Jump to content

cybot

Members
  • Posts

    41
  • Joined

  • Last visited

About cybot

  • Rank
    Newbie
    Newbie

Profile Information

  • Gender
    Male
  • Location
    USA
  1. issue is not fixed when running the Dragon Center 2 setup file, a message from ESSP saying that the file setup.exe was infected. it had the following message: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 1/10/2020 7:29:58 PM;Real-time file system protection;file;C:\Users\Cybot\AppData\Local\Temp\{E3E1BF59-57C1-4792-BC38-9C2F0F58204B}\setup.exe;a variant of Win32/GenKryptik.EBBO trojan;cleaned by deleting;MSI\Cybot;Event occurred on a new file created by the application: C:\Users\Cybot\AppData\Local\Temp\{686B90F5-2E1E-4F34-BBA4-F8D0F93C66C5}\setup_G.exe (0C7B66731131D984E5AE95ADD4D757355994E17E).;F10C1F5A7B954F5D2293F02B23250CDFFD81ABC2;12/26/2019 12:24:25 AM 1/10/2020 7:30:21 PM;Real-time file system protection;file;C:\Users\Cybot\AppData\Local\Temp\{436D8C86-4FCF-482E-8308-9DFE3FBCA482}\setup.exe;a variant of Win32/GenKryptik.EBBO trojan;cleaned by deleting;MSI\Cybot;Event occurred on a new file created by the application: C:\Users\Cybot\AppData\Local\Temp\{F382F35F-1B93-4A33-AC2B-D25F03D842DA}\setup_G.exe (0C7B66731131D984E5AE95ADD4D757355994E17E).;F10C1F5A7B954F5D2293F02B23250CDFFD81ABC2;12/26/2019 12:24:25 AM 1/10/2020 7:30:37 PM;Real-time file system protection;file;C:\Users\Cybot\AppData\Local\Temp\{D85B2B46-78E3-47A2-868E-AF8CEBA0E5B0}\setup.exe;a variant of Win32/GenKryptik.EBBO trojan;cleaned by deleting;MSI\Cybot;Event occurred on a new file created by the application: C:\Users\Cybot\AppData\Local\Temp\{5338A8ED-DF72-46AC-B796-5127C29B9014}\setup_G.exe (0C7B66731131D984E5AE95ADD4D757355994E17E).;F10C1F5A7B954F5D2293F02B23250CDFFD81ABC2;12/26/2019 12:24:25 AM AM so the files are no longer blocked from being extracted from the setup .zip file, but I still can not run the setup program.
  2. apologies. in the previous case, I did follow that guide, but when the same issue reoccurs, it looks like nothing was done about the false positive. ESSP is no longer flagging the setup files. thanks and sorry for how I went about reporting the issue this time around.
  3. I am trying to update my laptops MSI Dragon Center 2 software, but it is being blocked by both windows defender, ESET ESSP, and windows smart screen. I try and extract the files, and the setup file files are deleted/quarantined as soon as they are accessed. the files that are falsely being marked as being a virus are: "setup_G.exe", "setup_P.exe", and "setup_W.exe" the files for the setup program are contained in a .ZIP file and are downloaded from the manufacturer website from the following URL: https://download.msi.com/uti_exe/nb/ap_DragonCenterv2.6.1912.2601_2.6.1912.2601_0xc5b28391.zip . scanning the .zip file returns multiple threats, and when a file extraction is attempted, the files get removed. THERE IS NO VIRUS THERE IS NOTHING HARMFUL WITH THESE FILES. THIS IS A FALSE DETECTION!!! this happened once before with a previous version of the software, and I had to wait for a new version to come out before I could install it because of the issue. I tried to raise this issue when It happened before on the MSI support forum, and I was called a liar and told my system was so badly infected I needed to do format and clean install. For the record, my system is not infected and never has been. the software does not suddenly get a certain version being detected as a virus, get several new versions released, and then suddenly get marked as containing a virus once again. the only conclusion I can come to, is that someone is dicking around with the reporting system and making false reports in an attempt to harm MSI's reputation or something. in researching the issue the first time it happened, I came across only one site where virus containing software gets reported, that was reporting the software as containing viruses. URL : https://www.hybrid-analysis.com/sample/1b948a4297783a028ce5fb4a8a0d25e5ebfd576d4ce2fde7fec18700b536eb48?environmentId=100 . virus's being detect are all named generik. followed by some random letters. I have made previous reports inside ESSP program reporting the falsely flagged files, but it is, as I stated, happening again.
