HienKieu 2 Posted March 6, 2018 Share Posted March 6, 2018 Hi guys, My customer is using ESET File Security on Window Server 2008 R2, with Real-time file system protection feature, it can be found and Cleaned by deleting this variant , but after cleaned, the process "explorer.exe" will be killed also, so nothing on desktop! Then must to click File -> New Task "explorer" for show up! This situation is still occurring many times, so please help us how to permanently remove the type of variant without killed the process "explorer"? Thanks in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 6, 2018 Administrators Share Posted March 6, 2018 Please provide: - ELC logs - A Procmon boot log created as per the instructions at https://support.eset.com/kb6308/ Upload both archives to a safe location and drop me a message with download links and a link to this topic. Link to comment Share on other sites More sharing options...
HienKieu 2 Posted March 6, 2018 Author Share Posted March 6, 2018 1 hour ago, Marcos said: Please provide: - ELC logs - A Procmon boot log created as per the instructions at https://support.eset.com/kb6308/ Upload both archives to a safe location and drop me a message with download links and a link to this topic. @Marcos Please help me with logs details as link below hxxp://fsend.vn/download/AbXuimyHyUMT0W3exh2ajV1-Lwf-jEUS Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 6, 2018 Administrators Share Posted March 6, 2018 Unfortunately, the Procmon log was not from a boot. Please refer to the section "Gather boot log files" in the above mentioned KB article. Before you start logging, enable also advanced output in the Filter menu. Link to comment Share on other sites More sharing options...
HienKieu 2 Posted March 7, 2018 Author Share Posted March 7, 2018 15 hours ago, Marcos said: Unfortunately, the Procmon log was not from a boot. Please refer to the section "Gather boot log files" in the above mentioned KB article. Before you start logging, enable also advanced output in the Filter menu. Hi @Marcos This is new "Gather boot log files" i have just collected, please help us: hxxp://fsend.vn/download/Kjv5tb08BQTLaPawYzKIOZ-xfv1Aelfq Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 7, 2018 Administrators Share Posted March 7, 2018 The log is not from a boot. After launching Procmon, select "Enable boot logging" in the Options menu and "Enable advanced output" in the Filter menu. Then reboot the computer, launch Procmon and save the log. Link to comment Share on other sites More sharing options...
Recommended Posts