Jump to content

malware issue


Shafiq
 Share

Recommended Posts

Hi Eset,

 

One of the client computer installed with ESET endpoint security 7 got infected with malware (PC was communicating with the public IP, which should not have happened). This PC was communicating only for few seconds once in an hour and connection was getting closed. We couldn't able to find process id (we used process explorer to find out, but not able to as connection was getting close very fast) but we could see the traffic generating from computer using wireshark.

 

Computer has been formatted, but we would like to know from ESET, what steps should we take, if we face similar issue, and how I can report about suspicious activity on computer in case there is no file for submission.

 

HIPS, firewall was active with automatic mode and Network protection (IDS) also

 

ESET Endpoint Security 7

OS: Windows 8.1

ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)

 

 

Thank you.

 

Link to comment
Share on other sites

  • Administrators

Unfortunately without any further information, especially about the process and IP address that the process was communicating with and logs it's impossible to tell what happened. It might not have been necessarily malware. Should you observe a suspicious behavior, gather logs with ESET Log Collector for perusal.

Link to comment
Share on other sites

  • ESET Staff

If an issue like this ever returns, I recommend using ESET's Firewall to log or block the activity.  To do this, simply make a firewall rule similar to the following:

2018-09-19_13-00-25.jpg

Then you should be able to see the offending exe in the Firewall Log for ESET.

Edited by JamesR
Adding screenshot
Link to comment
Share on other sites

30 minutes ago, JamesR said:

If an issue like this ever returns, I recommend using ESET's Firewall to log or block the activity.  To do this, simply make a firewall rule similar to the following:

 

James,

Don't believe you linked you screen shot correctly.

Link to comment
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...