Peter Randziak

Hello @itman,
thank you for your submission, I contacted the lab and they decided to add the exe to detection as well Powershdll.exe - MSIL/Agent.SXW trojan
Peter

Thanks a mill Peter.
 

Please stop trolling and turning every question or user's issue against ESET. This topic is about the firewall which blocks inbound communication in case a rule doesn't exist for the communication and you again speak about it being a bug. Please stop doing that, trolling and ranting will not be tolerated. On the other hand, constructive feedback is always welcome.

Hello,
I am (was) running Cyber Security Pro 6.8.300 on El Capitan 10.11.6 (by choice), and looks like I'm kind of stuck with it since 6.9.x no longer supports El Capitan.
I was having the same issues with esets_proxy, sometimes spiking to above 100%, sometimes 200%, even 300%. The fan kept blowing. At first I thought it was my own fault because I use Chrome with way too many tabs, but that's how it is. But when i'd kill Chrome and any other open app, the fan would quiet down... but esets_proxy would remain fixed at a high number.
The impression it gave me was that there was something wrong with the high CPU utilization %. I don't believe the high spikes, I think there is something wrong with these figures, as if they would just accumulate on and on. The only way to get it back to normal was to kill esets_proxy.
I have now installed version 6.8.455 mentioned by Marcos higher up. Looking forward to see if the situation improves. Been a day now, and all is still running fine.

so back on PC today...
everything is working again.

Hello @itman,
the .exe itself is not malicious, it loads the .dll, which is being detected...
Peter

Hello @itman,
the .exe itself is not malicious, it loads the .dll, which is being detected...
Peter

It solved my problem. When will I know that I can delete the files?

The patch solves the issue for Windows10 2004 with ESET Endpoint Antivirus 5.0.2271.1.
Also RAM allocation and scan time looking way better (attached image).

It's enabled for newly created and modified by default which is enough. Moreover, web access, email protection, startup scanner and idle-state scanner have it enabled by default too.

Indeed ESMC 7.2 introduced mechanisms for throttling connections and received data -> its purpose is to limit load and prevent service exhaustion for temporary peaks, mostly detected during work time hours start. This change was definitely not supposed to increase number of pending logs, but during development, it was discovered that counters were previously not accurate, which might explain increase you are seeing.
Regarding performance, most crucial is performance of database, which is connected to performance of underlying storage. I would recommend to check whether storage performance is not hitting its limits. In case of cloud, I would recommend to check IOPS limits on storage and database.
Could you also provide number of managed / actively connected endpoints just for statistical purpose? We are interested in such numbers as it would enable us to adapt mentioned settings.

https://www.eset.com/us/about/contact/

Got it, Turns out I had made the change already. My memory just isn't what it used to be.
Getting old isn't fun at all, but it beats the alternative.
Thanks to both of you for your help.

Hi @ShaneDT Indeed, you are right, and I can assure you, that enabling automatic product updates, for both the endpoint clients, and the management environment (both cloud / on premise) is our uppermost priority. 

Hello,
If you bought the license from one of our official resellers, it is bound to the country the reseller is based in. If this is the case and you later moved to another country and would like to continue to use your license, please contact your local ESET office who can help you with that.
However, in case you bought the license from a grey market, we can't guarantee its functionality, as it was probably obtained somewhere else for a cheap price and then sold to you online by an entity not authorized to do so. In situations like this, we can only suggest to contact the reseller who you purchased from, ask for a refund and get the license from an official source, which can guarantee license validity and customer support.
Regards,
Tomas

There has been a few changes implemented in DNS servers that should possibly help with this case, as problematic data center should be used only as a fallback for connections from Germany.

Hello,
Our service provider is currently having issues with deliverability to certain email domains, yours included; they have raised an issue with their upstream email provider.
In the meantime, we apologize for the inconvenience.
Tomas

Do you have libappindicator1 installed?

Thanks Marcus and yes we're having a look at these various products at the moment.

All's well that ends well Since you are new to ESET, I would also like to inform you about our offerings that you might be interested in.
For small business and enterprise customers we offer additional cloud protection ESET Dynamic Threat Defense. In a nutshell, this is an extra paid service that enables ESET Security products to detect new, never-yet-seen threats by uploading files potentially carrying malware to the ESET EDTD cloud where we utilize 3 different machine learning models to evaluate the submitted file. Afterwards the sample is run through a full sandbox which simulates user behavior to trick anti-evasive techniques. Finally all clients within your organization receive information about the result of analysis, typically within 5 minutes since the file was submitted. Mail server products utilizing EDTD defer delivery of email until the result of analysis is received. You can also configure ESET to temporarily block files downloaded from the Internet or received by email until results of analysis are received. EDTD is also an additional protection layer against ransomware besides the Ransomware shield that is included in our security products by default.
EDTD doesn't require any additional software or hardware, just extension of the license if it's not already included in the pack. For more information, please read https://www.eset.com/int/business/dynamic-threat-defense/.
 
For enterprise users we offer ESET Enterprise Inspector which enables granular visibility and identification of anomalous behavior and breaches in your network, risk assessment, incident response, investigation and effective remediation. For more information, please read https://www.eset.com/int/business/enterprise-inspector/
Besides that we also offer products such as Full Disk Encryption, ESET Secure Authentication or EEI-related services ESET Threat Monitoring and ESET Threat Hunting.
If you have any questions, don't hesitate to ask.

Before we can deal with particular issues we need to learn about them first. While I noticed this issue about 2 days for the first time, it was more-less random and since nobody else has reported it here, I was trying to find the common pattern and troubleshoot it further. Now that we've learned that more of you have run into it as well, we have reported it to the forum provider to look into it and fix the issue.

I think this is resolved in just-released ESMC 7.2 where it look like this:

My bad... You can close the thread... I installed Endpoint Security in place of Endpoint Antivirus...
Was disturbed by a colleague while programming the upgrade and I chose bad product name.

I'm very sorry.  NOD 32 is not responsible for that BSoDs. I made a clean install and the problems stays. Thanks for your help. This thread can be closed.

The script uploaded to VT is the initiator script that will run the payload script that has been previously dropped here: C:\updatewins.js . As such, this JavaScript itself is not malicious; the script in the C:\ root directory is. Hence why no one on VT detects the initiator script.
Full analysis of this initiator script is here: https://www.hybrid-analysis.com/sample/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5?environmentId=120