-
Posts
27 -
Joined
-
Last visited
About mcrouse
-
Rank
Newbie
Profile Information
-
Location
USA
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
mcrouse changed their profile photo
-
mcrouse reacted to a post in a topic: "ESET LiveGrid is not accessible ... The credentials used to access ESET LiveGrid servers are not correct."
-
Outcast reacted to a post in a topic: "ESET LiveGrid is not accessible ... The credentials used to access ESET LiveGrid servers are not correct."
-
I'm getting a similar message on some of my endpoint security deployments except it says "web control not fully functional because of a license problem". The warnings come and go but it notifies the users each time so it's very annoying. It would be nice to get some sort of confirmation from ESET's end that they are having server issues so I don't waste my time trying to diagnose an issue I can't fix
-
I've noticed on the majority of my endpoints that had this detection that ESMC would show the file as being quarantined but when I went on the endpoint to check, there was nothing in the quarantine folder and the files were still in their original location. It appears that they were never quarantined even though ESMC was showing them as quarantined. I was also seeing error when cleaning ESET errors on the detections. And if I sent a restore from quarantine task it would fail
-
Question regarding Isolate computer from network task
mcrouse replied to mcrouse's topic in ESET Endpoint Products
To answer my own question, no it is not possible to end the isolation task for remote users. I had to uninstall and reinstall the client in order to get them back on our network via VPN -
Hi, I'm currently on ESET Endpoint Security 7.2. I've read the description of the isolate task from the documentation online and it states that it allows the following connections computer obtains an IP address •communication of ekrn.exe, ESET Management Agent, ESET Enterprise Inspector Agent •login to a domain This all makes sense to me. My question is how this would work for remote users who connect to our network via VPN. They would be able to receive the isolation task but would it be possible to end the task or would they be unable to reconnect to VPN to receive the end isolation task via the agent because the connection is being blocked? Thanks
-
Trickbot detection with ERAagent process
mcrouse replied to mcrouse's topic in Malware Finding and Cleaning
Ahh ok, I did not think to check that log and was going off of what was reported to the ESMC. Thanks for the heads up on that -
Trickbot detection with ERAagent process
mcrouse replied to mcrouse's topic in Malware Finding and Cleaning
Yeah, in a prior scan the following was detected and cleaned : file:///C:/eNNzmNj/wLrKvzZ/UQEZPGU.dll edit: It was not in the same folder but related to the initial infection I believe -
Trickbot detection with ERAagent process
mcrouse replied to mcrouse's topic in Malware Finding and Cleaning
Hey Marcos, tt doesn't exist/was deleted. There was also a DLL in that same folder which was deleted it looks like. That ArtPress task was deleted from the system scheduler. Thank you for taking a look at those logs. Based on the info provided and the fact that scans are no longer detecting anything, do think the issue has been remediated? or should I still reimage the machine? -
Trickbot detection with ERAagent process
mcrouse replied to mcrouse's topic in Malware Finding and Cleaning
Logs attached. It looks like the infection was caused by a freeware application called ArtPress that the user had downloaded. Checking the task scheduler today, I noticed a task set to run everytime the user logged on which I deleted. My most recent ESET scan showed 0 detections but hopefully someone can confirm via the logs ees_logs.zip -
Trickbot detection with ERAagent process
mcrouse replied to mcrouse's topic in Malware Finding and Cleaning
Good point, I checked the scheduled tasks and didn't see anything out of the ordinary. I'll be collecting logs and posting them tomorrow when the user is back in the office. In the meantime, the machine is isolated and off the network. Thanks guys! -
I had a workstation which was infected with Trickbot and Kryptik. ESET found and cleaned several items related to this including a malicious Kryptik DLL and .MGB file. It also remediated malicious svchost and wermgr.exe processes which is consistent with Trickbot IOC's. However, it is still detecting Trickbot in subsequent scans. It does not detect any malicious DLLs or processes anymore. Only a single file:/// from the ERAAgent process. The following is the detection detail: Hash Name Win64/TrickBot.BU Uniform Resource Identifier (URI) file:/// Process name C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe Is this just picking up some sort of artifact or is this a persistant threat that ESET is unable to clean. I'm about to image the machine but thought i'd check and see if this has been seen before. Thanks!
-
Thanks for the respons Kristian. I chatted with a support agent and they informed me that the All-in-one installer is on version 3.1.0.1 I'm not sure if that's just a mistake in naming or if it is a new version however
-
Hi, Starting on April 29th, I began getting a notification that a new encryption server version is available when I logged into the management console. I'm already on version 3.1 from earlier in the year. This new version is also labelled 3.1 and the release notes weren't updated since February. Is this really a new version that I should upgrade to or is the notification just an error?