Jump to content

j-gray

Members
  • Content Count

    328
  • Joined

  • Last visited

  • Days Won

    4

j-gray last won the day on May 31 2019

j-gray had the most liked content!

Profile Information

  • Location
    USA

Recent Profile Visitors

2,624 profile views
  1. I also tried the task by going to client details, then 'Installed Applications'. I selected CCleaner from the list of applications, then clicked the 'Uninstall' button. That gave the following error: "SoftwareUninstallation: No applications matching name 'CCleaner' were found" Despite the application being installed and being selectable as an application, it does not run. I also tried the software uninstall client task, but CCleaner does not appear in the list of applications to select. Pretty frustrating...
  2. I'm going to guess that it's a permissions issue. On my test system, the task runs successfully and uninstall is successful using the command below: Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S On any other system (all are Win10), while the task runs successfully, the uninstall does not start and the ra-run-command batch file remains in C:\Windows\Temp. Any suggestions on how to get this simple task to run?
  3. Regarding working directory, I put quotes around it and it failed. This is counterintuitive, as at a command prompt, it will fail without quotes due to the space in the path.
  4. Using the first option (command line to run and working directory both populated), I see the following in a batch file that is left in C:\Windows\Temp: uninst.exe /S del C:\Windows\TEMP\ra-run-command-92b883c9-c357-4610-9ecb-62cfa0e9f907.bat The second line is obviously failing as the batch file is still in the directory. I'm assuming based on the command that it's not referencing the working directory?
  5. This should be simple, but I'm having no luck. Task runs successfully but nothing happens on the clients. At the command line, this works perfectly: "C:\Program Files\CCleaner\uninst.exe"/S I have the task set as follows: Command line to run: uninst.exe /S Working directory: C:\Program Files\CCleaner I also tried the following: Command line to run: "C:\Program Files\CCleaner\uninst.exe"/S Either version runs successfully but does nothing. Does the 'working directory' require quotes due to space in the path? I don't believe anything is being logged...
  6. Appears to be profile related; if I scan under my account (domain admin) it does not log anything. If I log in as local admin, it logs the scan(s). Since that scan did not appear in the logs, is there any other way I can tell what the 10 detections were?
  7. I installed ESET and the initial scan started, completed, and was logged. I then ran a scan on the data drive. It completed and shows 10 detections. However, when I click on the 'Show log' link, the second scan does not appear, only the initial scan. Why is only one scan logged and how can I view the detections that were supposedly cleaned?
  8. Agreed. Hence my concerns. I believe something must have changed with the recent upgrades, as everything had been getting remediated properly. No policies have been changed, but ESET is no longer remediating much of anything. Sk8r is classified as a PUP, so potentially forgivable. It's the items flagged as trojans and malware applications that are being retained that are more concerning.
  9. This is what how we have on-demand scanning configured. Cleaning is set to 'always remedy detection':
  10. Thanks for the reply. That would be an option if I were sitting at these various computers. But we have 12 different campuses so my only viable option is pulling info from the ERA console.
  11. This is what most look like with Action = retained and no apparent error or indication why it was retained:
  12. That looks helpful, though I'm not finding such a log. Where is that located? It looks like you're working with Endpoint Security, whereas I'm using Endpoint AV, so there may be some differences?
  13. Thanks for the reply. Scans are occurring after hours, so folks should be logged off, though we know that doesn't always happen. I'm not sure how ESET defines system files. My assumption is an installer (msi) wouldn't necessarily be a system file, nor would those files in the user space, specifically in the user's Chrome profile. Just not sure if my assumption is correct. ESET in the past has indicated when a reboot is required for remediation, but it's not reflecting that, either. I haven't been able to find in the reports or elsewhere any indication as to why ESET is unable to reme
  14. Scheduled scans and on-demand (scan with cleaning) are not removing most malware lately. MSIL/Adware.BrowserAssistant.B: these are just .msi files flagged as applications, not PUPs and are located in the C:\Windows\Installer directory. I can manually delete them without issues. The others that aren't getting cleaned are HTML/ScrInject.B, JS/Adware.Chromex.Agent.E, JS/Mindspark.G, and a handful of others that are located in the user profile space. Scan settings are set to 'Always remedy detection'. Systems are showing no reboot required. I can't tell from the reports why non
×
×
  • Create New...