denpin 0 Posted August 15, 2023 Posted August 15, 2023 My server has been attacked by Win32/Filecoder.Trigona. Before attack about 5 mins. Endpoint alert disabled. How virus can disable my AV?
Administrators Marcos 5,468 Posted August 15, 2023 Administrators Posted August 15, 2023 Please supply me with: - logs collected with ESET Log Collector - a couple of encrypted files (ideally Office documents) - the ransomware note with payment instructions
itman 1,807 Posted August 15, 2023 Posted August 15, 2023 Since this is the second recent attack: https://forum.eset.com/topic/37441-endpoint-infected-ransomware/ where Eset Endpoint protection has been disabled in Vietnam, a security advisory should be issued to recommend Eset endpoint settings be password protected.
Administrators Solution Marcos 5,468 Posted August 15, 2023 Administrators Solution Posted August 15, 2023 As long as a machine is managed by ESET PROTECT Cloud, administrators are presented with a wizard enabling them to set up password protection easily:
denpin 0 Posted August 17, 2023 Author Posted August 17, 2023 Thank you @Marcos. My server is shut down and isolated from my environment. I'm trying to turn it on but cannot run Eset Collect. I'm also enabling set up password protection.
denpin 0 Posted August 17, 2023 Author Posted August 17, 2023 Thank you information @itman. Very helpful. I'm also enabling set up password protection.
denpin 0 Posted August 17, 2023 Author Posted August 17, 2023 So, @MarcosHow about Rootkit scanner by Eset? Which is tool can do that?
Administrators Marcos 5,468 Posted August 17, 2023 Administrators Posted August 17, 2023 59 minutes ago, denpin said: So, @MarcosHow about Rootkit scanner by Eset? Which is tool can do that? ESET can detect active rootkits. You can also use Gmer to find suspicious processes that attempt to hide in the systems but it detects also legit applications just based on the behavior so you should interpret the results with a grain of salt.
Recommended Posts