Mandy123

Why doesn't ESET have a link somewhere for feedback on its website - eg broken links? Seems to me the company is missing a trick

Many thanks ITman Thanks also, Marcos I had automatic submission turned off, because I am very wary of any telemetry, but ESET has proved itself worthy, so I'll turn it on! And thanks for the suggestion about agressive protection, also turned on. The help from both of you was awesome! Cheers Mandy

Hi ITman Thank you for that suggestion. NetStation Terminal.exe has been in the same directory since it was installed. It's update date is the same as its installation date - November 2022. So there is nothing new there to trigger the warning. Hi Marcos Thank you for that recommendation. Well spotted. D driive has now been removed from performance exclusions. It was put in there temprarily some time back, and then never removed afterwards. However, what do you mean "The detection has been removed"? Do you mean a modification to the Augur detections algorithm? I have stopped getting the warnings, though. Kind regards Mandy

Many thanks Itman Very intersting article. It is the reason I like ESET - great research and at the forefront. I do think, however, that the ESET warning should make clear that ML/Augur is, as you say, a "probability based behavior determination that a process is malicious", and the ESET help function should also make that clear. There is nothing about that particular warning on the ESET website, and it is presented in almost the same way a dangerous virus hit appears. I have attached the whole directory containing the suspicious files and would be very grateful if it could be checked out. But I suspect this must be a false positive because of the directory it is in. Thanks again Mandy NetStation.zip

Hi Marcos I don't think I need to send you the logs, but here is the zip file from the log collector. The real issues as I see them are: 1. What is the "ML/Augur" threat? I am still in the dark as to how dangerous this is. 2. I submitted the offending file/program, "NetStation Terminal.exe". Can ESET see anything wrong with it? 3. Do you think it will fix the problem if I uninstal "NetStation Terminal.exe" and reinstall in the C:\Program Files\NetStation directory? Thanks again for your help Mandy essp_logs.zip

Hi Marcos That is weird, because I received confirmation that the samples were submitted yesterday. I dont have the exact time, but it was an hour or two after you asked for it. Please see attached screenshots of my file notes Mandy Log submitted 20230514.pdf

Hi itman Re your previous comment, no the program is not in C:\Program Files\NetStation directory or sub-directory. However, that is possibly my fault, as I installed it and may have made a mistake, Regards

Many thanks, itman You said " This would indicate to me it was a suspicious activity detection." Presumably that is why the warning flashed up in the first place. Could you clarify what the other implications are that you mean, please? Yes, it is worrying that Windows has a telemetry file checking this, but it might be connected with the fact that the Windows Malicious Software Removal Tool tried to access the file previously.

Thanks Marcus File submitted (NB Please also refer case #00531506 through the portal)

I had a thought - is the problem because the file is in the C:\ProgramData\NetStation directory instead of C:\Program Files\NetStation?

Thanks Marcos Your suggestion led me to check the ESET logs. There were no threats being reported, which is why I posted in the forum in the first place. However, I then realised the ESET log filter was turned on (or was it off?), so the ESET Threat logs were not appearing. As soon as I changed the filter, the logs appeared and now the offending file/program is clearly identified as "NetStation Terminal.exe". Therefore I don't need to send you the logs after all. But the attached screenshot is an example of the many warnings in the logs, which all point to the same file "NetStation Terminal.exe". However, this is a commercial program, that has been installed for months already, so I don't understand why it is suddenly producing threat warnings. Secondly, if a search on ESET does not turn up any explanation of what "ML/Augur" threat is, I am still in the dark as to how dangerous this is. ESET has not "cleaned" the program, but left it in place, so it can’t be too serious. Do you (or anyone else) know what the "ML/Augur" threat is? There is nothing on Google or ESET about it. Thanks in advance

A few days ago, when trying to install the latest version of the the Windows Malicious Software Removal Tool , ESET also sent a warning "Threat found. A threat ML/Augur was found in a file that Microsoft Windows Malicious Software Removal Tool tried to access. The link on file does not work. The link on Microsoft Windows Malicious Software Removal Tool only leads to Microsoft's genuine MRT.exe file (Windows Malicious Software Removal Tool), so once again, I have no idea where the problem is or how to find it. Since then, ESET keeps sending me a warning "Threat found. A threat was found in a file that runs automatically. A threat ML/Augur was found in a file on your computer. The link on file does not work, so I have no idea where the problem is or how to find it, or even how to get any help on it from ESET. ESET also sent me a warning "Threat found. A threat ML/Augur was found in a file that Microsoft Compatability Telemetry tried to access. The link on file does not work. The link on Microsoft Compatability Telemetry file leads to Microsoft's genuine CompatTelRunner.exe, so agian I have no idea where the problem is or how to find it. SmartSecurity Premium (v 16.0.26.0). Windows 7 Machine. Can anyone help?

Come on ESET - you can produce better warnings than this. Yes, it is important and right to have a warning, but "Stay protected" is an unhelpful option. It should read something like "Click here for more information on how to stay protected". And "Postpone" is unhelpful too. Postpone what? It should be something like "Ignore warning". There was also another little pop-up message that flashed up, which has now gone and I can't remember the exact wording, but that was just as confusing.