Jump to content

mtellefson

Members
  • Posts

    16
  • Joined

  • Last visited

About mtellefson

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Found out when he hooked up the new modem, he plugged his computer directly into the modem instead of the router. He is also buying a new router since his is about 8 years old.
  2. They did just get a new modem from the ISP which may have given them a new IP address.
  3. Obviously ESET is doing it's job. Should I do anything else to the computer or possibly have the ISP kick it to a new IP address?
  4. Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application path;Application;Hash;User;Signer;Package name;Service 10/13/2023 9:46:00 AM;Security vulnerability exploitation attempt;Blocked;107.170.254.8:42639;140.186.96.15:2096;TCP;EsetIpBlacklist.A;;;;;;; Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application path;Application;Hash;User;Signer;Package name;Service 10/13/2023 9:08:41 AM;Security vulnerability exploitation attempt;Blocked;58.65.153.246:53410;140.186.96.15:445;TCP;EsetIpBlacklist.A;System;System;;;;;
  5. Yes Huntress is installed as part of a detection package through our MSP I will check with our ESET provider about turning off the HIPS setting. It is locked in the policy. Where can I get the Network Protection Log? Or do you just want a copy of the information from the Detections screen?
  6. Time;Application;Operation;Target;Action;Rule;Additional information 10/13/2023 8:47:06 AM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET Security\egui.exe;Blocked;Self-Defense: Protect ekrn and egui processes;Unknown operation Time;Application;Operation;Target;Action;Rule;Additional information 10/13/2023 8:46:29 AM;C:\Program Files\Huntress\HuntressAgent.exe;Get access to another application;C:\Program Files\ESET\ESET Security\eguiProxy.exe;Blocked;Self-Defense: Protect ekrn and egui processes;Unknown operation,Unknown operation,Unknown operation,Unknown operation,Unknown operation Time;Application;Operation;Target;Action;Rule;Additional information 10/13/2023 8:42:10 AM;C:\Windows\System32\svchost.exe;Attempt to lock the file;C:\Program Files\ESET\ESET Security\SecurityProductInformation.ini;Blocked;Self-Defense: Protect ESET files;
  7. One of our users normally works in the office but has a computer to work from home. In the last 5 days, there have been 874 EsetIPBlacklist.A warnings from several different IP address trying to hit several different ports. Outside of scanning the computer for viruses and vulnerabilities, what can I do to kill these attacks?
  8. I was looking in computer management > Open Files this morning to see who had a particular file open and I saw that one user had over 300 folders "open". I confirmed with the user that they didn't have some extensive search or anything running that may cause this appearance. I refreshed the view and then all of those were gone and the same thing showed for a different user. Refreshed a while later and same thing for another user. Eventually it settled down and didn't seem to affect anything while it was happening. I do have real-time scans of network drives enabled. Could this cause this behavior?
  9. I received a handful of "Event occurred during an attempt to access the email" errors with the MSIL/GenKryptik.EXUD from the email application filter for one of our users. Does this mean he actually tried to open the attachment or that he opened the email?
  10. I have 3 different computers that have web protection warnings because Chrome is trying to access my.rtmark.net. One computer had 4 occurrences over 6 days and the other 2 each had two occurrences within the same day. How likely is it that they all clicked the same/similar bad links or fell for a link in an email? Should I be looking for some malware acting behind the scenes?
  11. We have an office in another country which we have recently sold. I want to remove the ESET licensing from the computers there but I am having trouble accessing the computers which makes me believe this switch over isn't going to be as friendly as I thought. If I delete them in the Security Manager, do they stop getting updates? Is there a better way to pull the plug?
  12. I should have explained a little better. This is happening on several computers. I set the exception through a policy that I applied to all computers. The log files are attached. ees_logs.zip
  13. I am in the process of upgrading from Eset version 5 to 7. We use Spiceworks to track inventory of all our computers so when it tries to contact any of the computers, ESET blocks it and records a TCP Port Scanning Attack. Originally I was receiving ARP Cach Poisoning Attack alerts from the same server and I created an IDS exception and they stopped. I added the TCP Port Scanning Attack exception in the same place and applied it to all computers but I still have the alerts showing up in the threats. Any ideas what I am missing?
×
×
  • Create New...