kamiran.asia

The Screenshot is for the system in our test system. in SQL server we just see that ESET block hxxp://dl.love-network.cc/SqlBase.exe it means that C:\ProgramFiles\MicrosoftSQLServer\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe are downloading hxxp://dl.love-network.cc/SqlBase.exe and ESET will block it. We are searching for the source of these commands.

Dear @itman, There is no SQLCONN.EXE in that location, even we can't find sqlconn.exe in sysinspector log ( https://we.tl/t-OeSUn9AXTc ).

Completely Correct and worked !! Special thanks to @itman

As we analyze sqlBase.exe : it's a Trojan Downloader that install a coin-miner (SqlConn.exe) that ESET detect it as Win64/CoinMuner.FQ. But still we did not find how SQL Server run Download command !? No Job or Schedule task , ..

Hi dears. We have problem with HIPS registry rules in services : We create a HIPS block rule to prevent modification in: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start But it seems that ESET can not apply HIPS registry rules in this address. it seems that any rule apply to HKEY_LOCAL_MACHINE\SYSTEM\ will not work. ESET Version : Endpoint Security 8.0.2028.0 - Windows 10

Hi Dears. In these two weeks our support team find some SQL Servers infected with this problem : Many ESET FS Event log that show sqlservr.exe want to download hxxp://dl.love-network.cc/SqlBase.exe So ESET block it by webAccessProtection . info : Port 1433 was open on internet. ( We force customer to secure this port with vpn or ...) how can we find these command are run from to clean it manually ? This is the ESET Log Collector log : https://we.tl/t-OeSUn9AXTc

Mistyping dear @itman , Clean installation mean : install ESET in normal mode after using uninstaller tool in safe mode. @Marcos Thanks dear marcos. We'll send it asap.

Hi Dear @itman No, Windows 10 , Also ESET uninstaller tool was used to clean install.

Hi Dears. We Have a problem in some system that ESET Drivers cloud not be installed and all modules is failed to start. (Non-Functional) Clean Installation in safe mode with uninstaller did not Help. What can we do for these cases ?

Hi dear ESET Admins. We have this problem in a 20012 R2 Server , Clean installation not solve the problem ( Even with ESET Uninstaller in safe mode ) File Security 7.3 & 7.2 has the same issue. ESET Log Collector Log is attached. What can do for this problems ? Best regards. efsw_logs.zip

AntiCryptor for Protecting Share Resources from being encrypted by infected clients in network. just Like what We have in some other AV-Vendors ! Application Control ( By hash / Certificate / Name )

As our research till march 9 some web-shells just detect by 4 AV vendors : https://www.site-shot.com/sGwBrIESEeu_JQJCrBEABQ ESET 👌

Does ESET protect me from the Hafnium zero-day exploit in Microsoft Exchange? https://support.eset.com/en/kb7855-does-eset-protect-me-from-hafnium Exchange servers under siege from at least 10 APT groups https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/

Thank you very much dear @Marcos. Our Customer again create a ticket ,mentioned your help and they are waiting for ESET response. I will inform you if they can not help them. Case #501795 - "Extended update support for EOLed products" has been created for you. ESET North America Technical Support.

Any update dear @Marcos about this topic ?