kamiran.asia

We are waiting for your update.

I send it via PM dear macros.

Hi dears We Have problem with one of our servers. We have an offline server that Real Time module suddenly change to not functional status , Re-installation in clean mode with ESET Uninstall tool from safe mode not solve the Issue. Upgrading to latest version not solve the issue. * ESET Log collector file is created from that server.

Ok we will send pair file to samples, Thank you.

Hi All , Wish u Nice Time . Here is 3 Files that are Printer Drivers that infected with Win32/Parite.B virus : https://we.tl/t-zVcpNWHi9n Log D:\Inprogress\Cleaning\Software\Software\BT101_SR4_2961_UL_Honeywell.exe - Win32/Parite.B virus - cleaned BT101_SR4_2961_UL_Honeywell.exe Size is 180 Mb , After Cleaning 1.41 MB 😐 Same for 3 other infected exe files , We Try cleaning by Other Vendor and the result is Clean file with 180 MB Size. It seems that there is a problem in cleaner module.

thank you @itman I forward your useful post to our support team.

Yes a 0-Day malware ! A Service with a Dll injector "FunctionRPCHelper.dll" that inject svchost.exe 😎

It seems that our company support team detect the source injector of this infection and by Fast detection of ESET Lab the problem is solved now. Detection rate at This time is 2/69 https://www.virustotal.com/gui/file/7bb2038642bb918081c55b19287731b4c30d62e1d1e67eff6d11ccd46ab7b331/detection

We are working on these infection cases. in This Case EFS V7.0 is installed and no network attach is detected after upgrading to V7. MS17-010 Patched are installed. @itman is right we also think that an autorun or script is infecting svchost.exe .

Yes we patched the servers and clients but problem is still persist, Even we block all incoming 445 and 139 ports to prevent trojan spreading . after startup eset detect vools trojan in svchost.exe in operating memory and ask for restart for cleaning, after restart again this loop will happen over and over.

Hi dears, Many Of our customers are infected by Win64.Vools.L today !!! We know that Patch MS1701 is not installed and it will spread via this security hole. But in this situation that Servers and Clients are infected what is the best solution ? We find these problems in Endpoint Antivirus and File Security versions.

Ok but in thease 3 days V6.6 mirror and V7 mirror size is not the same ! V7 mirror with Mirror tools or AV is 1.2 GB V6.6 is 890 MB ! is it normal ?

Hi dears, In last 3 days mirror update Size of V7 increase to 1.2 GB but in 6.6 Version it is about 800 MB, Both of them have DLL and NUP Is it a technical problem or a changes in v7 Mirror system ? And is there any option in future to disable NUP Mirroring , When all versions are 7+. (I mean in large network that we do not use apache http)

Hi dears. One of our Servers's Agent could not obtain HW fingerprint with this error and it can not connect to ESMC : 2019-03-05 08:08:55 Error: AuthenticationModule [Thread 1114]: DeviceEnrollmentCommand execution failed with: HW fingerprint could not be obtained. 2019-03-05 08:08:55 Warning: CReplicationModule [Thread f5c]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet) 2019-03-05 08:08:55 Error: CReplicationModule [Thread f5c]: InitializeConnection: Initiating replication connection to 'host: "192.168.140.9" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time 2019-03-05 08:08:55 Warning: CReplicationModule [Thread f5c]: InitializeConnection: Not possible to establish any connection (Attempts: 1) 2019-03-05 08:08:55 Error: CReplicationModule [Thread f5c]: InitializeFailOverScenario: Skipping fail-over scenario (missing last success replication link data) 2019-03-05 08:08:55 Error: CReplicationModule [Thread f5c]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "192.168.140.9" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in timeReplication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.168.140.9:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 00000000-0000-0000-0000-000000000000, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] 2019-03-05 08:08:55 Error: AuthenticationModule [Thread 1114]: DeviceEnrollmentCommand execution failed with: HW fingerprint could not be obtained. 2019-03-05 08:08:55 Warning: CReplicationModule [Thread f5c]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet) 2019-03-05 08:09:00 Error: CSystemConnectorModule [Thread 1168]: CWbemServices: Could not connect. Error code = 0x80070422 2019-03-05 08:09:10 Error: CSystemConnectorModule [Thread 1168]: CWbemServices: Could not connect. Error code = 0x80070422 What is the solution ?

Marcos , Perfect as Always

Hi dears, We find that tmp files that is related to EKRN is generating in large size lacated C:\windows\temp When realtime Protection is disabled , we can delete these files. After one month we have over 800 GB of these files in Temp that we delete it manually. But These two tmp files deleted just when AV is paused. ESET Log Collector Reprt : https://wetransfer.com/downloads/b38b6e8c69b5f603d6c870ec4e8cf02520181229110903/600f969d657b55244a06a72aa948247e20181229110903/bad081?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email What are these tmp files and how can we prevent them to busy storage ?

Any Idea dear ESET admins ?

We find these log from ESET Log Collector from Events : "Entry" = "\??\C:\Users\INSTRU~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver." 27/12/2018 06:57:29 ; "Entry" = "Faulting application name: egui.exe, version: 10.4.318.2, time stamp: 0x5b489f1b Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295 Exception code: 0xc0000374 Fault offset: 0x00000000000bffc2 Faulting process id: 0x12dc Faulting application start time: 0x01d49db37faa6bac Faulting application path: C:\Program Files\ESET\ESET Security\egui.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: c1d8a799-09a6-11e9-89b6-5435302b09e4" 27/12/2018 07:12:24 ;

Hi Dears, In one of our projects we have this problem that after installation Endpoint Security , EGUI crashed and closed on startup. We check the System for malware with online scanner and it was clean. The ESET Log Collector and Dump of EGUI.exe : https://wetransfer.com/downloads/3a560f236710a5f30b6c023f2132865320181227072816/39cf258348f8d9feb550fb81dc88d07e20181227072816/aede07

We did not test this case, Our Customer want to enable it remotely because they have over 100 Seats and they can't enable it manually.

Hi dears. in This project we Have Outlook 2016 + Endpoint Security and for Enabling AntiSpam We must enable ESET Add-in. Is there any way that User enable it from AD or other solution ?

Any Idea ?

Yes,The problem is same even by reinstalling agent.

It does not help. There is just one Server in network that has this problem all other 100 PCs work find.

Any Solutions ?