Dlanor 3 Posted November 15, 2019 Posted November 15, 2019 After the November 2019 Windows 10 update the existing Phantom account on my computer was suddenly gone. I now get the message of ESET Internet Security that I need to recreated it. When checking the latest updates that were installed on my PC on Nov. 13 I noticed that it included: the cumulative update for Windows 10 version 1903 for x64 systems (KB4524570) and the installation of the Windows program for the removal of malicious software (KB890830). Is that the cause of the disappearance of the Phantom account? If so, how to avoid that this happens again? If these updates were not the cause, then why did it disappear? Thanks.
Administrators Marcos 5,725 Posted November 15, 2019 Administrators Posted November 15, 2019 This is a known issue of v13. It's been tracked as a bug and already resolved internally so a fix will be included in the next release of v13.
WingsAhoy 3 Posted November 15, 2019 Posted November 15, 2019 Why not release an intermediate patch now? All four of my Windows 10 computers with EIS are having the problem. In the mean time, I have no theft protection. Theft protection I paid for, as a key feature of EIS. streeterg 1
streeterg 4 Posted November 15, 2019 Posted November 15, 2019 (edited) Have to agree with the need for a priority patch. My personal laptop moves between two locations on a weekly basis. Anti-theft is one of the significant features of the product which has been rendered inoperable by the v13 upgrade. As a 30+ year veteran professional IT developer (include a period as a licenced IT security evaluator for GCHQ) I find it remarkable that such an obvious defect was missed during testing. Edited November 24, 2019 by streeterg
Clark T 3 Posted November 16, 2019 Posted November 16, 2019 I made not the November 2019 Windows 10 update, yet. I wait and see if any problems happen with the November 2019 Windows 10 update. Is a "Phantom account" the Windows 10 guest account?
Most Valued Members peteyt 400 Posted November 16, 2019 Most Valued Members Posted November 16, 2019 (edited) On 11/16/2019 at 10:29 AM, Clark T said: I made not the November 2019 Windows 10 update, yet. I wait and see if any problems happen with the November 2019 Windows 10 update. Is a "Phantom account" the Windows 10 guest account? No the phantom account is part of eset Anti Theft - if you mark a device e.g as missing only the phantom account will work and possibly (although I'm unsure of this) if someone logs in it may help to detect their location. As someone who uses eset on their PC mainly (do not currently own a laptop) it is not something I have used Edited November 18, 2019 by peteyt Clark T 1
Dlanor 3 Posted November 17, 2019 Author Posted November 17, 2019 @Marcos thanks for the clarification that it will be solved with the next update V13, but as asked by @BeanSlappers, any indication when this might happen? Will there also be communication that this issue is fixed? So users know when to setup again a new Phantom Account? I do want to avoid that I am too early and have to do it again Thanks.
WingsAhoy 3 Posted November 17, 2019 Posted November 17, 2019 6 hours ago, Dlanor said: Will there also be communication that this issue is fixed? So users know when to setup again a new Phantom Account? I do want to avoid that I am too early and have to do it again I don't think we need to recreate the phantom account. It never went away. It's disabled in Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups -> Users -> [phantom account name]. Don't bother enabling it yet. It will automatically become disabled again in as little as a few minutes and anti-theft will be disabled again.
Dlanor 3 Posted November 21, 2019 Author Posted November 21, 2019 Well, not in my version of Windows 10... I will just wait for the white smoke comes out of the chimney. Preecha 1
WingsAhoy 3 Posted November 22, 2019 Posted November 22, 2019 I think it's been fixed. A small product update got installed a few days ago without having to reboot. On three of my computers, I had to delete the disabled Windows anti-theft account, reboot, go into the anti-theft web interface and create the Windows anti-theft account again (using the same account name as prior). It's been two days and no problem with anti-theft since.
streeterg 4 Posted November 24, 2019 Posted November 24, 2019 I've now managed to re-initialise the Anti-Theft functionality too. Waiting to see if the "not-optimized" messages no longer occur.
streeterg 4 Posted November 25, 2019 Posted November 25, 2019 Seems to be working ok atm for me. Several reboots and device relocation and still marked as optimized with no warning messages
Administrators Marcos 5,725 Posted November 26, 2019 Administrators Posted November 26, 2019 There will be a hotfix release of v13 by the beginning of Dec which will also address the issue with Anti-Theft. streeterg 1
streeterg 4 Posted November 29, 2019 Posted November 29, 2019 On 11/25/2019 at 3:03 PM, streeterg said: Seems to be working ok atm for me. Several reboots and device relocation and still marked as optimized with no warning messages Just thrown the optimization message again after working ok for most of the week. Guess we need to wait for the patch and hope this addresses the issue.
streeterg 4 Posted November 30, 2019 Posted November 30, 2019 Yes - this was after deleting the device from Anti-Theft and removing the phantom account in Windows to reset the conditions. Given the patch Marcos refers to has not been released yet then I didn't expect it to work
streeterg 4 Posted December 5, 2019 Posted December 5, 2019 I have just received the 13.0.24.0 update to ESET IS. Does this include a fix for the Anti-Theft optimization error issue?
