LuisC

First off, a big thank you to everyone for all of your responses and feedback. It's been very helpful and greatly appreciated. Next, just to update everyone. From messages I've received from the bank, they tested access to their site from many different Anti-Virus vendors, and only ESET triggered in their tests. They said that they have reached out to ESET regarding this. I do not know more than that. I will share as I hear more. @itman, your posts and screenshots have been especially helpful. Thank you for taking the time to do all that.

@itman, could you point me to where the "Banking & Payment Protection" settings are at? I just looked for them, and couldn't find them. Also, I checked with the bank, and they said that their website does not use Yodlee. Thank you!

Interesting, I wasn't aware of that change. I would tend to agree with your thoughts about that not being a secure way to proceed. That said, I wonder if I did a complete uninstall followed by deletion/purge of the install directory (including appdata), then a fresh install of the browsers, if that would help. Thoughts?

Marcos, Help me understand where my thinking is wrong here... This is a sincere message request. When other systems access this same bank, no "suspicious application" warnings are ever received/logged, only on my system. So, that leads me to believe that the "suspicious application" is on my computer. From the logs, it appears as though a connection is being initiated from my computer to retrieve a file from cdn.yodlee.com at the point I attempt to login, which is VERY concerning...especially given this is a financial institution. This is not normal. As obfuscation is a way to hide information, as well as a technique used by malware for delivery, this is concerning, especially given it's occurring right when my credentials are being supplied. If, as you're suggesting, I create an exception for this alert, my understanding is that I will essentially be telling ESET that "this message is OK", and to just ignore it, which masks the problem. I take that to mean that the download would now be permitted, which ESET is currently blocking. In my mind, I don't want to "mask" the problem, I want to get rid of it. I am happy to see that ESET blocked the connection of the download, but I view ESET as also being a tool/resource that should help me remove "suspicious applications" and viruses from my computer when they are found. If the application can't do this on their own, which I can understand that no one application can be expected to catch/find everything, then I would hope that ESET would be there to assist where the application falls short. After all, besides updates/upgrades, isn't that what I'm paying for when I purchased ESET? I view just making me aware of an issue, but not helping me get rid of it, as not being a complete solution. Thank you, and I look forward to your response. Sincerely, Luis

I completely agree, but wanted to check here first. I will open a support ticket with ESET regarding this so that it can be more closely looked at. Thank you!

No, I do not use XERO. In my searches, I did see another post about someone with XERO that was getting the same message.

Hello, Starting about 4 days ago, while attempting to log into my bank, ESET started alerting me about JS/Packed.Agent.Q. I am seeing the same alert from both Chrome and Firefox. When I attempt to log into the bank using other computers (that also has ESET installed with the same policies), I don't see any alerts messages. Thus, I have reason to believe my PC is infected with the JS/Packed.Agent.Q. I've run MalwareBytes as well as full ESET scans, but neither is finding anything. I've checked VirusRadar, but it doesn't have any mention (that I could find) of the above mentioned malware. So, I have some questions: 1) Where can I get information about JS/Packed.Agent.Q? I have found very little via Google in terms of locating and cleaning this. 2) Given ESET can't find anything, how do I go about removing it? 3) Should I open a support case to help get this resolved? From the logs, it appears that upon logging in, JS/Packed.Agent.Q is attempting to access a JavaScript file on cdn.yodlee.com. Below is the screenshot of the alert, along with the log entry. Thank you in advance for any assistance/information someone can provide regarding this...especially around removing it.

@Command IT, I just performed the same upgrade (although through ERA), and I'm experiencing the same issue. I haven not yet opened a support case. Before I do, I thought I'd see if you were able to determine the root cause with support? Luis