Masamunnex
-
Posts
51 -
Joined
-
Last visited
Posts posted by Masamunnex
-
-
1 minute ago, Peter Randziak said:
The detection name is the same, so I guess it will be related to the FP detection.
If you want to check it for sure, you can send me the details or wait for the Detection engine update to see if it will become undetected again...
all the details are in the image do you need anymore information ?
-
5 minutes ago, Peter Randziak said:
Hey, yea i saw marcos replay but the path that was detected on my machine was different from the path on that post, is it the same file and is it safe to ignore the detection ?
-
Just now, Marcos said:
Yes, it was FP. A new engine update is being worked on which will have the detection fixed.
You can create a temporary exclusion and restore the files from quarantine.
hey i also posted a topic about this but it seems that the file path on my machine is different, looks like its going to a gaming service from microsoft, care to also take a look ?
-
6 minutes ago, Gregecslo said:
Most probably false positive.
It happened exactly a year ago with same file
I see, the question is do i clean it or ignore ? cleaning might cause damage to the operating system ?
-
13 minutes ago, Gregecslo said:
Hello.
Possible FP:
Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.10\runtimes\win-x64\native\apphost.exe 16e5ebf8a2ae6ed07892c6d318fcb953c8d2bca7 124416 January 27, 2022 08:07:38 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.12\runtimes\win-x64\native\apphost.exe 2bb7aae7671a506267f4ec698199c447c1ea3ba8 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\sdk\5.0.303\apphosttemplate\apphost.exe 5ff2eadcf444f245d71ae0501fddc5c921967433 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\sdk\5.0.403\apphosttemplate\apphost.exe 2bb7aae7671a506267f4ec698199c447c1ea3ba8 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.9\runtimes\win-x64\native\apphost.exe 5ff2eadcf444f245d71ae0501fddc5c921967433 124416 January 27, 2022 08:07:08 1On VT only ESET detects it...
hey i just posted a topic about this too, i have getting a PUA msg about this win32/atlasvpn.a i did not download any atlasvpn or anything, any idea whats this about ?
-
Hi, today the eset antivirus detected a PUP from a microsoft folder, it detected somekind of VPN
safe to say i do not download any vpn or any programs on my pc, i am the only one that uses this pc and no windows update was done yesterday or today, i am attaching a printscreen of the detection
-
3 hours ago, Peter Randziak said:
Hello @Masamunnex,
so does it happen every time on Steam launch and works fine when it is not running?
Peter
yep, only when launching steam
-
13 minutes ago, New_Style_xd said:
Could you post a print and explain in more detail for better understanding.
what kind of print would you like ? everytime i open steam i get a notification from eset yellow color with the msg eset has limited cloud connectivity
-
Hi,
Since yesterday every time i open steam when i start my pc i am getting "eset has limited cloud connectivity"
its happening only when i start steam, i am not losing any internet connection, is this a bug ?
-
i am getting the same issue when launching steam, started happening this week
-
6 minutes ago, Marcos said:
1, Yes, it's safe to restore this file.
2, Correct. If access to a website has been blocked, the connection was terminated to protect your computer.
Thank you very much
-
2 minutes ago, Marcos said:
Thanks, it appears to be FP made by Augur the machine-learning system which blocked the file in LiveGrid. The file has now been removed from the blacklist. We're investigating why it happened to prevent such FP in the future.
Great to hear that Marcos, is it safe to restore the file to its original location ?
Another question if you will, if Eset blocked a site by internal blacklist, that means my PC is safe right ? Eset blocked the attemp to access that site in the first place ?
-
6 minutes ago, Marcos said:
Yes please. Most likely it was just a false positive. We'll check it out and fix it, if a FP is confirmed.
There you go friend
-
3 minutes ago, Marcos said:
Couldn't it be that the files were detected by the on-demand or startup scanner? Could you upload the file that was detected? If detected by real-time protection, pause it temporarily while you upload the file (compress it into a zip or rar archive, if possible). With ESET Log Collector logs we would have all necessary information at once.
The file was detected by an on-demand scan to be honest, the file is currently in quarantine, do i need to restore it to upload it ?
-
Just now, Marcos said:
I see it's 56 bytes in size, ie. empty. Let's upload all DAT files from that folder then.
devctrllog.dat hipslog.dat lasthit.dat urllog.dat virlog.dat warnlog.dat
-
There you go mate
-
7 minutes ago, Marcos said:
It should be enough to upload "C:\ProgramData\ESET\ESET Security\Logs\virlog.dat"
i have a file called "virlog.dat" but it was modified on 19 of march 2019 is that the file you want ?
and if so i tried to upload it but the site wont let me
-
2 minutes ago, Marcos said:
Please follow these instructions: How do I use ESET Log Collector?
can i provide a log without downloading the log collector ?
-
Just now, Marcos said:
Please provide logs collected with ESET Log Collector. It sounds like a false positive but without logs we can't tell for sure.
how do i give logs ?
-
So for some reason Eset detected SteelSeries software as a virus and i have no idea why, iv had the software since day 1 with eset and only now it detected it as a virus
C:\Documents and Settings\All Users\SteelSeries\SteelSeries Engine 3\engineApps\system-stats\SysStatsGo.dll it says "suspicious file"
is there any reason it started now to detect it ? i need to mention i didnt re-download this program it was downloaded from the official site 2 years ago
-
6 minutes ago, Marcos said:
Yes. The domain in question has began to resolve to an IP address that was blocked 2 years ago due to malware.
Ok, thanks for the help.
-
20 minutes ago, Marcos said:
The FP will be fixed in a few minutes. The IP address has been blocked since 2018.
So is this a false positive ?
-
9 minutes ago, Marcos said:
The FP will be fixed in a few minutes. The IP address has been blocked since 2018.
If you need another Log Time;URL;Status;Application;User;IP address;SHA1
02-May-20 8:05:18 PM;https://cognito-identity.us-east-1.amazonaws.com;Blocked by PUA blacklist;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;DESKTOP-OJGALTK\freec;52.206.238.184;4B6CB3A0794BEF967F8A5F593239446FA28EA74D -
7 minutes ago, itman said:
Open Eset GUI. Select Tools -> More Tools - Log Files.
1 hour ago, Marcos said:Please post the appropriate record from the Filtered websites or Detection log.
do you mean to copy the PUA log ? does it have any personal information ?
ESET detected microsoft file ?
in ESET Internet Security & ESET Smart Security Premium
Posted
where to i get the details you need ?