comunic

Hi all, We manage about 850 devices on our ER6. We have a large panel of windows OS from XP to 10 and from 2003 to 2012 R2. Now we are facing a big issue, about 10% of the agents haven't joined the console since weeks, mounths... Ok some computers are quite never powered, some others are dead. But we realise that most of those 10% never joins the console because agent is totally out of service and we have to reinstall it manully ! It seems that the push update of the agent (we start with 6.3 and update to 6.4) breaks many agents ! I am very affraid about that !! have you got some similar experience ?!

Hello, i have a noticed that the WEB AND EMAIL MODULE is not installed when push install EFS to a server with an ERA software installation task, which is VERY anoying for RDS servers. Even it is actived on my policy, the module not appears... What can i do ?! thank's for reply.

hi, yep the kb is applied, exept the network drive analyse (useless in that case anyway) fortunately i was able to restore the complete VMs with veeam, but i whish i could avoid that ! i already push an applocker policy on exe files but it seems to be a dll this time !

Well, thank you for repling ! the only things different with the kb is that i disable network drive scan. I think this whould have not help me in this case because the crypto was executed on an rds session and encrypt everthing on the network (every shared folder) without being mapped as a network drive. @gonzalo : if i could prevent users clicking on a big message like "just click here to encrypt all my files" i would do it

hi all i am very disapointed of the ransomware protection on my RDS servers with EFS 6.4 and maximum security ERA6 profile. it's been 6 times the same client have about 650gb on 3 VMS totally crypted, and eset doesn't do anything ! On the attachement, you can see that eset detect the responsible DLL but it simply unable to stop it (reboot is required to clean the threat...), which is impossible to manage on a RDS server ! What can we do to improve the efficiency against this ?! thank's for your replies.

it seems to be a windows issue : https://support.microsoft.com/en-us/kb/3179574

i think it's not java but the ask toolbar which is stoped but the eset anti PUA

hi, following the previous bug report, it is also impossible to delete static groups on triggers... when i select a group, and clic delete group, nothing happens. i have to delete all the trigger and recreate it.

it seems that this piece of S**** was the responsible, for my part : hxxp://www.virusradar.com/en/threat_encyclopaedia/graph/344004 Interesting to see that eset published an update to block it the 10th and my client was infected the 11th !

Hi, i mentionned EFSW because it is an RDS 2008 R2 server ! So the malware ran directly on the server. All the settings and fonctions are enabled and based on the maximum protection policy of ERA 6.4 ! I know that a user opened a word document received in outlook, lauching the crypto locker. i will PM you the log collector. thank's

Of course i always let HIPS with all its feature enabled, but i never seen antyhing on the hips log, and yesterday one of my client with EFS 6.3 open a zepto locker, encrypting about 50 000 files before eset block it. Sorry, but for me it is useless ! My goal is to improve the product, to but the more efficient it can.

Hi, i serioulsy considering deploy hips because it seems to be the "ultimate" solution against crypto. Following my experience, automatic mode is useless, it never stopped anything. The mode "smart" seems interresting, but is it more efficient ? Finally, the learning mode, is it really safe to deploy it ? i would be very interested to have some feedbacks !

Hi, i got a problem when i run shadow copies on servers, eset try to clean it, even with strict cleaning it is impossible, cf print creen. Is there a way to disable the analyse of the shadowcopies ? i try to make an exclusions of \DEVICE\* you think it will be ok ? thanks

Hi, everything is in the title, is there a way to clear the task history, it's not usefull to have hundreds of results of paste actions... thanks.

Hi, in fact no, i don't have this "all licences" view as it was in 6.3... i only have a list, and i don't see in 1 view all the state, as in the picture, i have to expand all the licences to find which are in alter status.