Gregecslo

@Marcos will new version also address this: Syscall init_module returns error ?

This is not server version. Server version will take more time I guess...

Well that 10.3 is not for servers I believe..... Looks like some more waiting I just updated Linux box, did not play around with experimental kernels and stuff...

Lol. I just migrated to same version because of this. Come on guys, some naming of downloaded files would be great. At least that.

@Albert Edwards @Jean-Paul @cpa @GabrielEset @TomDib Have you got any response from tech support?

Same with: 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux May 14 09:28:37 check_start.sh[4216]: Skipping BTF generation for /var/opt/eset/efs/ewap/eset_wap/eset_wap.ko due to unavailability of vmlinux May 14 09:28:40 kernel: [ 42.982151] eset_rtp: loading out-of-tree module taints kernel. May 14 09:28:40 kernel: [ 42.982240] eset_rtp: module verification failed: signature and/or required key missing - tainting kernel May 14 09:28:40 kernel: [ 43.004337] eset_rtp: cannot find 64-bit syscall table May 14 09:28:40 oaeventd[4264]: ESET Server Security Error: Syscall init_module returns error: No such file or directory May 14 09:28:40 oaeventd[4264]: ESET Server Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. May 14 09:28:41 systemd[1]: Started ESET Server Security.

Install Ubuntu 22.04 Update it fully. Install EFS, EFS not working. This is how you can replicate it and collect every log you need without delays from customers.

@Marcos Care to comment? We use supported Ubuntu OS 22.04 and from last week we are unable to use RTP.

I have configured that this type of detection gets deleted... So when deleted no more warnings appear.

I never argued that it is not vulnerable. This same driver is on 1 week newly formatted lenovo notebook as well. Up to date with lenovo system update software. I just said that if detected it doesn't mean it is being exploited. In my case it is not exploited.

It is the same file as in my first post. And that very same file was detected on 10-20 computers in my org... And will be detected like on all computers if I don`t exclude it.

Hash of the file: SHA-1 9e5fcaea33c9a181c56f7d0e4d9c42f8edead252 SHA-256 b1a8ee1222eea5f199028d90b9b77c2acf46d6d84a9e125403b2888c6f681c72 Again, we have also 3rd party XDR solution which would alert on something like this

And with notepad

Emmm in my case when driver was deleted on my own machine, no more detections were made. I OPENED EXPLORER AND RIGHT CLICKED ON C:/Windows/System32/drivers/pmxdrv.sys AND THAT IS WHEN DETECTION HAPPENED. Below I tried with VLC, so no lolbin... Then I tried with notepad++, same detection... Whatever, eset is just deleting driver no matter what procees is touching it. It doesnt need to be windows lolbin.

Also I have Lenovo notebook and their software updater shows my notebook as fully updated.