[False virus detection in setup file for MSI Dragon Center 2 v.6.2.1912.2601]

issue is not fixed when running the Dragon Center 2 setup file, a message from ESSP saying that the file setup.exe was infected. it had the following message:

 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
1/10/2020 7:29:58 PM;Real-time file system protection;file;C:\Users\Cybot\AppData\Local\Temp\{E3E1BF59-57C1-4792-BC38-9C2F0F58204B}\setup.exe;a variant of Win32/GenKryptik.EBBO trojan;cleaned by deleting;MSI\Cybot;Event occurred on a new file created by the application: C:\Users\Cybot\AppData\Local\Temp\{686B90F5-2E1E-4F34-BBA4-F8D0F93C66C5}\setup_G.exe (0C7B66731131D984E5AE95ADD4D757355994E17E).;F10C1F5A7B954F5D2293F02B23250CDFFD81ABC2;12/26/2019 12:24:25 AM
1/10/2020 7:30:21 PM;Real-time file system protection;file;C:\Users\Cybot\AppData\Local\Temp\{436D8C86-4FCF-482E-8308-9DFE3FBCA482}\setup.exe;a variant of Win32/GenKryptik.EBBO trojan;cleaned by deleting;MSI\Cybot;Event occurred on a new file created by the application: C:\Users\Cybot\AppData\Local\Temp\{F382F35F-1B93-4A33-AC2B-D25F03D842DA}\setup_G.exe (0C7B66731131D984E5AE95ADD4D757355994E17E).;F10C1F5A7B954F5D2293F02B23250CDFFD81ABC2;12/26/2019 12:24:25 AM
1/10/2020 7:30:37 PM;Real-time file system protection;file;C:\Users\Cybot\AppData\Local\Temp\{D85B2B46-78E3-47A2-868E-AF8CEBA0E5B0}\setup.exe;a variant of Win32/GenKryptik.EBBO trojan;cleaned by deleting;MSI\Cybot;Event occurred on a new file created by the application: C:\Users\Cybot\AppData\Local\Temp\{5338A8ED-DF72-46AC-B796-5127C29B9014}\setup_G.exe (0C7B66731131D984E5AE95ADD4D757355994E17E).;F10C1F5A7B954F5D2293F02B23250CDFFD81ABC2;12/26/2019 12:24:25 AM
AM
 

 

so the files are no longer blocked from being extracted from the setup .zip file, but I still can not run the setup program.

[False virus detection in setup file for MSI Dragon Center 2 v.6.2.1912.2601]

apologies. in the previous case, I did follow that guide, but when the same issue reoccurs, it looks like nothing was done about the false positive. ESSP is no longer flagging the setup files. thanks and sorry for how I went about reporting the issue this time around.

[False virus detection in setup file for MSI Dragon Center 2 v.6.2.1912.2601]

I am trying to update my laptops MSI Dragon Center 2 software, but it is being blocked by both windows defender, ESET ESSP, and windows smart screen. I try and extract the files, and the setup file files are deleted/quarantined as soon as they are accessed. the files that are falsely being marked as being a virus are: "setup_G.exe", "setup_P.exe", and "setup_W.exe"  the files for the setup program are contained in a .ZIP file and are downloaded from the manufacturer website from the following URL: https://download.msi.com/uti_exe/nb/ap_DragonCenterv2.6.1912.2601_2.6.1912.2601_0xc5b28391.zip . scanning the .zip file returns multiple threats, and when a file extraction is attempted,  the files get removed. THERE IS NO VIRUS  THERE IS NOTHING HARMFUL WITH THESE FILES. THIS IS A FALSE DETECTION!!! this happened once before with a previous version of the software, and I had to wait for a new version to come out before I could install it because of the issue. I tried to raise this issue when It happened before on the MSI support forum, and I was called a liar and told my system was so badly infected I needed to do format and clean install. For the record, my system is not infected and never has been. the software does not suddenly get a certain version being detected as a virus, get several new versions released, and then suddenly get marked as containing a virus once again. the only conclusion I can come to, is that someone is dicking around with the reporting system and making false reports in an attempt to harm MSI's reputation or something. in researching the issue the first time it happened, I came across only one site where virus containing software gets reported, that was reporting the software as containing viruses. URL : https://www.hybrid-analysis.com/sample/1b948a4297783a028ce5fb4a8a0d25e5ebfd576d4ce2fde7fec18700b536eb48?environmentId=100 . virus's being detect are all named generik. followed by some random letters. I have made previous reports inside ESSP program reporting the falsely flagged files, but it is, as I stated, happening again.