  4. I don't know if I have High DPI enabled on my system, but it's good too know that it's a recognized issue that is due to be fixed
  5. Windows 10 1903 ESSP 12.1.34.0 Sysinspector v10.7.79.0 I have discovered that the Sysinspector tool in ESSP (and possibly other versions of ESET software that include the tool) crashes on load. It can create sysinspector logs, but you can not view them. according to the windows event viewer, the sysinspector is crashing with a 0xc000005 error, with the faulting module being listed as the sysinspector program it self (an internal program error?) The stand alone version of the sysinspector downloaded from the eset site works, but is an older version and takes forever to come up. Fault bucket 2243708203262627270, type 4 Event Name: APPCRASH Response: Not available Cab Id: 0   Problem signature: P1: SysInspector.exe P2: 10.7.79.0 P3: 5ca726a7 P4: SysInspector.exe P5: 10.7.79.0 P6: 5ca726a7 P7: c0000005 P8: 00000000000399aa P9: P10:   Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC914.tmp.mdmp \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC982.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9A2.tmp.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9A4.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9D4.tmp.txt   These files may be available here: \\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SysInspector.exe_8bf46cbe28d02d14db50a662d67fcf6d511f96c2_ee6e4bfc_223d13f8-a307-4797-a8bb-ad1273023770   Analysis symbol: Rechecking for solution: 0 Report Id: 89c9e574-29d7-4838-bb51-ea278453d03c Report Status: 268435456 Hashed bucket: 662e45029cc2e6d16f2340b923194dc6 Cab Guid: 0 Faulting application name: SysInspector.exe, version: 10.7.79.0, time stamp: 0x5ca726a7 Faulting module name: SysInspector.exe, version: 10.7.79.0, time stamp: 0x5ca726a7 Exception code: 0xc0000005 Fault offset: 0x00000000000399aa Faulting process id: 0x5860 Faulting application start time: 0x01d5265210dec022 Faulting application path: C:\Program Files\ESET\ESET Security\SysInspector.exe Faulting module path: C:\Program Files\ESET\ESET Security\SysInspector.exe Report Id: 89c9e574-29d7-4838-bb51-ea278453d03c Faulting package full name: Faulting package-relative application ID: - <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2019-06-19T03:50:31.823535500Z" /> <EventRecordID>7953</EventRecordID> <Channel>Application</Channel> <Computer>MSI</Computer> <Security /> </System> - <EventData> <Data>SysInspector.exe</Data> <Data>10.7.79.0</Data> <Data>5ca726a7</Data> <Data>SysInspector.exe</Data> <Data>10.7.79.0</Data> <Data>5ca726a7</Data> <Data>c0000005</Data> <Data>00000000000399aa</Data> <Data>5860</Data> <Data>01d5265210dec022</Data> <Data>C:\Program Files\ESET\ESET Security\SysInspector.exe</Data> <Data>C:\Program Files\ESET\ESET Security\SysInspector.exe</Data> <Data>89c9e574-29d7-4838-bb51-ea278453d03c</Data> <Data /> <Data /> </EventData> </Event>
  6. Not true. I am in contact with ESET Technical support technical management team they and I have found that enabling the secure data feature in ESSP, while Condusiv Diskeeper 18 Pro is installed, results in a 0x1e K_mode_Exception_not_handled BSOD which does not allow the system to boot until the ESET uninstaller is run from safemode. the case is actively being investigated. case #285912 according to the support tech, endpoint encryption and ESSP's secure data feature both use the same software, originally made by DESLock. Also found out just today, that the Sysinspector crashes on load. you can create sysinspector logs, but you can not view them. I will be creating a separate post about that issue.
  7. don't know if your system is used by others, but if it is not, then I would not worry about this issue. the security hole from the article can only be exploited locally, as in sitting at the machine. Unless you are going to be performing DDOS attacks or hacking into your own system, then your safe. If it's your own system, your should already have Admin level access to the OS available to you. the only way for to be vulnerable is if you allow access to your machine to a untrusted remote user using Remote Desktop, Teamviewer or other similar software.
