Jump to content

Eset Not Detecting Test Coin Miner


Recommended Posts

Just to be sure, I disabled SmartScreen in Edge and still no alert from Eset. Sure the same will happen in IE11. Eset always alerts prior to SmartScreen.

Running EIS ver. 11.2.42 with default settings as far as Internet Protection goes.

Link to comment
Share on other sites

Also, don't believe this is Coin Hive based since I have the following in an Eset URL block list and those didn't trigger either:

*.coinhive.com/*
*.coin-hive.com/*

Link to comment
Share on other sites

I don't get it either. Below is the code it is executing. The block list should have detected it regardless:

Quote

 

<html>
<script src="https://coinhive.com/lib/coinhive.min.js">
    </script><script>var miner = new CoinHive.Anonymous('VrqhGymiL9VzA7DO9YcZNzOVyNkY6tVS',       {throttle: 0.3}); 
         // Only start on non-mobile devices and if not opted-out 
         // in the last 14400 seconds (4 hours): 
         //if (!miner.isMobile() && !miner.didOptOut(14400))  {   miner.start();

         //}

</script>

</html>

 

If I click on the coinhive link, the block list detects it.

And all PUA detection settings are enabled.

Edited by itman
Link to comment
Share on other sites

@Marcos, it gets weirder.

I am using Easylist Privacy tpl in IE11. Additional in Edge, I am using AdGuard extension with both Easylist Privacy and NoCoin lists. All these will detect Coinhive. None of them triggered in this Wicar.org coin miner test.  

So I went to the AMTSO Desktop Test site and ran the PUA test. Eset performed as expected and alerted on PUA detection. So at this point, I am at a loss as to why this is happening.

Also I am running on Win 10 x(64) 1803.

Looks like Wicar.org copied the code straight from here: https://medium.com/@bitcoinloverr/100-latest-coinhive-javascript-mining-trick-monero-b525f38ce545

Link to comment
Share on other sites

Mine detects it, but I have to disable my adblock plugin to see ESET's prompt because my adblock will block the mining script before ESET kicks in.

Link to comment
Share on other sites

- Posting edited to reflect what the issue really was -

Indeed, further testing confirmed tracking protection lists used in Edge and IE11 were intercepting and blocking the connection to coinhive.com prior to Eset having a chance to do likewise. 

As far as the SmartScreen alert, it is a bogus one as most browser based SmartScreen alerts are. All SmartScreen is blocking is access to the wicar.org coin miner test web site; not any actual coin mining activity occurring there.

Edited by itman
Link to comment
Share on other sites

Will also add that I found an obscure European coinhive test web site that SmartScreen does not detects to test Eset's coin miner protection. 

Eset_Coinhive.thumb.png.f1db7bc21b22c43a618c9c4b21e08381.png

 

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...