-
Posts
14 -
Joined
-
Last visited
About Urashima Taro
-
Rank
Newbie
Profile Information
-
Location
Please select
-
Urashima Taro reacted to a post in a topic: ESET issue with Sandboxie - Persistent holding of registry keys
-
@Marcos I have been running ESET 1197 pre-release cleaner module for the past few days without issues. Sandboxie is working like it was prior to the reported problem. Marcos, could you elaborate what did ESET cleaner module did to Sandboxie to cause this problem? Sandboxie worked along with ESET for years without any conflicts until the reported issue occured recently. Your input is appreciated.
-
I have taken the dive into ESET's 1195 pre-release cleaner module. I am not sure why I did not receive the 1197 pre-release cleaner module after opting for it. For the most part it works but I do still receive the sandbox deletion issue 2 times out of 6 cold boots. I am attempting to find if there is a relation between how soon I log into OS desktop from a cold boot and open a sandboxed browser session with the sandbox deletion issue. 1195 pre-release is better but not a solution to the problem. I will attempt the blocking of ekrn.exe with Sandboxie after I revert from the 1195 pre-release.
-
I am experiencing a very similar issue as reported by Tetranitrocubane. I run Win7x64 / Sandboxie 5.30 / ESET NOD32 12.1.34.0 all running without any issues until I received Detection Engine update 19640 (20190705) and Rapid Response module 14501 (20190706). I am still able to clear the contents from the sandbox after a cold boot. No other updates and/or changes has been introduced to my system with the exception of the ESET updates. Any assistance in this matter is much appreciated.
-
False Positive or Failed Detection Rate.
Urashima Taro replied to Urashima Taro's topic in Malware Finding and Cleaning
Hello Marcos, Thank you for taking time to reply. Are there any logs within ESET NOD32 that I could provide to you that will show if and when I changed any settings? I am the only one who has access to the workstation in question and have not made any changes since the time of the initial installation of NOD32. The logs that I have only show when the scanner started to flag these files as PUA. Any insight into providing you this evidence of changes within NOD32 is appreciated. Respectfully, Urashima Taro -
To Whom It May Concern: I run multiple scans a day, every day since having installed ESET NOD32 on a workstation for the last three months. Each time I have zero detection of files stored on the same machine with the same files. In the past week I have noticed that the latest updates are now flagging files that are considered to be "Potentially Unsafe Application" (PUA). These same files have been scanned daily, multiple times a day with zero results, without changing any options on ESET NOD32. Why are these files now considered PUA? When in the past ESET did not even noticed them for three months. The files are: CPU-Z_1.56-setup-en.exe HWMonitor_1.16-setup.exe Both come up as PUA due to having "AskInstallChecker" and "AskToolbarInstaller". I am running ESET NOT32 on Win7x64 OS. Version of virus signature database: 15685 (20170703) Date: 7/3/2017 Time: 2:50:40 PM I have previous scan logs which scanned the same files with no detection. Your guidance and/or assistance in this matter is appreciated. Respectfully, Urashima Taro
-
Urashima Taro changed their profile photo
-
PDF/TrojanDropper.Agent.AH False Positive?
Urashima Taro replied to rockshox's topic in Malware Finding and Cleaning
I am having the same thing but using NOD32. I run multiple daily scans on the same directory for the past few months with no positives. This appears to be a false positive: Version of virus signature database: 15520 (20170602) C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template2.pdf28 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template3.pdf26 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template2.pdf26 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template1.pdf26 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template3.pdf28 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template2.pdf28 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template3.pdf27 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template2.pdf27 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template1.pdf27 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template3.pdf25 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template2.pdf25 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template1.pdf25 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template2.pdf16 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion C:\Program Files (x86)\Adobe\Acrobat 11.0\Setup Files\{AC76BA86-1033-FFFF-BA7E-000000000006}\Data1.cab » CAB » template3.pdf15 - PDF/TrojanDropper.Agent.AH trojan - action selection postponed until scan completion