Persona1986

Hi Marcos, It's mostly autorun.inf files, which I've submitted to eset before. How do I manually delete the quarantine files? Kind Regards, Werner

Hi Jeremyf, We had the same issue a month ago. It first started with a user, then before I realized what was happening, it has spread to our main file server. There were only 5 out of 1000 machines affected, but like I mentioned before one of those was our file server. The worst possible machine to be hit. Our problem is that everyone makes use of mapped drives on our network, I'm assuming that's how it spreads. Where it originated from? I don't know. It didn't affect all our files on the server, but all the files that were encrypted, were encrypted at the exact time and date. Every directory had the HOW_TO_DECRYPT.txt and HOW_TO_DECRYPT.html files in, but not every applicable file was encrypted. All of them were encrypted on a Saturday, I only responded the Monday. So why did it stop? Why didn't it spread to all the other machines on the network, and why did it only encrypt some files, instead of all? These are the questions that bothered me most. I blocked all external websites on my firewall, and users could only access sites that are on the allow list. I'm too damn afraid to take this restriction away, despite the whole company rioting with torches and pitch forks in front of the IT department, cause I took their internet away... Smh. Most of our files I could recover from our backups, but we lost some very very important files right before a audit. Management insisted I pay the ransom to decrpyt those files, but I don't negotiate with terrorists. Besides, I do not want to draw more attention on the deep web. So far we haven't had any new problems. I don't know if it's because no one can get to dodgy sites, or because I loaded eset on all the machines. I just hope it will become a priority to track and prosecute these cyber criminals before it becomes a major trend. Kind Regards

Hi, Our main file server has about 60000 files in quarantine, and when I try to delete them from the ESET GUI my server hangs, which is very very bad for business. Even when I delete files in batches of ten, it hangs for about 3 minutes before ESET responds and doing it like that will take forever. Last night I uninstalled ESET, and reinstalled it, however all my quarantine files are back! (Dated from last month). My question is, can I delete quarantine files manually from windows? Kind Regards.

Hi Marcos, Thanks a lot for your prompt response! I've sent you a PM, hopefully we can get to the bottom of this

Hello everyone, This will be a long post but I will add a TL;DR version at the bottom. We've got 1048 PC's that we've recently bought ESET Endpoint Security licenses for, we're upgrading from Symantec Endpoint Protection. So after we installed about 400 machines, we realized the machines were getting really slow, hanging, getting bluescreens, and the HDD light is constantly burning / processes running very high. I immediately contact our local South African Eset helpdesk, and they told me to install the new version EES 5.0.2228.1 up from 5.0.2225.0. The remote upgrade didn't work, so I had to start all over again (we don't have an Active Directory, so we install it manually). This made things even worse, PC's with the 5.0.2228.1 version were worse off than before. We already established it wasn't a driver issue. Windows updates were done, all AV updates were done, nothing helps. We took a machine and formatted it completely and just loaded ESET and it still gives intermittent bluescreens. It's not every machine that does that, only about 50 so far. But that's 50 angry people who can't work... I've captured memory.dmp files, even though sometimes they don't leave any memory.dmp files behind, I run DumpConfigurator.hta and simulate a BSOD and then collect the memory.dmp file. I've submitted it to ESET HQ, but they haven't responded yet. The only way I can get the machines to function normally again, is to uninstall ESET. When the processes runs high, and the hard drive light is constantly on, I disable ESET's real-time protection and firewall, and the whole machine goes back to idle. The BSOD error and STOP code I get looks like the follow: Kernel_Data_Inpage_Error Stop: 0x0000007A (0xX0418680, 0xC000000E, 0x232F6860, 0x830D0160) Please, I really don't know what to do anymore. TL;DR We've installed ESET on 400+ machines and getting freezing, hanging blue screen of deaths as a result. Only thing that solves it is removing ESET. See BSOD message above. Any help would be appreciated!

Thank you very much. Resolved.

Hi there Marcos, Thanks for your reply. I'm not certain how to setup the rule on ERA because I've setup a policy and it doesn't seem to work. Can you explain how do I set up this rule to allow ports 5900 and 5800 so that all the pc's will allow VNC? Or point me to some documentation that will explain how to do it? Kind Regards W

Hi Guys, I'm running ESET end point protection along with the ESET remote administrator. I've now installed the client on 5 machines and the server is picking them up. Problem is ESET is blocking all VNC connections. I've tried setting up a policy to allow VNC on port 5900 (default port) but it's not working. Please help, how do I exclude Ultra VNC running on port 5900 and 5800? Kind Regards, Werner Marx

Hi all, Werner here from South Africa. Recently got Eset End Point Security for my company. Busy deploying on 1000+ machines at the moment, and while I can say it's not been the easiest install, it sure is effective. Looking to learn a lot on these forums. Kind Regards, Werner Marx