Jump to content

kamiran.asia

Members
  • Content Count

    216
  • Joined

  • Last visited

  • Days Won

    1

kamiran.asia last won the day on January 7

kamiran.asia had the most liked content!

Profile Information

  • Gender
    Male
  • Location
    United Arab Emirates
  • Interests
    ESET Softwares

Recent Profile Visitors

3,290 profile views
  1. The Screenshot is for the system in our test system. in SQL server we just see that ESET block hxxp://dl.love-network.cc/SqlBase.exe it means that C:\ProgramFiles\MicrosoftSQLServer\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe are downloading hxxp://dl.love-network.cc/SqlBase.exe and ESET will block it. We are searching for the source of these commands.
  2. Dear @itman, There is no SQLCONN.EXE in that location, even we can't find sqlconn.exe in sysinspector log ( https://we.tl/t-OeSUn9AXTc ).
  3. Completely Correct and worked !! Special thanks to @itman
  4. As we analyze sqlBase.exe : it's a Trojan Downloader that install a coin-miner (SqlConn.exe) that ESET detect it as Win64/CoinMuner.FQ. But still we did not find how SQL Server run Download command !? No Job or Schedule task , ..
  5. Hi dears. We have problem with HIPS registry rules in services : We create a HIPS block rule to prevent modification in: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start But it seems that ESET can not apply HIPS registry rules in this address. it seems that any rule apply to HKEY_LOCAL_MACHINE\SYSTEM\ will not work. ESET Version : Endpoint Security 8.0.2028.0 - Windows 10
  6. Hi Dears. In these two weeks our support team find some SQL Servers infected with this problem : Many ESET FS Event log that show sqlservr.exe want to download hxxp://dl.love-network.cc/SqlBase.exe So ESET block it by webAccessProtection . info : Port 1433 was open on internet. ( We force customer to secure this port with vpn or ...) how can we find these command are run from to clean it manually ? This is the ESET Log Collector log : https://we.tl/t-OeSUn9AXTc
  7. Mistyping dear @itman , Clean installation mean : install ESET in normal mode after using uninstaller tool in safe mode. @Marcos Thanks dear marcos. We'll send it asap.
  8. Hi Dear @itman No, Windows 10 , Also ESET uninstaller tool was used to clean install.
  9. Hi Dears. We Have a problem in some system that ESET Drivers cloud not be installed and all modules is failed to start. (Non-Functional) Clean Installation in safe mode with uninstaller did not Help. What can we do for these cases ?
  10. Hi dear ESET Admins. We have this problem in a 20012 R2 Server , Clean installation not solve the problem ( Even with ESET Uninstaller in safe mode ) File Security 7.3 & 7.2 has the same issue. ESET Log Collector Log is attached. What can do for this problems ? Best regards. efsw_logs.zip
  11. AntiCryptor for Protecting Share Resources from being encrypted by infected clients in network. just Like what We have in some other AV-Vendors ! Application Control ( By hash / Certificate / Name )
  12. As our research till march 9 some web-shells just detect by 4 AV vendors : https://www.site-shot.com/sGwBrIESEeu_JQJCrBEABQ ESET 👌
  13. Does ESET protect me from the Hafnium zero-day exploit in Microsoft Exchange? https://support.eset.com/en/kb7855-does-eset-protect-me-from-hafnium Exchange servers under siege from at least 10 APT groups https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
  14. Thank you very much dear @Marcos. Our Customer again create a ticket ,mentioned your help and they are waiting for ESET response. I will inform you if they can not help them. Case #501795 - "Extended update support for EOLed products" has been created for you. ESET North America Technical Support.
×
×
  • Create New...