i have an apple iphone X plus. it has not worked properly since bought 7 months ago reports from apple come out as functioning good yet i think this is the most craziest iphone yet. its acting like its being shared or other devices have access  my apple id password . been to apple store support cases galore have had the cell wiped and reinstalled os plus all apps yet 24-72 hrs later. i get a wrong password msg. this has happened way too often to brush off as misspelling. as well cell has gotten even crazier. settings r coming on without my input. there are written flaws now being admitted by apple. my question is how can a cell thats been tested by apples high quality  equipment not pick up any of problems like my voice mail is in french my cell rings low most times plus i have to enter my passcode to answer? by time the calls is gone

wacky iphone X plus

Some virus is filling up my HD, malwarebytes can't find the problem
any idea of what to do?

We are having and issue with deleting computer profiles. This profiles are usually deleted during the nightly reboot and reloaded at logon. After a closer look, the issue is with a hidden log file in the profile for Avast. So I logged into one of the computers having this problem to troubleshoot it. Logged in with a admin account. Tried to take ownership so I can deleted it. All I have tested will not allow it. Never, had this issue before. This is one Windows 7 computers.

Any ideas would be appreciated.

Regards,
ABBEadmin

When we get threat intels info for hashes to be added to Trendmicro
Officescan, the MD5 or SHA1 hash value has to be entered into an
IOC Editor (we use Mandiant's ie
 https://www.fireeye.com/content/dam/fireeye-www/services/freeware/ug-ioc-editor.pdf)
 to generate 2 values indicated by 1st value & 2nd value enclosed in "...'  below.

However, sometimes, the intel that comes in can be more than a hundred, so this makes
it very tedious to manually generate the values & populate into the IOC file for Officescan
to read in.  Is there an automated way / script to generate the 2 values for each hash &
auto-populate (using script etc) or an easier way for Officescan to read in just the hash
values?    Have logged a case with Trendmicro & was advised to do it manually which
does not help at all.

attached the full IOC file.


   Sample IOC file's content:
   ====================
<?xml version="1.0" encoding="us-ascii"?>
<ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="2146113a-1513-4be6-b07e-f43969847a6a" last-modified="2018-12-02T02:19:17" xmlns="http://schemas.mandiant.com/2010/ioc">
  <short_description>Default</short_description>
  <authored_date>2017-09-26T02:58:26</authored_date>
  <links />
  <definition>
    <Indicator operator="OR" id="a1c825b0-ae7f-4461-85dd-25a20720acac">          <== 1st value enclosed in "...";  once only for entire IOC file
      <IndicatorItem …

I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.

Emotet Trojan!!

Currently dealing with an Emotet Trojan on a domain network with around 20 machines.

I know that the files replicates itself across the network and is generally a massive pain and is quite aggressive.

Does anyone have any tips at all that I could use to try and eradicate the malicious code.

I thought I cleared it by taking all machines offline and manually cleaning them by removing the files that were sat in SYSTEMROOT and user appdata etc.

Any pointers would be really appreciated, also if there is any specific software that removes this Trojan, that would also be of great help.

Thanks!!!

To whom it may concern
Hope you are well.  We have Kaspersky Endpoint Cloud installed on our network.  We are moving to Sophos Endpoint and need to uninstall the Kaspersky Endpoints on the network.

Domain Environment:  Windows 2008 R2 Standard
Domain Name:  homemakers-sa.co.za
Server VM Specs:
Intel Xeon CPU 5410 @ 2.33GHz
4GB Ram
64-bit OS
135GB HDD

The Kaspersky Endpoint Cloud console is in the cloud and displays the endpoints installed in the environment and not working like the old one where you have your console onsite and have the option to create a policy to uninstall.  What is the correct procedure to remove Kaspersky from the network so that I can deploy and install Sophos AV Endpoint.
Please let me know if you require more information.

Kind Regards
Lourensvd

We use Spamtitan email filtering appliance connecting to Exchange servers.
Since OLE macro enabled attachments were recently marked as viruses, it has been so confusing regarding how we deal with the attached files sent via emailing. We use Microsoft Word document a lot and usually macros are used. Now according to the new rule, macros are equal to viruses. All emails with macro-enabled attached files got rejected but our virus-protection app (AVG) doesn't think they are viruses. Here are my questions:
1. What can we do if macros are needed in our documents and we need to send the document files with macro via emailing?
2. Why are macros equal to viruses? Isn't it right not all macros are viruses? Only macros infected with viruses are what we need to concern, right?

We don't want to disable that feature as we believe there must be a reason for it. What do you suggest? Thanks.

I would like to read what's in Clam AV's safebrowsing .cld
(that lists the blacklisted sites).

After following some suggestions online, extracted from
the cld file  the following (using dd & 7zip):
08/11/2018  02:13 PM            18,325 Copying.txt
08/11/2018  02:14 PM       113,037,608 safebrowsing.gdb
08/11/2018  02:14 PM               514 safebrowsing.info

How can we read/extract the gdb file?

We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what
criteria?

Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from …

I have a client with a 2016 RDS server using a non-standard port (not 3389) for security reasons, which works fine.
The client would like to setup a RemoteApp for it as well.  If I set the RDS server to the standard port of 33889, the remoteapp works fine, but when I change the port back to the non-standard one, I can log into the remote app wep page without issue, but when I try to start the app, I get the error;
Remote Destop can't connect to the remote computer for one of these reasons:
1 remote access to the server is not enabled
2 the remote computer is turned off
3 the remote computer is not available on the network

Can anyone help me get the remoteapps to work on the non-standard port?
Thanks!

uninstall Eset security endpoint through domain using script or any centralized solution.

Hi folks,

We're trying to delete a Symantec ccSettings .dat file but it won't allow us to.  Keeps stating that the file is open in System.

We've uninstalled Symantec, deleted all Symantec folders in registry, ran the SEP uninstaller, no change.
Tried Unlocker and FilExile, no change.
Turned off Tamper Protection in SEP, no change.

Attached is a screenshot of the error.

We currently have a case open with Symantec on this, but they seem stumped as well.  Wanted to see if the good people of EE might be able to help!
data-file-error.jpg