JS/Spigot.B

[Janet Petroff 0]

Is anyone having problems with this popup?  I've clicked on "Clean" and nothing changes.  Every time I open Chrome I get the pop-up.

[Marcos 5,069]

Try disabling all Chrome extensions and then narrow it down to the one that triggers the detection.

[itman 1,659]

FYI: https://support.eset.com/kb6551/

[Rotmaster 0]

If that message is coming up when you launch chrome/Firefox each time, disable eset then launch. What is happening is eset is catching it and preventing it from loading however the setting is there to try to load it every time. By disabling eset the extension loads allowing you to remove it like any other extension.

[jonathanbrickman0000 0]

Our ESET management center is reporting many machines at several sites with JS/Spigot.B.  How can we best use ESET Endpoint 7.0 or 7.1 to delete these extensions and also block them from ever being installed?

[itman 1,659]

1 hour ago, jonathanbrickman0000 said:

Our ESET management center is reporting many machines at several sites with JS/Spigot.B.  How can we best use ESET Endpoint 7.0 or 7.1 to delete these extensions and also block them from ever being installed? 

As far as preventing installation of malicious chrome extensions, they and add-on installations need to be managed via policy methods. Here's an article on how to do so: http://woshub.com/how-to-configure-google-chrome-via-group-policies/ .

As far as Eset goes, do you have for Real-time file system protection -> Detection Engine -> Scanner Options all the following enabled on the endpoints?

• Detection of potentially unwanted applications
• Detection of potentially unsafe applications
• Detection of suspicious applications

If the above are all enabled, you can set Real-time protection ThreatSense -> Parameters -> Cleaning level to "Strict clearing." Doing so will eliminate any PUA pop-ups from Eset on the endpoints requiring user action and automatically delete and quarantine the file.

[Marcos 5,069]

9 hours ago, jonathanbrickman0000 said:

Our ESET management center is reporting many machines at several sites with JS/Spigot.B.  How can we best use ESET Endpoint 7.0 or 7.1 to delete these extensions and also block them from ever being installed?

For a start it'd be good to get logs collected with ESET Log Collector from such machine. In managed environment, PUAs are cleaned automatically regardless of the cleaning type.

[jonathanbrickman0000 0]

Thank you, Marcos.  I did a bit of checking and found that indeed, JS/Spigot.B is being deleted as soon as it comes.  The only odd thing is, the ESET console does not report any action taken, even though action was clearly taken, it just reports that the threats exist, I have to manually tell it that resolution has occurred.  Is there a setting of some sort I am missing?

[Terry Hancock 0]

After experiencing this issue while using the trial version and reading all the posts concerning it and ESET's lack of support on this I have decided I will not be going ahead and purchasing a licence for 12 machines

[Marcos 5,069]

9 minutes ago, Terry Hancock said:

After experiencing this issue while using the trial version and reading all the posts concerning it and ESET's lack of support on this I have decided I will not be going ahead and purchasing a licence for 12 machines

ESET detected Spigot PUA which is correct, isn't it? Most of other AVs would not probably detect it at all.

ESET JS/Spigot.B application potentially unwanted
Symantec     clean
Avast        clean
Microsoft    clean
Avira        clean
DrWeb        clean
Bitdefender  Application.Redirects.B JS
Kaspersky    not-a-virus:AdWare.JS.ChromeExt.i
McAfee       clean

To prevent Chrome from downloading Spigot again and again, one may need to disable syncing of Chrome extensions as per https://support.eset.com/kb6551/.

I'm failing to see what the problem is. Please elaborate more on the issue you are having.