Jump to content

Tchenkko

Members
  • Posts

    14
  • Joined

  • Last visited

About Tchenkko

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    France
  1. I finally found the origin of the problem. In fact I have a user who opened an autocad file. But this file included a link to another reference file, stored on a network share prohibited for the user. ESET was intercepting 50+ attempts to access the directory as an SMB bruteforce attempt. And no luck, the user had IPv6 enabled, so I couldn't figure out which machine was messing up. So no trace of malware for now, but an improbable configuration... Thanks guys for your advice and your time. And have a good day !
  2. IPv6 was actived. I have disable it. After a few hours, same alert but with ipv4 adress. On my Server windows logs, i can see many entries on security events : Audit failure (event ID 4625) : NULL SID, user unknown or incorrect password, NtLmSsp
  3. How are you sure it is malware? I have checked the machine with Eset and Mbam, and nothing found.
  4. Thanks for your answer. What do you mean by U/P ? User/Pwd ? How to find the machine fe80::350:xxxxxxxxxxx ? It's an IPv6 adress, and i use only IPv4 adresses ?
  5. Hello, I have an Eset notification on a windows server this morning, about a "SMB.Attack.Bruteforce" : Event : Security vulnerability exploitation attempt Action : Blocked Source : [fe80::350:xxxxxxxxxxx]:60384 Target : [fe80::26e3xxxxxxxxxxx]:445 Protocol : TCP Rule : SMB.Attack.Bruteforce Application : System Do you have any idea what could be causing this alert? Thanks in advance. Regards
  6. Thanks for your answer. So this does not mean that I am infected but that these drivers present on my computer are vulnerable ? Right ? Why didn't ESET detect them before? Because they have been there since my computer was installed in 2020.....
  7. Hello, This morning, after installing ESET Endpoint Security update (10.1.2050), then after the reboot Eset detects 3 drivers as unsafe : And, during a scan with MBAM (no detections from MBAM), ESET detects 2 others drivers : Do you have any idea if these detections are valid or if they are false positives? These appear to be drivers to turn on the RAM sticks on the motherboard and other communication drivers with the motherboard. Thanks in advance for your help. Regards.
  8. so, if I removed these drivers, I can sleep easy for now about this detection?
  9. Thanks Marcos for your answer. So, it's not because i have that alert than i am infected ? Why the detection occurs only this morning ? I have uninstalled all the EaseUS applications. I don't know why the driver is not detect on my other computer.
  10. Hello, This morning, Eset Enpoint (version 9) detects that on my computer : C:\Windows\System32\drivers\eudskacs.sys ; Win64/EaseUS.A potentially unsafe application;Error while cleaning (Access Denied);An event occurred while the application was trying to access the file: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Windows\explorer.exe (54B1C42B69DDD43C32529B13CDEB210C940E744F).;D97B8E73B65974255C4F91B2BEF2B0A1C046F0D6;01/09/2020 13:44:23 When i scan the file "eudskacs.sys" with virustotal, no detection. And when i scan the file with same Eset product on an other PC, no detection..... Is there a false detection ? Thanks in advance for help.
  11. Seems to work since 15 minutes, an issue from the ISP DNS with US websites and gaming websites. I have the Google DNS. Thanks for help.
  12. Fiber link and 4G connection was on the same ISP. I have tried with an other ISP, it works.... So it's an issue with my my main ISP .... What to do ?
  13. I have tried with a fiber link and with a 4G connection (smartphone), same problem.
  14. Hi folks, Seems that the website "https://www.eset.com" is down (here in France), since 2 hour. Same issue for the Eset product updates.... Could you test from other locations ? Thanks in advance. Regards.
×
×
  • Create New...