
Carbonyl
-
Posts
32 -
Joined
-
Last visited
Kudos
-
Carbonyl received kudos from josh_bdn in ESET Flagged GPUZ for some reason
Thank you, James! This seems to answer all of my questions. I've purged the version of GPUZ I was using and will update it Post-Haste. It's reassuring to know that it wasn't malicious in its own right and that launching it did not cause a compromise outright. But I appreciate the point about how the outdated driver can cause havoc if others hook into it.
Much appreciated!
Zero worries - As you say, it's a very similar issue! I appreciate your help and your perspective on this.
-
Carbonyl gave kudos to JamesR in ESET Flagged GPUZ for some reason
Just adding a bit of info about when ESET detects a driver file as a Potentially UnSafe Application (PUSA). It simply means that driver has a vulnerability in it which can be misused to achieve kernel mode access in an attempt to remove or break endpoint security. If you use GPUZ (or some other driver flagged by ESET), you do not need to worry about any malicious activity, but should upgrade to a newer version ASAP.
The main reason we detect different drivers as PUSA is due to a tactic that threat actors will use called "Bring Your Own Vulnerable Driver" (BYOVD). This is where the threat actor downloads a known vulnerable driver so that they can use it to attempt to circumvent, remove, or break security products. So if a driver has a vulnerability which would allow this, we detect it as a PUSA to help prevent its misuse. Its also important to know that if you are purposely using a driver that is detected as a PUSA, that a threat actor could use the already in place driver, this is why its important to update the driver ASAP.
-
Carbonyl received kudos from Car54 in ESET Flagged GPUZ for some reason
This seems to be about CPUZ rather than GPUZ - Very similar pieces of software for sure. The thing that doesn't add up here is that the quoted conversation was from roughly five years ago.
I've been using GPUZ for years since then, and this is the first time I've seen this issue arise, so I'm skeptical that it's the same issue at play? Surely ESET would have caught it before now if that's the same vulnerability at play.
-
Carbonyl received kudos from Abdulkadirozbudak42 in Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security
Description: Please change the tray icon and GUI notification for Gamer Mode.
Detail: Currently when NOD enters gamer mode due to a fullscreened application, the tray icon and GUI show a somewhat unsettling ! icon that is indicative of a more substantial problem, and the GUI says that "NOD requires your attention". This is unsettling, as gamer mode is operating as designed, there is no problem, and NOD does not require attention. With the prevalence of multi-monitor setups becoming more and more common, it's very likely that users will fullscreen an application, video, or game on a secondary display - and see the icon or GUI for NOD on their primary display and become concerned.
This is particularly disconcerting when first discovering it. I just now saw the ! icon while a video was full screened on another monitor, and clicked over to the ! on my primary screen to see what was wrong and needed my attention. Doing so caused the video to exit fullscreen, and caused NOD to exit gamer mode before I could realize what was happening. And so I spent a good 10 minutes going back and forth thinking something was more seriously wrong on my system than it was.
Anyhow, just a suggestion! Thanks.
-
Carbonyl gave kudos to Marcos in Quick Question regarding HTTP filter alerts
It means that ESET detected malware in the http traffic and blocked it before it reached your system. Connection is terminated automatically in automatic cleaning mode.