12.1.31 GUI bug

[0xDEADBEEF 43]

Seems there is a bug with 12.1.31 GUI. Sometimes when the main GUI is not opened (egui.exe not in the process list), and when a threat is detected, the main GUI window will popup along with the notification on the bottom right corner.. I don't think this is expected. Please let me know what needs to be logged because the issue can be reproduced.

[Marcos 4,705]

I was unable to reproduce it with eicar. Please create a demonstration video.

[0xDEADBEEF 43]

attached is the zip containing the GIF recording

demo.zip

[itman 1,538]

I couldn't duplicate the behavior also when the AMTSO desktop or wicar.org tests were run. However, those are all detected via the HTTP filter in Eset Web Access protection.

I believe @0xDEADBEEF runs his malware samples from prior downloaded files? So this issue might lie with heuristic real-time scanning or perhaps possibly the new HIPS advanced behavioral modification detection.

[Marcos 4,705]

@0xDEADBEEF please confirm or deny that you are able to reproduce the issue, e.g. by downloading the eicar test file.

[itman 1,538]

I restored one of my test malware from Eset quarantine. This one has Eicar imbedded in a zipped .pdf. As the below screen shot shows, only the Eset popup alert was shown and the Eset GUI did not open. So I don't know what is going on in regards to @0xDEADBEEF issue:

[0xDEADBEEF 43]

35 minutes ago, Marcos said:

please confirm or deny that you are able to reproduce the issue, e.g. by downloading the eicar test file.

yes, EICAR also result in the same behavior. Seems it is not dependent on the threat type, because now that the camera protection popup will also bring up the main GUI window

Another observation is that when I close the main window, the egui.exe will stay in the process list for some while. During this time if another popup is triggered, the main window will not be brought up. It happens only when egui is not in the process list.

Edited March 8, 2019 by 0xDEADBEEF

[0xDEADBEEF 43]

30 minutes ago, itman said:

So I don't know what is going on in regards to @0xDEADBEEF issue

This issue has now also surfaced on my laptop (yesterday was desktop). was a bit surprised that no other people have encountered this in beta phase.

[Marcos 4,705]

Does it occur when egui is not running (only egui proxy is) and a detection is triggered?

[0xDEADBEEF 43]

20 minutes ago, Marcos said:

Does it occur when egui is not running (only egui proxy is) and a detection is triggered?

OK I think I find out how to reproduce it precisely.

In normal case it won't happen, it only happens when you have a manual scan result in the Computer scan tab (see below)

in such case a popup trigger will bring up the main GUI. If I click dismiss, this issue will disappear. Guess there is a logic bug in the code.

[itman 1,538]

23 minutes ago, Marcos said:

Does it occur when egui is not running (only egui proxy is) and a detection is triggered?

Not based on my testing where I had the Eset GUI open and minimized on the desktop.

I also screwed up on my above posted test and didn't run the test malware from an archive. However, it is still nice to see Eset detect .pdf malware upon file access.

So I redownloaded the test malware from source as a password protected archive. This time Eset nailed it upon extraction.

44 minutes ago, 0xDEADBEEF said:

Another observation is that when I close the main window, the egui.exe will stay in the process list for some while.

Again I checked this and equi.exe is immediately terminated upon close of Eset GUI on the desktop.