JigneshC

Yes Itman, you are spared to learn and making up the policy for individual 200 individual cloud machines of multiple clients. if all things needs to be managed by windows why AV is required. Forgot that client information while activation is being taken not for notification, it is just for making renewal business as per you then. say slowly that it has defender, no need AV

Yes Peteyt, simply AV learns reads all logs of system. they just need to notify to the client on the contact details which they are taking at time of activation, so that time this could be prevented. no one is ready to take that catch here.

Marcos.. you play with ESET flag.. don't want to argue with you.. i know that you will not allow your flag down. let you play with flag on height and shout that it is not eset problem however am not here to convince that it is eset or rdp.. came to you for solution but as always vendors MNC is not there to understand. please reread what you found until you understand the problem. "Kid doesn't understand what is balance until they fall" Warn: "information and collected logs are not for to announce in public without written my permission, please don't do to make you correct"

Did i say anywhere that it is not RDP attack? why are you not seeing that only 2 system with ESET got mess not others?

No man.. my focus was on eset to make proper for future business by accepting single lose. but no they dont want to accept the problem that they didn't do any till 48 hrs. can't do more for them after being a victim from attacker.

That you say now to protect the reputation of ESET. Believe, then it will be useless to use ESET. Better to use NPAV / QH who atleast don't focus on blaming, they do recover the data if the mess happened in presence of their solution. No more words for you guys and can't do more put matters under your eyes to make some good.

it is very much secured marcos, that is why my all systems are not impacted. systems were impacted where eset was. other systems where other antivirus was and without antivirus including my server where these servers are hosted, are UP and RUNNING.

Marcos, my focus was always there on data recovery by eset if it was not able to protect me against bruteforce or password has been compromised when eset protection was enabled. Concern is after giving access of my infected machine and no solution after 3 days with my up and running live network which is in same network and not infected. we have to find the solution(however we did recover too without giving single bugs to attacker), that is PAINFUL as non security guys. this is not for story but yeah NPAV did in past for one the telly machine(of one of client of NPAV's reseller) where telly server had ransom attack and they gave all data back as it was before as they are taking backup by their AV. Please check if you don't trust.

PLEASE FIRST STOP YOURSELF FROM BLAMING ON RDP. RPD PASSWORD HAS NOT BEEN GIVEN BY CLIENT TO ATTACKER. WANT TO KNOW WHY ESET DIDN'T NOTIFY OF BRUTEFORCE PLEASE FOCUS ON AVOIDING IN FUTURE INSTEAD OF KEEP BLAMING ON RDP SINCE LAST 48 HRS WITHOUT SOLUTION OF DATARECOVERY.

Marcos, that is what we are making you understand and putting the matter under your eyes that if the file has been downloaded for bruteforce, run script break the admin password, disable all protection.. what ESET was doing till the time.. after this what happened, we all are aware. We want to know what it was doing till it Real-Time protection was enabled. Have given all full admin access with eset credential to your team and there is nothing after that as a result after 48Hrs and have to sit 4hrs to get solution along with folks of security(however i have eset the security organisation) which creates bad impression which was not in me. we have made him understood about the antivirus functions in market and their facility which are not well reputed as eset is, still they give facility to restore all the data withing 5-6Hrs. At other side we have given entire matching for approx. almost 2 days whenever they demanded with no time limit but no solution which is not good.

Please tell me what logs are needed Marcos? Tack#5D7883C6184D - Opened on 10th SEP -- Last demand of ORIGIN file from ESET(How can that be given if all data is damaged)

Hey Marcos, For RDP RDP is configured B/H firewall with port forwarding; WAF; AV; SSL all protections are in place. There are limitation for browsing too. Only IT technology; Microsoft; ESET; GMAIL are allowed For Logs, Logs are handed over by your tech from my machine by downloading log collector and that the who said that brute force happened. Hoping that there are any logs remained to check for you guys.

RDP does enabled in all cloud technology. Not sure why you guys are stick with RDP enabled stuff. LAZARUS is not something new invented it is there since more time and there are documentations on this. This is very strange to hear that you as an ESET are not aware about this. What eset was doing when some internal script was trying to break the password? Was that as a security application did try to NOTIFY to the contact details which you guys are taking while activating the product? Please don't say that brute force is not something which can't be identified by ANY Antivirus.

Hello infected parties, I did recover my data which got impact on same day when you guys faced problem. Am the one poor person, who was using ESET and where all the protection including admin password got change. At first attempt i did place request for ESET as they were the ONE who had admitted that there were approx. more then 5000 attempts(NOT SURE WHAT ESET as AN ANTIVIRUS WAS DOING AGAINST BRUTE FORCE ATTACK) to break the security. Still was looking forward to them to get my client's data back but unfortunately they were looking for impacted file and fresh file to check what is the mess. Still considered the demand and forwarded the demand of them to my client by being just as a mediator as i placed trust on ESET to keep my infra secure. i did recover almost all data and decided to hand it over to my clients by making NO WORRY about the response from them for future business. Have recovered the files with very minor change and OLD data as we had before without any wasting time in investigation and playing with victim and origin data(main stuff really client will believe you now for giving valued data AGAIN?). Seriously having question that if as ordinary business man, if i get the data back WHY ESET can't do as a security organisation and they need SAMPLES?

Hello Eset team, it is very glad that you are protecting the company reputation. you are saying that eset protection was stopped but didn't say that how does it got stop? Did client contact to Hacker and welcome them to mess the machine? you are very well aware if you are aware about security infra that password can't be hacked or cracked without any automated script which break the security and give the access Please don't try to protect eset reputation by telling that it happened due to opened RDP connection if that the case NO CLOUD solution was supposed to be in place of IT. There are N number of datacenters in IT and there are not being used locally... All are being used by RDP ONLY After having ESET if the computer is being compromised and after having root level access, it is really the place where eset has to improve their security or backup system where they keep their own backup technology as others are having(please don't tell that others don't do)