Jump to content

Recommended Posts

Posted

After the November 2019 Windows 10 update the existing Phantom account on my computer was suddenly gone. I now get the message of ESET Internet Security that I need to recreated it. When checking the latest updates that were installed on my PC on Nov. 13 I noticed that it included: the cumulative update for Windows 10 version 1903 for x64 systems (KB4524570) and the installation of the Windows program for the removal of malicious software (KB890830). Is that the cause of the disappearance of the Phantom account? If so, how to avoid that this happens again? If these updates were not the cause, then why did it disappear? Thanks.

  • Administrators
Posted

This is a known issue of v13. It's been tracked as a bug and already resolved internally so a fix will be included in the next release of v13.

Posted

Why not release an intermediate patch now? All four of my Windows 10 computers with EIS are having the problem. In the mean time, I have no theft protection. Theft protection I paid for, as a key feature of EIS.

Posted (edited)

Have to agree with the need for a priority patch. My personal laptop moves between two locations on a weekly basis. Anti-theft is one of the significant features of the product which has been rendered inoperable by the v13 upgrade. As a 30+ year veteran professional IT developer (include a period as a licenced IT security evaluator for GCHQ) I find it remarkable that such an obvious defect was missed during testing.

Edited by streeterg
Posted

I made not the November 2019 Windows 10 update, yet. I wait and see if any problems happen with the November 2019 Windows 10 update.

Is a "Phantom account" the Windows 10 guest account?

  • Most Valued Members
Posted (edited)
On 11/16/2019 at 10:29 AM, Clark T said:

I made not the November 2019 Windows 10 update, yet. I wait and see if any problems happen with the November 2019 Windows 10 update.

Is a "Phantom account" the Windows 10 guest account?

No the phantom account is part of eset Anti Theft - if you mark a device e.g as missing only the phantom account will work and possibly (although I'm unsure of this) if someone logs in it may help to detect their location.

As someone who uses eset on their PC mainly (do not currently own a laptop) it is not something I have used

Edited by peteyt
Posted

@Marcos thanks for the clarification that it will be solved with the next update V13, but as asked by @BeanSlappers, any indication when this might happen?

Will there also be communication that this issue is fixed? So users know when to setup again a new Phantom Account? I do want to avoid that I am too early and have to do it again ;)

Thanks.

Posted
6 hours ago, Dlanor said:

Will there also be communication that this issue is fixed? So users know when to setup again a new Phantom Account? I do want to avoid that I am too early and have to do it again ;)

I don't think we need to recreate the phantom account. It never went away. It's disabled in Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups -> Users -> [phantom account name]. Don't bother enabling it yet. It will automatically become disabled again in as little as a few minutes and anti-theft will be disabled again.

Posted

Well, not in my version of Windows 10... I will just wait for the white smoke comes out of the chimney.

Posted

I think it's been fixed. A small product update got installed a few days ago without having to reboot. On three of my computers, I had to delete the disabled Windows anti-theft account, reboot, go into the anti-theft web interface and create the Windows anti-theft account again (using the same account name as prior). It's been two days and no problem with anti-theft since.

Posted

I've now managed to re-initialise the Anti-Theft functionality too. Waiting to see if the "not-optimized" messages no longer occur.

Posted

Seems to be working ok atm for me. Several reboots and device relocation and still marked as optimized with no warning messages

  • Administrators
Posted

There will be a hotfix release of v13 by the beginning of Dec which will also address the issue with Anti-Theft.

Posted
On 11/25/2019 at 3:03 PM, streeterg said:

Seems to be working ok atm for me. Several reboots and device relocation and still marked as optimized with no warning messages

Just thrown the optimization message again after working ok for most of the week. Guess we need to wait for the patch and hope this addresses the issue.

Posted

Yes - this was after deleting the device from Anti-Theft and removing the phantom account in Windows to reset the conditions. Given the patch Marcos refers to has not been released yet then I didn't expect it to work

Posted

I have just received the 13.0.24.0 update to ESET IS. Does this include a fix for the Anti-Theft optimization error issue?

  • Administrators
Posted
2 minutes ago, streeterg said:

I have just received the 13.0.24.0 update to ESET IS. Does this include a fix for the Anti-Theft optimization error issue?

Yes, the bug was fixed in this version.

Posted

Still no sign of the phantom account appearing on my Windows 10 laptop. I thought that problem had been fixed with the latest release.

Posted (edited)
1 hour ago, BrianE said:

Still no sign of the phantom account appearing on my Windows 10 laptop. I thought that problem had been fixed with the latest release.

