Jump to content

Recommended Posts

Seems there is a bug with 12.1.31 GUI. Sometimes when the main GUI is not opened (egui.exe not in the process list), and when a threat is detected, the main GUI window will popup along with the notification on the bottom right corner.. I don't think this is expected. Please let me know what needs to be logged because the issue can be reproduced.

Link to comment
Share on other sites

I couldn't duplicate the behavior also when the AMTSO desktop or wicar.org tests were run. However, those are all detected via the HTTP filter in Eset Web Access protection.

I believe @0xDEADBEEF runs his malware samples from prior downloaded files? So this issue might lie with heuristic real-time scanning or perhaps possibly the new HIPS advanced behavioral modification detection.

Link to comment
Share on other sites

I restored one of my test malware from Eset quarantine. This one has Eicar imbedded in a zipped .pdf. As the below screen shot shows, only the Eset popup alert was shown and the Eset GUI did not open. So I don't know what is going on in regards to @0xDEADBEEF issue:

Eset_Eicar.thumb.png.31feb9c8676fe2b98b3a97c697ed916e.png

Link to comment
Share on other sites

35 minutes ago, Marcos said:

please confirm or deny that you are able to reproduce the issue, e.g. by downloading the eicar test file.

yes, EICAR also result in the same behavior. Seems it is not dependent on the threat type, because now that the camera protection popup will also bring up the main GUI window

Another observation is that when I close the main window, the egui.exe will stay in the process list for some while. During this time if another popup is triggered, the main window will not be brought up. It happens only when egui is not in the process list.

Edited by 0xDEADBEEF
Link to comment
Share on other sites

30 minutes ago, itman said:

So I don't know what is going on in regards to @0xDEADBEEF issue

This issue has now also surfaced on my laptop (yesterday was desktop). was a bit surprised that no other people have encountered this in beta phase.

Link to comment
Share on other sites

20 minutes ago, Marcos said:

Does it occur when egui is not running (only egui proxy is) and a detection is triggered?

OK I think I find out how to reproduce it precisely.

In normal case it won't happen, it only happens when you have a manual scan result in the Computer scan tab (see below)

scan.thumb.jpg.edb4299c4dbb89c109e20fafe8bc35c0.jpg

in such case a popup trigger will bring up the main GUI. If I click dismiss, this issue will disappear. Guess there is a logic bug in the code.

Link to comment
Share on other sites

23 minutes ago, Marcos said:

Does it occur when egui is not running (only egui proxy is) and a detection is triggered?

Not based on my testing where I had the Eset GUI open and minimized on the desktop.

I also screwed up on my above posted test and didn't run the test malware from an archive. However, it is still nice to see Eset detect .pdf malware upon file access.

So I redownloaded the test malware from source as a password protected archive. This time Eset nailed it upon extraction.

44 minutes ago, 0xDEADBEEF said:

Another observation is that when I close the main window, the egui.exe will stay in the process list for some while.

Again I checked this and equi.exe is immediately terminated upon close of Eset GUI on the desktop.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...