malware issue

[Shafiq 0]

Hi Eset,

 

One of the client computer installed with ESET endpoint security 7 got infected with malware (PC was communicating with the public IP, which should not have happened). This PC was communicating only for few seconds once in an hour and connection was getting closed. We couldn't able to find process id (we used process explorer to find out, but not able to as connection was getting close very fast) but we could see the traffic generating from computer using wireshark.

 

Computer has been formatted, but we would like to know from ESET, what steps should we take, if we face similar issue, and how I can report about suspicious activity on computer in case there is no file for submission.

 

HIPS, firewall was active with automatic mode and Network protection (IDS) also

 

ESET Endpoint Security 7

OS: Windows 8.1

ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)

 

 

Thank you.

 

[Marcos 4,910]

Unfortunately without any further information, especially about the process and IP address that the process was communicating with and logs it's impossible to tell what happened. It might not have been necessarily malware. Should you observe a suspicious behavior, gather logs with ESET Log Collector for perusal.

[JamesR 50]

If an issue like this ever returns, I recommend using ESET's Firewall to log or block the activity.  To do this, simply make a firewall rule similar to the following:

Then you should be able to see the offending exe in the Firewall Log for ESET.

Edited September 19, 2018 by JamesR
Adding screenshot

[itman 1,627]

30 minutes ago, JamesR said:

If an issue like this ever returns, I recommend using ESET's Firewall to log or block the activity.  To do this, simply make a firewall rule similar to the following:

 

James,

Don't believe you linked you screen shot correctly.

[JamesR 50]

@itman - Screenshot should be there now.  Thanks.

[Shafiq 0]

Thank you for the help ...

 

Thanks