I removed the device on the anti-theft site, removed the old phantom account from Windows manually and then re-ran the anti-theft setup including the optimization step that creates the phantom account. So far it's all behaving correctly.

Note that phantom account takes a while to appear after you click the "optimize" button on the Anti-Theft web site. It seems to create an account with a random set of characters as the "name" and after a while this is modified to the real name you entered for the account.

When something gets screwed up in IT due to a bug it's usually best to reset to a known state from what is probably an unknown condition, That's why the stock answer from M$ support is to reinstall windows 😉

Edited by streeterg
Posted (edited)
36 minutes ago, streeterg said:

I removed the device on the anti-theft site, removed the old phantom account from Windows manually and then re-ran the anti-theft setup including the optimization step that creates the phantom account. So far it's all behaving correctly.

Note that phantom account takes a while to appear after you click the "optimize" button on the Anti-Theft web site. It seems to create an account with a random set of characters as the "name" and after a while this is modified to the real name you entered for the account.

When something gets screwed up in IT due to a bug it's usually best to reset to a known state from what is probably an unknown condition, That's why the stock answer from M$ support is to reinstall windows 😉

 

Well, I'm certainly not going to re-install Windows, that's for sure.

I did remove my laptop from the anti-theft site several hours ago, but I couldn't delete the phantom account because I didn't have one. Still no sign of a phantom account appearing after setting up the anti-theft feature again.

 

Edited by BrianE
Posted

It's finally appeared after several attempts. Hopefully everything will work correctly now.

Posted

After ESET 13.0.24.0 Update i looked at lusermgr.msc and found a funny user named "ydffggrr" (or so).

But this User was not visible in the normal Windows 10 User-Interface ? 😞

I did like described above started "my eset.com" --> "Anti Theft Procedure".

I was asked to install the Phantom user "Alexander".  I did.

Nothing happened after this. Computer Reboot. Nothing. Computer shut down again and went to sleep.

This morning restarted the Computer and Alexander is there 🙂

I entered the "Alexander" User works like usual "Hello, please wait while we install…." , but Harddrive "D" is blocked (no Access). (Windows is on  Drive "C")

I started lusrmgr.msc again, the funny user "ydffggrr" is gone :-) Alexander is there and in the Windows 10 user interface, too.

Just for the records:

Should Alexander be used one time, to Setup the complete account or is this not necessary?

I think, the Thief would be suspicious, if entering into an account, which never had been started before..

 

Posted
14 minutes ago, hrgajek said:

After ESET 13.0.24.0 Update i looked at lusermgr.msc and found a funny user named "ydffggrr" (or so).

But this User was not visible in the normal Windows 10 User-Interface ? 😞

I did like described above started "my eset.com" --> "Anti Theft Procedure".

I was asked to install the Phantom user "Alexander".  I did.

Nothing happened after this. Computer Reboot. Nothing. Computer shut down again and went to sleep.

This morning restarted the Computer and Alexander is there 🙂

I entered the "Alexander" User works like usual "Hello, please wait while we install…." , but Harddrive "D" is blocked (no Access). (Windows is on  Drive "C")

I started lusrmgr.msc again, the funny user "ydffggrr" is gone :-) Alexander is there and in the Windows 10 user interface, too.

Just for the records:

Should Alexander be used one time, to Setup the complete account or is this not necessary?

I think, the Thief would be suspicious, if entering into an account, which never had been started before..

 

 

As I said above it seems the temporary random user is part of the phantom account creation process.

You should read the user guide for the product so you understand what the phantom account does and the consequences of logging into it:

https://help.eset.com/antitheft/en-US/issue_no_fakeuseraccount.html

 

 

Posted (edited)

BTW any thief with a touch of common sense is not going to connect a stolen device to a network as they will be aware it's going to call home to Google location etc. They'll usually wipe it and sell it with a bare Windows installation in place of your setup. The ESET anti-theft is a limited form of protection against an amateur opportunist as part of a defence-in-depth policy.

Use full disk encryption (e.g. BitLocker) and strong user passwords on a laptop to protect your data.

If you don't want to encrypt the entire disk then at least use the Windows encrypting file system (EFS) for sensitive data.

If your version of Windows (e.g. Home) does not support Bitlocker or EFS then store sensitive data in an encrypted virtual file volume using 3rd party tools such as VeraCrypt for example. You can also upgrade to ESET Smart Security Premium which includes encryption functionality.

Edited by streeterg
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...