denpin 0 Posted August 15, 2023 Share Posted August 15, 2023 My server has been attacked by Win32/Filecoder.Trigona. Before attack about 5 mins. Endpoint alert disabled. How virus can disable my AV? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted August 15, 2023 Administrators Share Posted August 15, 2023 Please supply me with: - logs collected with ESET Log Collector - a couple of encrypted files (ideally Office documents) - the ransomware note with payment instructions Link to comment Share on other sites More sharing options...
itman 1,741 Posted August 15, 2023 Share Posted August 15, 2023 Since this is the second recent attack: https://forum.eset.com/topic/37441-endpoint-infected-ransomware/ where Eset Endpoint protection has been disabled in Vietnam, a security advisory should be issued to recommend Eset endpoint settings be password protected. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,234 Posted August 15, 2023 Administrators Solution Share Posted August 15, 2023 As long as a machine is managed by ESET PROTECT Cloud, administrators are presented with a wizard enabling them to set up password protection easily: Link to comment Share on other sites More sharing options...
denpin 0 Posted August 17, 2023 Author Share Posted August 17, 2023 Thank you @Marcos. My server is shut down and isolated from my environment. I'm trying to turn it on but cannot run Eset Collect. I'm also enabling set up password protection. Link to comment Share on other sites More sharing options...
denpin 0 Posted August 17, 2023 Author Share Posted August 17, 2023 Thank you information @itman. Very helpful. I'm also enabling set up password protection. Link to comment Share on other sites More sharing options...
denpin 0 Posted August 17, 2023 Author Share Posted August 17, 2023 So, @MarcosHow about Rootkit scanner by Eset? Which is tool can do that? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted August 17, 2023 Administrators Share Posted August 17, 2023 59 minutes ago, denpin said: So, @MarcosHow about Rootkit scanner by Eset? Which is tool can do that? ESET can detect active rootkits. You can also use Gmer to find suspicious processes that attempt to hide in the systems but it detects also legit applications just based on the behavior so you should interpret the results with a grain of salt. Link to comment Share on other sites More sharing options...
Recommended Posts