Nightowl

For sure it's best to keep WordPress updated to the latest version and also to stay away from unmaintained plugins or plugins that are barely updated or that doesn't have security focus And a firewall should help yes , but it's still a plugin , not as having a dedicated firewall for the server/website but that could be another story But for the best to keep everything up-to-date I found this : https://wpengine.com/resources/prevent-sql-injection-attack-wordpress/

Your website has something exploitable , could be plugins or the wordpress version itself , removing the code might not prevent them from re-injecting it.

These scam mails are just pathetic..

Don't expect the normal users to configure protected folders and be able to identify problems from the configurations and etc , still not using the protected folders options , still you need the AI of the AV to act upon it's intelligence not upon signatures or pre-defined rules. As 0-day attacks doesn't have signatures and will avoid these pre-defined known rules.

Well Microsoft never cease to amaze me That exe used here , or the Printer vulnerability that could allow the attacker to gain control over everything or this https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/ But still I also believe that security products we have lacks the power to identify a normal encryption/decryption process that is happening by the user , and an encryption that is taking the whole system down , security product should flag something when there is mass encryption that is seen suddenly and wasn't noticed by normal behaviour before. Since it was leaked by American agencies the ransomware variant , from that time till now , there is no stop for these and no prevention , unless you have the signature with your AV MSMPENG.EXE is trusted yet it's job not to encrypt and decrypt , yet it has done something very ugly and still wasn't detected because it was trusted? And microsoft has been signing malware as trusted. When normally there is a minimal encryption decryption on the user machine , then suddenly a ransomware comes and encrypts the whole machine , the ransomware protections should kick in , and ask the user if to continue that or not I believe that it's not possible these days to rely on signature based security products , we are not in 2006 anymore , all these hacks and ransoms happen because of a zero day vuln or an exploit , yet the security product just doesn't react , simply because it doesn't have a signature. What is the point of having an AV if it doesn't protect you in the critical time ? (I'm not talking about ESET , I talk generally).

If you click it , it sends you to virusradar website , but about why it got stuck I have no idea , but a restart for windows might help , I know you don't need that advice , but that's all in my mind.

I believe they are both safe , but ESET would be more safer. Normally malicious software will target Password Managers of Firefox and Chrome because normally that what everyone uses, ESET could be more protected against this type of attacks and more safer to use.

Try to clean the browser's data , like cache and stuff, you can also remove that JS manually by removing it from the folder path , or by running a scan ESET should pick it up and remove it And also try to refrain from using IE , Microsoft is killing that browser and soon will retire and go out.

Try to uninstall it manually following the steps here : https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool

KMS speaks to itself because the crack modified it to do so. Scanning your computer with PUA(Possibly Unwanted Applications) and Unsafe Applications settings enabled should pick up the crack for you and clear it.

I am sorry I don't work for ESET so I don't have accurate answers for you , but that's what I did for my servers , I installed Server Security 8 and it happened to me like you've said because it was a major upgrade from 7 to 8 it needed a restart as the Real Time Module wasn't able to run probably because it was upgraded In the settings for MicroPCU I have set it to ask me when the upgrade will happen , probably if the upgrade is small or minor hotfix , a restart most likely won't be needed and if it was needed it will wait for your restart but ESET will be able to function normal if I understand correctly. But for major upgrades nothing changed , it still needs the restart that it always needed.

Dont ignore your client VPN updates , sometimes they include important security fixes. Blocking their servers might also give your problems with VPN connectivity. Yet once you block it , for sure NordClient will try to find another server to check the updates from , as they would have several and not only one.

I believe MicroPCU was pushed with newer versions to minimize downtime for servers/endpoints that cannot be restarted frequently due to Updates , but still MicroPCU will require a restart after an upgrade that has upgraded important files for ESET Updating from 7.x to 8.x will require a Restart , as like you've said the Real Time Protection would be disabled till the server get restarted With MicroPCU , hotfixes and updates to the product itself can come without the need to restart the server like before which it needed a restart even if you installed a HOTFIX that fixed only 1 minor issue , with MicroPCU this shouldn't happen, but should be the same with major upgrades where restart will be needed.

Deluge and qBittorrent are open source alternatives that doesn't pack advertising or unwanted software with the installer You can find them in Google , ESET won't alarm you for these two.

I didn't know what caused them to be honest also.

It's still same ESMC but with a different name and a new version. About reverting back , I don't know an ESET Staff could help more in this , but you can backup the server incase something wrong happens.

The file is recreated upon clicking the email that is infected This is from ESET Hungaria : https://www.eset.hu/tamogatas/viruslabor/virusleirasok/aliz-a This is from Kaspersky post : https://threats.kaspersky.com/en/threat/Email-Worm.Win32.Aliz/ More in wikipedia: But as Maros asked , you are probably using an old operating system and it's possibly vulnerable to vulnerability that was talked about in both posts. Is it Windows XP?

An ESET Staff might have more knowledge than me about this situation.

I am having same trouble with MATE desktop , I believe MATE is like Cinnamon they aren't supported unfortunately If you switch to GNOME , the GUI will work normally , but I hate GNOME.

Here it's described how to configure HIPS to block Filecoder attempts : https://support.eset.com/en/kb6119-configure-hips-rules-for-eset-business-products-to-protect-against-ransomware

Maybe locking down the settings with a password can help? Or making ESET work without GUI as Terminal then the users won't even know that it's scanning.

What happens when you try to login to ESET Protect using Firefox? Can you access the same place using Firefox using HTTP like what happens with Edge?

Description : MATE Desktop support for Linux Endpoint GUI Detail : MATE is being used by several distributions including Ubuntu , if it's possible to have support for that Desktop for the GUI. Thanks.

If you have an infected PC in the network it will keep trying to spread to other computers in the Network You need to disconnect the infected PC and isolate it where you can fix it without being in a LAN that can lead to spreading of the malware to other places Check also your router/firewall if it needs to be updated if it's somehow compromised.

Damaged Archives can mean your hard drive is getting corrupted somehow Also a good dust build up on your CPU Cooler can throttle down the system if it's getting too hot.