[System Inspector crash on load (0xc000005)]

I don't know if I have High DPI enabled on my system, but it's good too know that it's a recognized issue that is due to be fixed 

[System Inspector crash on load (0xc000005)]

Windows 10 1903

ESSP 12.1.34.0

Sysinspector v10.7.79.0

I have discovered that the Sysinspector tool in ESSP (and possibly other versions of ESET software that include the tool) crashes on load. It can create sysinspector logs, but you can not view them. according to the windows event viewer, the sysinspector is crashing with a 0xc000005 error, with the faulting module being listed as the sysinspector program it self (an internal program error?)

 

The stand alone version of the sysinspector downloaded from the eset site works, but is an older version and takes forever to come up.

 

Fault bucket 2243708203262627270, type 4

Event Name: APPCRASH

Response: Not available

Cab Id: 0

　

Problem signature:

P1: SysInspector.exe

P2: 10.7.79.0

P3: 5ca726a7

P4: SysInspector.exe

P5: 10.7.79.0

P6: 5ca726a7

P7: c0000005

P8: 00000000000399aa

P9:

P10:

　

Attached files:

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC914.tmp.mdmp

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC982.tmp.WERInternalMetadata.xml

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9A2.tmp.xml

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9A4.tmp.csv

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9D4.tmp.txt

　

These files may be available here:

\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SysInspector.exe_8bf46cbe28d02d14db50a662d67fcf6d511f96c2_ee6e4bfc_223d13f8-a307-4797-a8bb-ad1273023770

　

Analysis symbol:

Rechecking for solution: 0

Report Id: 89c9e574-29d7-4838-bb51-ea278453d03c

Report Status: 268435456

Hashed bucket: 662e45029cc2e6d16f2340b923194dc6

Cab Guid: 0

 

Faulting application name: SysInspector.exe, version: 10.7.79.0, time stamp: 0x5ca726a7

Faulting module name: SysInspector.exe, version: 10.7.79.0, time stamp: 0x5ca726a7

Exception code: 0xc0000005

Fault offset: 0x00000000000399aa

Faulting process id: 0x5860

Faulting application start time: 0x01d5265210dec022

Faulting application path: C:\Program Files\ESET\ESET Security\SysInspector.exe

Faulting module path: C:\Program Files\ESET\ESET Security\SysInspector.exe

Report Id: 89c9e574-29d7-4838-bb51-ea278453d03c

Faulting package full name:

Faulting package-relative application ID:

 

 

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Application Error" />

  <EventID Qualifiers="0">1000</EventID>

  <Level>2</Level>

  <Task>100</Task>

  <Keywords>0x80000000000000</Keywords>

  <TimeCreated SystemTime="2019-06-19T03:50:31.823535500Z" />

  <EventRecordID>7953</EventRecordID>

  <Channel>Application</Channel>

  <Computer>MSI</Computer>

  <Security />

  </System>

- <EventData>

  <Data>SysInspector.exe</Data>

  <Data>10.7.79.0</Data>

  <Data>5ca726a7</Data>

  <Data>SysInspector.exe</Data>

  <Data>10.7.79.0</Data>

  <Data>5ca726a7</Data>

  <Data>c0000005</Data>

  <Data>00000000000399aa</Data>

  <Data>5860</Data>

  <Data>01d5265210dec022</Data>

  <Data>C:\Program Files\ESET\ESET Security\SysInspector.exe</Data>

  <Data>C:\Program Files\ESET\ESET Security\SysInspector.exe</Data>

  <Data>89c9e574-29d7-4838-bb51-ea278453d03c</Data>

  <Data />

  <Data />

  </EventData>

  </Event>

[ALERT! Windows 10 1903 incompatibility with ESSP secure data feature]

Not true.  I am in contact with ESET Technical support technical management team they and I have found that enabling the secure data feature in ESSP, while Condusiv Diskeeper 18 Pro is installed, results in a 0x1e K_mode_Exception_not_handled BSOD which does not allow the system to boot until the ESET uninstaller is run from safemode. the case is actively being investigated.  case #285912

according to the support tech, endpoint encryption and ESSP's secure data feature both use the same software, originally made by DESLock.

