AnthonyQ

Most samples (DOS virus) are not modern threats and are thus considered low-quality.

Same here. Can't activate my ESSP product.

Two Cobalt Strike Trojan samples were submitted via email but have not been detected so far. https://www.virustotal.com/gui/file/0e580e784654cfe00a0ad3921fd75a423b34014faed18febdf9d94e9b8eda1f1 https://www.virustotal.com/gui/file/8b941812bf5902399bf45c7f1b59d471ed19e8cf1bb7dccec1779ca0e87c4e9a The analysis of this kind of "time-sensitive" backdoor Trojan should be prioritized, as delayed analysis and detection might be of no use and value (C2 server might be offline).

A stealer sample that was submitted via email almost 2 days ago is still not detected by ESET: https://www.virustotal.com/gui/file/609cccf310e725ba4ff4d74edffa0c33d4640f3c391dbbac4e1d00dd3f9c249e

Just checked, these Rootkit samples are finally detected as Win64/Rootkit.Agent.BQ.

Rogue software (https://www.virustotal.com/gui/file/929172dd61611225b11ebb6da098122ff813d7c266dd632be326d16d338e8df5) was submitted on 13/9/2022 but not added to detection database.

There is no reason to install and use them together. ESET outperforms MBAM in almost every aspects, especially false positive control and detection rate. If you are not confident in ESET's behavior blocker, you can try using Hitman Pro Alert or Kaspersky Anti-ransomware Tool, both claiming to be compatible with most 3rd party AVs.

I've submitted the following potential Rootkit samples to ESET Labs via Email more than ten days ago, but I have not received any replies and no detection was added. https://www.virustotal.com/gui/file/eaad75470e21084ab3a38f6cb0f3aa72d4203260515619f8703e3fc80e800d7a https://www.virustotal.com/gui/file/b83915f38f022aaf9b540f80514fbbc19febf76538788a2f5e351d4e65c1b417 https://www.virustotal.com/gui/file/8bef06598b67c1edbbf42399a19c8a8aa61d12466e873d70e9e26a10ba54d308 Does that mean ESET found the above samples were not not malicious and detection was not necessary?

From my experience, I feel that most threats detected by LiveGuard can also be detected by other ESET’s post-execution detection technologies, such as Advanced Memory Scanner, HTTP filter, ransomware shield, and so on.

Another two samples submitted hours ago but is still not detected: https://www.virustotal.com/gui/file/8a27bb4abb5e37bcce889739860b6d2c70af82c4b3f8e6c21490e122495324b5 https://www.virustotal.com/gui/file/d1145a9ed5625c75ada3d584eec7b030b27454a34905838faedeaf497b915164

ESET has added a detection "A Variant Of Generik.NGIZHAK" for it. Too late. Also I don't think this Generik detection is able to cover future variants of this malware.

No, I use Outlook mail, the same one I signed up for in this forum.

I submitted samples via email, not in-product submission system. Btw, these two samples are still not detected…

Another two samples were submitted, but I did not get a reply, and no detection was added. Sample 1: https://www.virustotal.com/gui/file/4e9ea62b43f207f6bbe7780c4d5258d946de7d31d32975950491897999579c84 Sample 2: https://www.virustotal.com/gui/file/26fcb0b2ee87c249d282c9c922b66b8a5a97d4af19938fa533858bf11913c63b Also, as I haven't received any reply from ESET Lab since early August, I would like to know whether ESET Lab can actually receive my email submission.

Hi, I've recently submitted several samples to ESET via email, but they haven't been detected. Sample 1: https://www.virustotal.com/gui/file/7750749daa1ad5c1de9144b4e4a4430b647dcaea8e68bf2f34da81e1ae19f567 Sample 2: https://www.virustotal.com/gui/file/b318662824bcd550e8a3161a184b4e7f9dc1265c82ac6cb565bfcd53ac834c26 (it will try to disable UAC during installation) Sample 3: https://www.virustotal.com/gui/file/785e9b07fc8ed60165bccab77cd09e1a7991ce1c54c6afb58a9d4d37b76e69e0 Sample 4: https://www.virustotal.com/gui/file/69b8b968c8f68670ed353f2f4752b2af092d4a19a92c1bc235b293fa0b188bd4 Sample 5: https://www.virustotal.com/gui/file/bf4ed8d5dc017a7346f7981ce4db8156c1b76b0cd6f9a37394378371fb548870 Please take a look at them and add proper detection. Anthony

Yeah. An analyst has added a detection for the file in question. Maybe I should set detection engine to Aggressive for other kinds of threats to ensure ML-based detection can be properly triggered next time.

No ML detection on my PC... Detection engine has been set to Aggressive for Malware. Also, after manual submission to LiveGuard, it seemed to tell my that this file is safe to open...

I just downloaded a sample from MalwareBazaar (MD5: dc55c31f417efc2fa4d421a16277e3b1) which is undetected by ESET's scanner, using Edge's bulit-in download function. However, after extracted by 7-Zip, this sample was again blocked by LiveGuard but wasn't uploaded to the cloud automatically. 7 mins later, a notification saying LiveGuard needs more time to analyze appeared. But I don't think LiveGuard has actually received the sample.

I use IDM to download files and that might be a reason why LiveGuard is not working properly on my PC. But I think ESET LiveGuard should support IDM in the future, as it is widely used.

No. After manual submission to LiveGuard, some samples can be detected and removed by LiveGuard.

That's not true. I can easily upload samples to LiveGuard manually via the option in context menu.

Yes. I continue experiencing issues with LiveGuard which are discussed above. Regarding this test file, ESET LiveGuard didn't block and send it to the cloud.

Hi Marcos, Any update on this issue? 🤔

In fact, since last week, ESET has become very slow in analyzing the samples submitted via email.

Another hash: d9108ee2137524c1963fe4419914beb78ad6358f - Blocked by LiveGuard but not uploaded to the cloud