Administrators Marcos 5,725 Posted December 5, 2019 Administrators Posted December 5, 2019 2 minutes ago, streeterg said: I have just received the 13.0.24.0 update to ESET IS. Does this include a fix for the Anti-Theft optimization error issue? Yes, the bug was fixed in this version. streeterg 1
BrianE 2 Posted December 5, 2019 Posted December 5, 2019 Still no sign of the phantom account appearing on my Windows 10 laptop. I thought that problem had been fixed with the latest release.
streeterg 4 Posted December 5, 2019 Posted December 5, 2019 (edited) 1 hour ago, BrianE said: Still no sign of the phantom account appearing on my Windows 10 laptop. I thought that problem had been fixed with the latest release. I removed the device on the anti-theft site, removed the old phantom account from Windows manually and then re-ran the anti-theft setup including the optimization step that creates the phantom account. So far it's all behaving correctly. Note that phantom account takes a while to appear after you click the "optimize" button on the Anti-Theft web site. It seems to create an account with a random set of characters as the "name" and after a while this is modified to the real name you entered for the account. When something gets screwed up in IT due to a bug it's usually best to reset to a known state from what is probably an unknown condition, That's why the stock answer from M$ support is to reinstall windows 😉 Edited December 5, 2019 by streeterg
BrianE 2 Posted December 5, 2019 Posted December 5, 2019 (edited) 36 minutes ago, streeterg said: I removed the device on the anti-theft site, removed the old phantom account from Windows manually and then re-ran the anti-theft setup including the optimization step that creates the phantom account. So far it's all behaving correctly. Note that phantom account takes a while to appear after you click the "optimize" button on the Anti-Theft web site. It seems to create an account with a random set of characters as the "name" and after a while this is modified to the real name you entered for the account. When something gets screwed up in IT due to a bug it's usually best to reset to a known state from what is probably an unknown condition, That's why the stock answer from M$ support is to reinstall windows 😉 Well, I'm certainly not going to re-install Windows, that's for sure. I did remove my laptop from the anti-theft site several hours ago, but I couldn't delete the phantom account because I didn't have one. Still no sign of a phantom account appearing after setting up the anti-theft feature again. Edited December 5, 2019 by BrianE
BrianE 2 Posted December 5, 2019 Posted December 5, 2019 It's finally appeared after several attempts. Hopefully everything will work correctly now.
hrgajek 1 Posted December 6, 2019 Posted December 6, 2019 After ESET 13.0.24.0 Update i looked at lusermgr.msc and found a funny user named "ydffggrr" (or so). But this User was not visible in the normal Windows 10 User-Interface ? 😞 I did like described above started "my eset.com" --> "Anti Theft Procedure". I was asked to install the Phantom user "Alexander". I did. Nothing happened after this. Computer Reboot. Nothing. Computer shut down again and went to sleep. This morning restarted the Computer and Alexander is there 🙂 I entered the "Alexander" User works like usual "Hello, please wait while we install…." , but Harddrive "D" is blocked (no Access). (Windows is on Drive "C") I started lusrmgr.msc again, the funny user "ydffggrr" is gone :-) Alexander is there and in the Windows 10 user interface, too. Just for the records: Should Alexander be used one time, to Setup the complete account or is this not necessary? I think, the Thief would be suspicious, if entering into an account, which never had been started before..
streeterg 4 Posted December 6, 2019 Posted December 6, 2019 14 minutes ago, hrgajek said: After ESET 13.0.24.0 Update i looked at lusermgr.msc and found a funny user named "ydffggrr" (or so). But this User was not visible in the normal Windows 10 User-Interface ? 😞 I did like described above started "my eset.com" --> "Anti Theft Procedure". I was asked to install the Phantom user "Alexander". I did. Nothing happened after this. Computer Reboot. Nothing. Computer shut down again and went to sleep. This morning restarted the Computer and Alexander is there 🙂 I entered the "Alexander" User works like usual "Hello, please wait while we install…." , but Harddrive "D" is blocked (no Access). (Windows is on Drive "C") I started lusrmgr.msc again, the funny user "ydffggrr" is gone :-) Alexander is there and in the Windows 10 user interface, too. Just for the records: Should Alexander be used one time, to Setup the complete account or is this not necessary? I think, the Thief would be suspicious, if entering into an account, which never had been started before.. As I said above it seems the temporary random user is part of the phantom account creation process. You should read the user guide for the product so you understand what the phantom account does and the consequences of logging into it: https://help.eset.com/antitheft/en-US/issue_no_fakeuseraccount.html
streeterg 4 Posted December 6, 2019 Posted December 6, 2019 (edited) BTW any thief with a touch of common sense is not going to connect a stolen device to a network as they will be aware it's going to call home to Google location etc. They'll usually wipe it and sell it with a bare Windows installation in place of your setup. The ESET anti-theft is a limited form of protection against an amateur opportunist as part of a defence-in-depth policy. Use full disk encryption (e.g. BitLocker) and strong user passwords on a laptop to protect your data. If you don't want to encrypt the entire disk then at least use the Windows encrypting file system (EFS) for sensitive data. If your version of Windows (e.g. Home) does not support Bitlocker or EFS then store sensitive data in an encrypted virtual file volume using 3rd party tools such as VeraCrypt for example. You can also upgrade to ESET Smart Security Premium which includes encryption functionality. Edited December 6, 2019 by streeterg
Recommended Posts