Also found out just today, that the Sysinspector crashes on load. you can create sysinspector logs, but you can not view them. I will be creating a separate post about that issue.

[Importing setting to new HDD?]

don't know if your system is used by others, but if it is not, then I would not worry about this issue. the security hole from the article can only be exploited locally, as in sitting at the machine. Unless you are going to be performing DDOS attacks or hacking into your own system, then your safe. If it's your own system, your should already have Admin level access to the OS available to you. the only way for to be vulnerable is if you allow access to your machine to a untrusted remote user using Remote Desktop, Teamviewer or other similar software.

[ALERT! Windows 10 1903 incompatibility with ESSP secure data feature]

Just got off the phone with ESET support, and the Advisory for the ESET Endpoint Encryption and Windows 10 1903 should eventually be updated to include ESET Smart security premium, but until then, I am notifying all users here.

 

If you use Eset Smart Security Premium's Secure Data feature on Windows 10 v1903 and certain other third party software such as Condusiv Diskeeper 18 Professional, you will run into non recoverable BSOD at startup of the OS. 

the BSOD stop code is 'K_Mode Exception Not Handled'

Windows will only boot into safe mode 

the only way to recover from the BSOD is too temporarily uninstall ESSP using the ESET uninstaller from here ->(https://support.eset.com/kb2289/) <- and uninstall ESSP temporily. although removing the offending third party software only will also fix the issue, this is usually not possible due to the fact that the Microsoft Installer service will not run under windows safe mode. after windows is back up and running again, you may reinstall ESSP, but for the time being, UNDER NO CIRCUMSTANCES, TURN ON THE SECURE DATA FEATURE.

[Web Camera]

so it looks like they repacked the version and fixed what ever was the problem. (as denoted by the .1 at the end of the version)

[Web Camera]

my built-in web cam  is also under the "camera" category in device manager. It worked fine under 11.0.159.0, but had problems when i upgraded to 11.1.4x.0

It's on a 2010 Toshiba satellite laptop and the device is called "USB 2.0 UVC Webcam"

 

My solution was to do the following:

1. export your current EIS settings in the settings menu of EIS.
2. goto eset.com and either download the smart installer or the full package (i prefer the full package)
3. write down or find a copy of your EIS license info (you will need it when you re install EIS)
4. uninstall EIS and then reboot
5. install EIS again using the installer downloaded in step 2 and reboot once more
6. import your EIS settings using the same menu the you used to export them.
7. check your settings to see if they are set as you want them to be.

after this the web cam protection and any other feature that were not working should now work.

[Web Camera]

believe it or not... a clean install of 11.1.42.0 will solve the problem of the camera and device control not working. I don't know why it would not work after upgrading, but i can only assume the there is a major change under the hood between the two versions (11.0.159.0 and 11.1.42.0) that is not working well with the upgrade process. At least Eset was quick about packaging up the new version for a full install, which solves the problem.

the windows 10 store app titled "Camera" by M$, works and triggers the camera protection when loaded for the first time, as does the camera application that came with the system, "Toshiba Web Camera application".

 

device control, likewise seems to be fully working as well.

[Web Camera]

well you may not have an issue as your running win7. this may or may not be a win10 only issue

[Web Camera]

when i checked the other day the setup program link on the eset site was for 11.0.159.0 the only way to get to 11.1.42 is through updating via the program. 

 

NOTE: just checked the downloads page, and EIS 11.1.42.0 is now available for download

[Web Camera]

that's what i found happens too. so annoying.

 

my error message says it only affects newly connected cameras until the computer is restarted, but this is clearly not the case.

