown.anonymous(Unknown Source:78)@Javascript cause: <br/>@TypeError: Cannot read property 'getAuthorization' of undefined@
-
Dear All,
A customer wants to recover an encrypted system, Kindly Note :
- EEE server is formatted so system is not managed
Please kindly advise on a work around
Regards
-
Dear All,
With regards to the subject matter, please kindly advise on how to use ESMC to view system firmware.
A customer would like to roll-out EFDE to all endpoints in their infrastructure but need to view the firmware of all computer to know which system is running on legacy bios or UEFI and how to export a legacy bios computer list for an upgrade or conversion to UEFI
We await your response
Thank you
Regards
-
Hello All,
After installing ESET Endpoint Security we are unable to deploy EFDE , we encountered error installation seen below
Kindly Note: ESET Endpoint security is the only AV installed on the PC
We need a workaround for 300 manage systems, after troubleshooting we had to resolve to uninstall EES before deploying EFDE, moreover we cant do that for 300 systems at different branches by uninstalling previously installed product for another
Please kindly advise
-
Dear All,
We observed the there is a problem with MDC connecting with our ESMC
Please see below screen shot and attached documents for logs
-
On 7/12/2020 at 3:57 PM, MartinK said:
There seems to be some kind of network issue preventing clients from connection. Endpoint read failed error indicates that connection is probably opened, but dropped prematurely - might be caused by firewall or proxies. I would recommend to check all such components in between of ESMC and not-connecting clients. From screenshot it seems that there is at least one device still connecting, so maybe it is affecting only part of network?
Hello,
Please see the link below for logs, we have excluded all ports ESET uses on the hardware firewall but still faced the same issue
We await your kind response
Thank you and Warm regards
-
Hello All,
A customer was infected with a virus encrypting their documents with file extension .pgp requesting they contact openpgp@foxmail.com.pgp for them to make payments and a decryptor sent to them
Note: all features are enable on the AV -see attached document
Kindly confirm if they is a decryptor or a ways to decrypt encrypted documents
-See attached for encrypted documents
-
Dear All,
We noticed computers last connected is not changing on ESMC dashboard for days as shown below
Kindly find attached for logs
-
Dear All,
We tried integrating MDC with ESMC , the error below was what we encountered
-
Dear All,
is it compulsory to install the ESA Radius server on the domain controller
Your swift response would be higher appreciated
Best regards
-
1 hour ago, Marcos said:
Please provide a complete memory dump. It should be bigger than just 200 MB.
Kindly follow the link below
-
3 hours ago, mayowa said:
Fine below link for log retrieved from the second server
The files includes log for GMER, PROCESS MONITOR (BOOT LOG) and screen shots for the below. Also attached a screen shot of event log details which shows before restarting of server! However it does not create memory dump file!
Thanks,ftp://ftp.nod.sk/support/EKHotels/
Anticipating your response as always \
Thank you and warm regards
-
2 hours ago, Marcos said:
Also we would like to ask you to generate a complete memory dump at the point when the malware is still running and is detected in memory.
Hello Marcos,
Please follow the link below as requested
-
6 minutes ago, Marcos said:
Please provide a Gmer log as well.
i will revert as requested as soon as possible
-
7 minutes ago, mayowa said:
Hello Marcos ,
Please follow the link below for the procmon log & ESET Log Collector log
ftp://ftp.nod.sk/support/EKOHOTELS/
Awaiting your swift response
We also noticed this in their malware notification alert
NEW NOTIFICATION
Malicious file Win32/Delf.TXX was detected on computer eko-itmgrsvr.ekohotels.com
Threat type: trojan
Threat name: Win32/Delf.TXX
Computer name: eko-itmgrsvr.ekohotels.com
Logged user:
Time of occurrence: 6/11/20, 8:36:27 AM UTC
Scanner: Startup scanner
Action performed: cleanedBut notification alert kept on coming after the action performed to be cleaned
-
On 6/10/2020 at 3:58 PM, Marcos said:
Is the trojan detected immediately after a computer restart, e.g. when you run an on-demand scanner of the operating memory?
If so, please provide a Procmon boot log. After a reboot stop logging only after the threat has been detected. With the Procmon log please provide also fresh ESET Log Collector logs. Also provide logs from Gmer.
I'd also recommend:
- Running a scan with ESET SysRescue to rule out the possibility that a rootkit is hiding malicious files. Delf.BTT seems to be rootkit-related.
- Temporarily disconnecting the machine from network to find out if the threat is detected even if the machine is isolated.Please do not delete any suspicious files without keeping a copy. We'll need them for perusal.
Hello Marcos ,
Please follow the link below for the procmon log & ESET Log Collector log
ftp://ftp.nod.sk/support/EKOHOTELS/
Awaiting your swift response
-
5 minutes ago, itman said:
There's another thread on this rootkit Trojan here: https://forum.eset.com/topic/22184-win32trojandownloaderdelfbtt/
OP got rid of it by moving the file to another directory. He then ran an Eset context scan on that file which deleted it and moved it to quarantine folder. The file can then be submitted to Eset from the quarantine folder.
Thank you for the response i will do as suggested
-
One of our servers with EFSW installed popup with a message that TROJAN detected and restart required to clean. After restart same error pop is encountered even when a policy from the management console '' maximum security '' is integrated to the AV (i.e in-depth scan and strict cleaning )
Please have a look at it and your earliest response is much appreciated
Attached is log for the servers
Work station disabled (EFDE)
in Encryption
Posted
Hello All,
We initiate a full disk encryption from the ESET management console and we waited over night for encryption to complete but when we try to access the laptop today we noticed the work station has a message on the screen "Work station disabled" hence the reason we had to escalate here , although we have read all the remedial steps on the help center and knowledge based both no topic is related to these issue stated
Kindly advise on a work around
Below is the issue experienced