Jump to content

Spurious emails "ESET Anti-Theft: Suspicious behavior detected on your device"

Recommended Posts

I occasionally get an email from noreply@eset.com with subject "ESET Anti-Theft: Suspicious behavior detected on your device". And the body says "Someone has logged on the device using the Phantom Account." So I go to my.eset.com and mark it okay - I forget exactly what it said for status when I first logged in to the site.

But the laptop has never left my house, and I am not aware of anyone doing anything that should have triggered that email. It seems like it shows up (sometimes) after a reboot. If my wife just accidentally clicked the phantom account listed on the login screen after a reboot, without trying to enter a password, would that do it?

Can I uninstall just Anti-Theft and remove the phantom account cleanly without affecting anything else?

Is that what Settings->Remove Device does? The help description is "Remove device – This action deletes all data related to this device. All changes on the client system will take place after it appears online." I have no idea what data will be deleted from where or what changes will be made on my computer when it connects to the internet.


Link to comment
Share on other sites

I have this same problem. No one has answered the previous persons inquiry into this.

The last two times I logged in to my legitimate account I get an email saying that someone logged in to my phantom account. What's up with that?



Link to comment
Share on other sites

Hello sootsnoot,

I don't have a lot of experience with anti theft yet but as a resent researcher of it. I believe I can answer your questions, I will try as you have had no other responses. 

I suspect the message came from "investigating" the phantom account as you outlined.

In reviewing my own device in "myeset" click on view details on the device then if you look under "settings" under the device you can delete the phantom account and then the device from anti theft.

Changing "anti-theft" back to disabled (default) should remove the phantom account only and deactivate anti theft for that device without other changes to your eset setup.

I don't know if there is a "correct" order to do it or if it would not mater, maybe this will get you an answer if it matters.

Looking over how eset makes changes it would seem as long as you had internet access your device would communicate with the eset servers your request.

Hope this helps you some -- ebill


Link to comment
Share on other sites

  • 1 month later...

I have the same problem as well - it happens quite frequently. I am definitely not interacting in any way with any of the phantom accounts at the time, nor does taskmanager show anyone else logged in after an alert

I also get messages regularly saying that my webcam is trying to be accessed by either c:\windows\system32\taskhostw.exe or  c:\windows\system32\devicecensus.exe 

Full scan shows nothing suspicious on the machine.

Incidentally, my machine has 2  ESET phantom accounts- the standard "John" and also one randomly titled "rzjmporlfw". I previously looked into the second account and found threads saying that this was fine but was a bug in the phantom account creation. Deleting it just makes it get recreated again).


Perhaps a case for Eset Support?

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...