 

i'm on 11.1.42.0 now as well

 

only real fix I have found is to run a repair from app and features, which reverts you to 11.0.159.0. then let it update to 11.0.159.9 and then turn off application updates in eis advanced settings. i admit this is more of a workaround than a fix, but it's all i could come up with so far.

[Web Camera]

Found a temporary work around, running a repair from apps/settings in win10, the repair reverted EIS to 11.0.159.0. after the restart, i turned off application updates. under 11.0.159.0, web cam protection and device control are now working under the older version.

 

i appear to have that version module installed, and under the version i talked about above, the web cam protection and device control work. but updating to 11.1.40.0 causes those two features to not work.

[Webcam protection still does not work]

found a fix of a sort, for me at least. I went into apps and settings, and found the entry for EIS and clicked modify, then repair. EIS reverted from 11.1.40.0 to 11.0.159.0. then i restarted when asked to. after the restart, i went  into advanced settings > updates and turned off application updates. I don't know how long it will take ESET to fix the issue, but for now 11.0.159.0 has working device control and web cam protection, while version 11.1.40.0 does not.

[Webcam protection still does not work]

after updating EIS to version 11.1.40.0 both web cam protection AND device control have stopped working. both features were working prior to the upgrade via program update. going to try rolling back the update through EIS advance program settings to see if that will get it working for now.

[Web Camera]

looks like my fix for web cam protection didn't stick. after a restart, it was showing the error again.

[Web Camera]

might have found a solution for this.

1. go into ESET and turn off the Web Cam protection
2. open device manager (Win+X and select device manager) and uninstall the camera device  (in my case "USB 2.0 UVC WebCam"
3. enable webcam protection in ESET.
4. go back to device manager and select the scan for hardware changes button (or with the device manager open press this key sequence : ALT > a > a)

Web cam protection should be enabled properly now. I don't know what changed in from the previous version, but something obviously change so that Device Control and Web Cam Protection no longer function. 

I am still working on a fix for Device Control.

[Web Camera]

I'm having this issue too. Device control is not working either. issue started after application update to 11.1.40.0

[ESET and KB4056892]

I am on west coast USA, so by 11pm 1/3/18 i should have had it available. but it wasn't

[ESET and KB4056892]

3 hours ago, itman said:

Same here. Reg. key update exists and Eset module shows 1533.3. Manually checked for updates and none available.

Note that Microsoft's recommended manual install for the update differs from what @Phoenix posted: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 .

I also wonder if Microsoft is only offering the update initially via Windows Update to PCs w/Intel CPU's that are most vulnerable to this issue?

i have a 1st gen i7 and the update was not pushed to me. I don't know if it was because the required regkey was not present in the system or not. but after installing the update(s) as instructed above, I then activated defender's periodic scan feature, and updated the signatures for that. the key then appeared in the registry. I tried getting the module update for eis, but it would not update till this morning, at which point the key was already present. I am assuming that if i had activated the periodic scan and updated defender prior to installing the update, it would have installed the key before hand, and possibly the update would have gotten pushed to me via windows update. this needs to be tested, obviously....

[ESET and KB4056892]

Product used: EIS 11.0.159.0

was just about to post on this when i spotted this thread. I checked my system, and I don't even have a subkey called 'QualityCompat'. So my guess would be that EIS and NOD32 ARE NOT compatible. whether this changes is most likely up to Eset.

[ESET Internet Security 11]

On ‎10‎/‎18‎/‎2017 at 9:00 PM, anton83 said:

It's allready said here that ESS form version 11 became EIS with the same functionality. And in previous versions the only difference beetween ESS and EIS was in anti theft feature, in all other they are identical.

EIS is only available in german atm. I live in USA and don't speak german. so EIS 10 which is available, is a downgrade.

[ESET Internet Security 11]

is it possible for someone from eset to do a feature comparison between ESS 10 and EIS 11? (if one has not already been done) It would make me feel easier about switching over to EIS. The only reason I have not switched our systems over yet, is because I fear losing functionality between versions. I don't want a downgrade. I want the equivalent level of features. I am glad anti theft is in EIS 11, but if there are other features that ESS has that EIS does not, then I will not switch over. I do plan on switching over to ESS Premium when my license expires, but that wont be until late 2018