[Win32/FileCoder.BTCWare]

16 hours ago, safety said:

This file (!#_RESTORE_FILES_#!.INF) can not be deleted by the ESET antivirus, because it was detected at the time of scanning the system in malwarebytes, so mbam blocked it.

 Hi @safety

Thanks for the reply.Does it mean if we disable the Malwarebyte Protection and run ESET scan again will able to delete the  !#_RESTORE_FILES_#!.INF ?

[Win32/FileCoder.BTCWare]

Hi Marcos,

 

Thanks for the reply.The server has not infected by the Filecoder.BTCware,but ESET has detected it but unable to clean ....

ESET has detected the file but unable to clean it.In other side,Malwarebyte has detected a malware name RiskWare.BitCoinMiner.
Isn’t Win32/Filecoder.BTCWare (detected by ESET) and RiskWare.BitCoinMiner (detected by Malwarebytes) are same malware ?

[Win32/FileCoder.BTCWare]

Hi,

One of our client’s server endpoint has detected Win32/Filecoder.BTCWare but unable to delete/clean it. Their server currently running two endpoint protection,ESET File Security and Malwarebytes.ESET has detected the file but unable to clean it.In other side,Malwarebyte has detected a malware name RiskWare.BitCoinMiner.
Isn’t Win32/Filecoder.BTCWare (detected by ESET) and RiskWare.BitCoinMiner (detected by Malwarebytes) are same malware ?

<RECORD>
      <COLUMN NAME="Time">23/01/2018 8:32:57 AM</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\DOCUMENTS AND SETTINGS\PUBLIC\LIBRARIES\!#_RESTORE_FILES_#!.INF</COLUMN>
      <COLUMN NAME="Threat">Win32/Filecoder.BTCWare trojan</COLUMN>
      <COLUMN NAME="Action">unable to clean</COLUMN>
      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (F03B45E99A692E9492FDBBA0CF2D0C8440B26E79).</COLUMN>
      <COLUMN NAME="Hash">85B3E115935D14074AD9792E9C15CBD06C0351C5</COLUMN>
      <COLUMN NAME="First seen here">10/06/2017 4:56:51 AM</COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Time">23/01/2018 8:32:57 AM</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\DOCUMENTS AND SETTINGS\PUBLIC\DOWNLOADS\!#_RESTORE_FILES_#!.INF</COLUMN>
      <COLUMN NAME="Threat">Win32/Filecoder.BTCWare trojan</COLUMN>
      <COLUMN NAME="Action">unable to clean</COLUMN>
      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (F03B45E99A692E9492FDBBA0CF2D0C8440B26E79).</COLUMN>
      <COLUMN NAME="Hash">85B3E115935D14074AD9792E9C15CBD06C0351C5</COLUMN>
      <COLUMN NAME="First seen here">10/06/2017 4:56:51 AM</COLUMN>
    </RECORD>

 

 

 

logs.txt

[ESET Mail Security Function]

I wonder does ESET Mail Security able to have:

1.       Set policy email to delay email attachment that more than 2MB or something

2.       Able to block sender’s list?

3.       If attachment greater than 10MB, need to delete.

 

Thank You

 

[ESET Firewall Blocking Local web application]

try to change filtering mode to Learning Mode and run the application,
If both PC able to communicate,then change back to automatic mode and view the rules that created on learning mode.

[Apache HTTP Proxy]

Connection all ok include port 2222,2223 and 3128,Client are connected to the ERA servers

[Apache HTTP Proxy]

ERA IP address

[Apache HTTP Proxy]

Hi,

Currently we are doing ESET POC for one of our client. The ERA server is connected to proxy for access to the internet. After configuring the proxy details in  Servers Setting in ESET Remote Administrator, the ESET Repository able to work and create the all in one installer. We also had set the HTTP Proxy Policy for both product and Agent to the endpoint (ERA IP). Currently the endpoint is not receiving the update from the ERA Server. When we check in Apache HTTP Proxy folder for Cache, it was empty, didn’t store any cache for ESET Update file. My assumption here is the apache is listening to its own IP where by right its must  be configured to client’s own proxy to connect to internet and download the update file. Is there any work around for this problem 

 

ERA Version 6.5
Endpoint : Version 6.6
Windows Server 2012

 

[ERA Upgrade Failed]

Currently I’m upgrading ERA from version 6.3 to 6.5.The task has been failed twice.

From the log, this is the error :UpgradeInfrastructure: Task failed: Get File: Error reading HTTP response data (0x4e2a).

May I know what is the reason for this error and solution for it ?

[ERA Upgrade Failed]

Currently I’m upgrading ERA from version 6.3 to 6.5.The task has been failed twice.

From the log, this is the error :UpgradeInfrastructure: Task failed: Get File: Error reading HTTP response data (0x4e2a).

May I know what is the reason for this error and solution for it ?