cbowers

Hello, We have some development endpoints with ESET Endpoint AV 5.0.2272.7 which scan local Docker Containers fine to various degrees (apart from access denies in parts). However if there is a Windows Server 2016 Container, if the PC is scanned, the scan never ends, until the ESET scan log file grows to the drive capacity, or is stopped. We haven't been successful finding a filter which works. Has anyone resolved this, or noted it a non-issue in later Endpoint versions? If one scans: C:\ProgramData\Docker\windowsfilter\[container ID GUID]\UtilityVM\Files\Users\All Users\Docker\windowsfilter\[container ID GUID]\Files\Users\All Users\Docker\windowsfilter\[container ID GUID]\Files\Users\All Users\Docker\windowsfilter\[container ID GUID]\Files\Users\All Users\Docker\windowsfilter\[container ID GUID]... over and over That string seems endless

I'm just trying to understand the lag here with most of the vendors including Eset. See: hxxp://www.securityweek.com/russian-hacker-tool-uses-legitimate-web-services-hide-attacks-fireeye Given this pretty much bypasses most of our detection other than ESET Endpoint, and the hashes have been known for a few weeks now: https://www.virustotal.com/en/file/8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96/analysis/ Why the delay for signature detection?