  8. Just got off the phone with ESET support, and the Advisory for the ESET Endpoint Encryption and Windows 10 1903 should eventually be updated to include ESET Smart security premium, but until then, I am notifying all users here. If you use Eset Smart Security Premium's Secure Data feature on Windows 10 v1903 and certain other third party software such as Condusiv Diskeeper 18 Professional, you will run into non recoverable BSOD at startup of the OS. the BSOD stop code is 'K_Mode Exception Not Handled' Windows will only boot into safe mode the only way to recover from the BSOD is too temporarily uninstall ESSP using the ESET uninstaller from here ->(https://support.eset.com/kb2289/) <- and uninstall ESSP temporily. although removing the offending third party software only will also fix the issue, this is usually not possible due to the fact that the Microsoft Installer service will not run under windows safe mode. after windows is back up and running again, you may reinstall ESSP, but for the time being, UNDER NO CIRCUMSTANCES, TURN ON THE SECURE DATA FEATURE.
  9. so it looks like they repacked the version and fixed what ever was the problem. (as denoted by the .1 at the end of the version)
  10. my built-in web cam is also under the "camera" category in device manager. It worked fine under 11.0.159.0, but had problems when i upgraded to 11.1.4x.0 It's on a 2010 Toshiba satellite laptop and the device is called "USB 2.0 UVC Webcam" My solution was to do the following: export your current EIS settings in the settings menu of EIS. goto eset.com and either download the smart installer or the full package (i prefer the full package) write down or find a copy of your EIS license info (you will need it when you re install EIS) uninstall EIS and then reboot install EIS again using the installer downloaded in step 2 and reboot once more import your EIS settings using the same menu the you used to export them. check your settings to see if they are set as you want them to be. after this the web cam protection and any other feature that were not working should now work.
  11. believe it or not... a clean install of 11.1.42.0 will solve the problem of the camera and device control not working. I don't know why it would not work after upgrading, but i can only assume the there is a major change under the hood between the two versions (11.0.159.0 and 11.1.42.0) that is not working well with the upgrade process. At least Eset was quick about packaging up the new version for a full install, which solves the problem. the windows 10 store app titled "Camera" by M$, works and triggers the camera protection when loaded for the first time, as does the camera application that came with the system, "Toshiba Web Camera application". device control, likewise seems to be fully working as well.
  12. well you may not have an issue as your running win7. this may or may not be a win10 only issue
  13. when i checked the other day the setup program link on the eset site was for 11.0.159.0 the only way to get to 11.1.42 is through updating via the program. NOTE: just checked the downloads page, and EIS 11.1.42.0 is now available for download
  14. that's what i found happens too. so annoying. my error message says it only affects newly connected cameras until the computer is restarted, but this is clearly not the case. i'm on 11.1.42.0 now as well only real fix I have found is to run a repair from app and features, which reverts you to 11.0.159.0. then let it update to 11.0.159.9 and then turn off application updates in eis advanced settings. i admit this is more of a workaround than a fix, but it's all i could come up with so far.
  15. Found a temporary work around, running a repair from apps/settings in win10, the repair reverted EIS to 11.0.159.0. after the restart, i turned off application updates. under 11.0.159.0, web cam protection and device control are now working under the older version. i appear to have that version module installed, and under the version i talked about above, the web cam protection and device control work. but updating to 11.1.40.0 causes those two features to not work.
×
×
  • Create New...