[JS/Mindspark.G]

12 hours ago, Marcos said:

JS/Mindspark is a potentially unwanted application and since it was detected, detection of PUA should be enabled on the machine.

MBAM often detects even benign registry values created by malware or PUAs. In order to tell if the objects detected by MBAM are actually subject to detection, please supply the content of MBAM's quarantine (C:\ProgramData\Malwarebytes\MBAMService\Quarantine) to samples[at]eset.com along with a link to this topic.

Hi Marcos,

I've removed all extensions in chrome on the client and cleared cache as per the article you sent yesterday, so far no notification after opening chrome.

If the notification comes back i will proceed with the second part of the article by disabling the extension sync option.

I have already uninstalled MBAM on the client and deleted the infected files from Quarantine.

[JS/Mindspark.G]

12 hours ago, itman said:

Make sure you Potentially Unsafe Applications set to at least Balanced level per below screen shot. By default, those settings are set to Off. Potentially Unwanted Applications should be set to default Aggressive setting.

Also on your client devices, ensure that browsers are not configured to automatically allow extensions/add-ons to be added.

Hi itman, Potentially Unsafe Applications was set to Balanced Level. I have now edit the policy to Aggressive level on all counts for the Detection Engine on all my clients using SMC. See below.

 

[JS/Mindspark.G]

Marcos, i will try disabling the extension sync if i receive the notifications again.

However this does not explain why ESET did not detect the infected files that Malwarebytes did - can you give some clarity on this?

[JS/Mindspark.G]

I'm using SMC and ESET Endpoint Antivirus Version: 7.3.2044.0 on my clients.

I have been receiving constant Potential Unwanted Application notification on a specific client notifying that the HTTP filter scanner terminated a connection. Its always three notification in a row everyday for the past few weeks.

I've ran Scan With Cleaning on that specific client twice now and the scan did not pick up any infected file. However the next day I again receive the same notifications as per above.

I finally decided to download Malwarebytes and run a scan on the problematic client, after the scan Malwarebytes found 104 infected files which I then paid a license to have them Quarantined and after delete the files.

Please advise why ESET is unable to find the infected files, yet it can notify me that it is blocking traffic?

I'm using ESET as protection on over 50 Clients. This is a real concern to my company if ESET is unable to deliver the level of protection we expect.

[ESET Management Agent - Update]

Marcos, can you send me a guide on sending ESMC component upgrade task to clients.

[ESET Management Agent - Update]

Unable to uppdate ESET Management Agent 7.1.717.0 - error No ESET products that can be updated automatically have been found.

Can someone advise on how to update the agents from the ESMC?

I'm running:

ESET Security Management Center (Server), Version 7.2 (7.2.1278.0)
ESET Security Management Center (Web Console), Version 7.2 (7.2.230.0) 

[Malware found in emails]

Hi Marcos,

Thank you for the prompt reply.

I have filtered through the client inbox vie web interface but could not find the offending email.

I believe ESET deleted the email the first time. It is just an eye sore and worry some to see the same logs repeating itself over and over again on a daily basis.

[Malware found in emails]

I have ESET ENDPOINT 7.3.2039.0 running on my clients managed by ESET SECURITY MANAGEMENT CENTER 7.2

A Trojan was detected in one of my clients Email(Outlook 2013) 8 days ago.

In the DETECTIONS logs, for the past 8 days there are logs that shows the infected file was deleted and another log that shows the infected file was retained.

These two logs has been logged repeatedly for the past 8 days multiple times a day.

Why is it that ESET is logging back that the infected files has bee deleted/retained yet it still sees the file re-log that it has been deleted/retained
- this goes to say that the infected file is still present on the client.

I ran an In-Depth Scan with Cleaning yesterday and no infected file was found.

i have attached the Scan result and the detection log for reference.

Kindly advise what next step i should be looking at?

 

 

[JS/CoinMiner.BF trojan]

Hi Rami,

Thank you for your reply.

I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider.

However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat.

 

Any advise what tools i can use to remove the trojan from the client?

[JS/CoinMiner.BF trojan]

Hi all,

 

The threat JS/CoinMiner.BF trojan keeps appearing in my threat logs on ESET Remote Administrator Console. Action taken by ESET is "connection terminated". This is happening again after i did a fresh windows install on the client. i can see that the trojan is being detected when the client is accessing a network printer as well.

Can anyone please advise how to remove the JS/CoinMiner.BF trojan