MrWrighty

Since upgrading to V6.0.24.5, Outlook 2011 crashes every single time. This as you can imagine is a major issue as I cannot collect my business emails. I have tried disabling email realtime protection but the problem still exists. Urgent help required.

I am confused as I have the same policy for all clients, both XP 32bit and Windows 7 64Bit. I have a policy set up that is rolled out to each client. The policy has all realtime protection features enabled. When I look at the local XP machine settings Scan on file open and Scan on File Execution are set to No but on the Windows 7 Machines is set to Yes. In ERA when I check the configuration via ERA it says Scan on File open No and Scan on file Execution No. Why is the configuration view not reflecting the actual settings on the machine.

OK when downloading the cloudcar file I was presented with a warning about the file having not been downloaded much and could be harmful. It did let me download and save the file. I also tried the same file on a standalone V5 Installation and it correctly quarantined the file. All machines have Realtime file system protection on, web access protection on and email client protection on, controlled by profiles from ERA. The MalwareBytes log is below, I have replaced the users folder with xxxxxxx for security. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 18/08/2015 Scan Time: 14:11:36 Logfile: MBAW.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.18.04 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Cancelled Objects Scanned: 38136 Time Elapsed: 4 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 Trojan.TeslaCrypt, C:\Documents and Settings\xxxxxxxxxxx\Application Data\vcwnpd.exe, 3100, Delete-on-Reboot, [da72cb3f42496dc900bf6bf353ade21e] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 Trojan.TeslaCrypt, HKU\S-1-5-21-3856658756-1690372353-575384576-1163\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSCONFIG, C:\Documents and Settings\xxxxxxxxxx\Application Data\vcwnpd.exe, Quarantined, [da72cb3f42496dc900bf6bf353ade21e] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.TeslaCrypt, C:\Documents and Settings\xxxxxxxxxx\Application Data\vcwnpd.exe, Delete-on-Reboot, [da72cb3f42496dc900bf6bf353ade21e], Physical Sectors: 0 (No malicious items detected) (end)

I haven't tried but I used Malware Bytes to remove it so I guess it is now gone. My concern is why Eset missed the file and did not attempt to stop it running and delete the file, surely that is what it is supposed to do. According to Eset they have never ever missed an Out in the Wild virus so what happened.

Hi We have just been hit by the CryptoWall/CryptoLocker virus. We are running Version 5 managed from the Remote Admin Console and fully updated with the latest signatures. ESET did highlight and delete the some of the encryption html/txt files, but the PC that was infected did end up with encrypted files ending in .aaa. Thankfully I was informed quickly and was able to stop it spreading to the network shares. An Exe file was found lurking in the users Temporary Internet folder. The Exe file with a random name such as wnpwfxred.exe was happily running in the background and Eset had not picked it up or attempted to kill the process. Eset had only deleted the html files/txt files containing some encryption coding. I had to run MalwareBytes in order to remove the offending file as it had stopped Task Manager from running so I could not search for the offending file and kill the process myself.

Are you sure it is McAfee Antivirus it could be their cloud storage/backup solution which it a separate product but comes bundled on a lot of new PC's/Laptops.

XProtect tends to be reactive and not very good when you need proactive protection. NOD32 uses a very small footprint, mine runs in about 30MB of RAM with little impact on the CPU. Unfortunately ERA is not available for MAC which is a shame, but each local client has statistics logged locally but not excessive. You can view the statistics and log files very easily.

In the policy manager, you can specify both the server update url and the username and password for the clients. Create a new policy that is applied to laptops only, that includes both settings. If the server cannot be contacted the the local username and password should be used.

Windows 8 on your laptop has probably come with a trial of Norton or McAfee. As you have realised, you should not run more than one AV system on the same computer as they will fight each other. Go to programs and features and remove any trials of AV first including Microsoft Security Essentials if it is installed before re-activating NOD32

Hi I have just installed Yosemite Backup Server on a PC running ESET Endpoint Protection V5. The file in question is ytwinsdr.exe. Eset thinks this file is infected with ScrInject.B.Gen Virus and also Obfuscated.F potentially unwanted application. I have for now excluded the Baracuda/Yosemite folder from any realtime scanning,.

As far as I can tell, it was an email that supposedly contained a voicemail which was zipped, then the user clicked on the content thinking they were going to listen to a voicemail but instead ran the exe. I have implemented the Group Policy Exe lockdown as suggested by Arakasi to see if that helps.

Hi All thanks for the update We have a current subscription and our Virus signatures are updated 3 or 4 times a day. Marcos, the damage I believe happen on Friday last week so yesterday would have been too late. We Have Eset Endpoint AV on the clients and Eset Endpoint File Server Security on our SBS2011 server and our Server 2003 SQL Server. The treat came via an email through Outlook 2010. Outlook has the Eset plugin installed and running, and Eset. Arakasi, what is this version 7 you mention, Eset only goes to 5.0.2214

One of our users opened an email supposedly containing a voicemail but was in fact and executable. He says it did not run it, but this morning a different user was unable to open a range of .doc and .xls files in a mapped drive. I managed to restore the folder from a shadow copy. It turns out that the original user had unleashed CyrptoLocker on the network and a random named bitmap I found on his desktop informed me of what had happened. His laptop has had a large number of malicious hits and Eset has picked them up, but I am concerned as to how easy it was for this CrtyptoLocker to run and effectively avoid detection. The Laptop is running version 5.0.2126 of Eset AntiVirus

Hi Sorry to jump on your thread, but do you have a solution to this. We too are experiencing slow backups and have File Security for Windows Servers installed. I have unticked the Scan all files option in Realtime protection>Extensions to see if that helps. Do you have any more info on this.