Ali Akbar

Hi @safety Thanks for the reply.Does it mean if we disable the Malwarebyte Protection and run ESET scan again will able to delete the !#_RESTORE_FILES_#!.INF ?

Hi Marcos, Thanks for the reply.The server has not infected by the Filecoder.BTCware,but ESET has detected it but unable to clean .... ESET has detected the file but unable to clean it.In other side,Malwarebyte has detected a malware name RiskWare.BitCoinMiner.Isn’t Win32/Filecoder.BTCWare (detected by ESET) and RiskWare.BitCoinMiner (detected by Malwarebytes) are same malware ?

Hi, One of our client’s server endpoint has detected Win32/Filecoder.BTCWare but unable to delete/clean it. Their server currently running two endpoint protection,ESET File Security and Malwarebytes.ESET has detected the file but unable to clean it.In other side,Malwarebyte has detected a malware name RiskWare.BitCoinMiner. Isn’t Win32/Filecoder.BTCWare (detected by ESET) and RiskWare.BitCoinMiner (detected by Malwarebytes) are same malware ? <RECORD> <COLUMN NAME="Time">23/01/2018 8:32:57 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\DOCUMENTS AND SETTINGS\PUBLIC\LIBRARIES\!#_RESTORE_FILES_#!.INF</COLUMN> <COLUMN NAME="Threat">Win32/Filecoder.BTCWare trojan</COLUMN> <COLUMN NAME="Action">unable to clean</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (F03B45E99A692E9492FDBBA0CF2D0C8440B26E79).</COLUMN> <COLUMN NAME="Hash">85B3E115935D14074AD9792E9C15CBD06C0351C5</COLUMN> <COLUMN NAME="First seen here">10/06/2017 4:56:51 AM</COLUMN> </RECORD> <RECORD> <COLUMN NAME="Time">23/01/2018 8:32:57 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\DOCUMENTS AND SETTINGS\PUBLIC\DOWNLOADS\!#_RESTORE_FILES_#!.INF</COLUMN> <COLUMN NAME="Threat">Win32/Filecoder.BTCWare trojan</COLUMN> <COLUMN NAME="Action">unable to clean</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (F03B45E99A692E9492FDBBA0CF2D0C8440B26E79).</COLUMN> <COLUMN NAME="Hash">85B3E115935D14074AD9792E9C15CBD06C0351C5</COLUMN> <COLUMN NAME="First seen here">10/06/2017 4:56:51 AM</COLUMN> </RECORD> logs.txt

I wonder does ESET Mail Security able to have: 1. Set policy email to delay email attachment that more than 2MB or something 2. Able to block sender’s list? 3. If attachment greater than 10MB, need to delete. Thank You

try to change filtering mode to Learning Mode and run the application, If both PC able to communicate,then change back to automatic mode and view the rules that created on learning mode.

Connection all ok include port 2222,2223 and 3128,Client are connected to the ERA servers

ERA IP address

Hi, Currently we are doing ESET POC for one of our client. The ERA server is connected to proxy for access to the internet. After configuring the proxy details in Servers Setting in ESET Remote Administrator, the ESET Repository able to work and create the all in one installer. We also had set the HTTP Proxy Policy for both product and Agent to the endpoint (ERA IP). Currently the endpoint is not receiving the update from the ERA Server. When we check in Apache HTTP Proxy folder for Cache, it was empty, didn’t store any cache for ESET Update file. My assumption here is the apache is listening to its own IP where by right its must be configured to client’s own proxy to connect to internet and download the update file. Is there any work around for this problem ERA Version 6.5 Endpoint : Version 6.6 Windows Server 2012

Currently I’m upgrading ERA from version 6.3 to 6.5.The task has been failed twice. From the log, this is the error :UpgradeInfrastructure: Task failed: Get File: Error reading HTTP response data (0x4e2a). May I know what is the reason for this error and solution for it ?

Currently I’m upgrading ERA from version 6.3 to 6.5.The task has been failed twice. From the log, this is the error :UpgradeInfrastructure: Task failed: Get File: Error reading HTTP response data (0x4e2a). May I know what is the reason for this error and solution for it ?