Joe-ESET2016 0 Posted June 7, 2017 Share Posted June 7, 2017 Hello, is this critical? Do you think its a fault that I didn´t exclude Exchange folders in ESET? (automatic exclusions aren´t activated) (exchange 2013 server with eset mail security 4.5) Exchange Folders/Processes are´t excluded. Settings are on default. Parserserver.exe = microsoft exchange search index I checked this, but the mentioned entries are´t in the registry: hxxp://www.virusradar.com/en/Win32_PSW.Fareit.A/description Thx, best regards 06.2017 10:49:15 Real-time file protection file C: \ Windows \ TEMP \ O .................. tmp Win32 / PSW.Fareit.A Trojan Cleaned by deleting NT- AUTORITY \ SYSTEM Event when editing a file by the application: \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. 5394 .................... 02.06.2017 10:49:14 C: \ Windows \ TEMP \ OICE _ tmp Win32 / PSW.Fareit.A Trojan Cleaned by deleting NT AUTHORITY \ SYSTEM Event at Edit A file through the application: \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. 5394 ................ 02.06.2017 10:49:12 02.06.2017 10:49:12 Real-time file protection file C: \ Windows \ TEMP \ OICE tmp variant of MSIL / Injector.MWQ Trojans cleaned by Delete NT AUTHORITY \ SYSTEM Event when editing a file by the application: \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. B5394 ..................... 02.06.2017 10:49:11 02.06.2017 10:49:09 Real-time file protection file C: \ Windows \ TEMP \ OICE _.............. tmp Variant of MSIL / Injector.MVR Trojans Cleaned by deleting NT AUTHORITY \ SYSTEM Event when editing a file by the application: \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. 6186 ...................... 02.06.2017 10:49:07 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted June 7, 2017 Administrators Share Posted June 7, 2017 First of all, please uninstall EMSX 4.5 and install v6.5 with default settings and automatic exclusions. Only v6 fully supports modern Windows Server systems. Let us know about the result. Link to comment Share on other sites More sharing options...
Joe-ESET2016 0 Posted June 16, 2017 Author Share Posted June 16, 2017 thx automatic exclusions was disabled. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted June 16, 2017 Administrators Share Posted June 16, 2017 Also don't forget to upgrade to EMSX v6.5 which provides much better protection especially thanks to LiveGrid. Ideally do not install it over but uninstall v4.5 first. Link to comment Share on other sites More sharing options...
Recommended Posts