Jump to content

Having truble with Metatrader [Emofid Version]


Recommended Posts

Hi All.

After an database update I got in trouble with My Meta trader 4 [it's an executive version from Emofid company]

ESET detected Malware on it and removed all .exe files in this software folder.

for know I added this folder in Detection Exclusions but can someone check this app and tell me it's safe?

 

Donwload link from company site: https://emofid.com/media/45376/mofidtrader.exe

 

Link to comment
Share on other sites

  • Most Valued Members

It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore.

Link to comment
Share on other sites

  • Administrators
Just now, Nightowl said:

It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore.

That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules.

Link to comment
Share on other sites

  • Most Valued Members
1 minute ago, Marcos said:

That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules.

But it is the machine learning that is triggering the detection , not the update database

The way this program behaves is being triggered by AUGUR that is suspicious

Edited by Nightowl
Link to comment
Share on other sites

  • Administrators

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

Link to comment
Share on other sites

  • Most Valued Members
9 minutes ago, Marcos said:

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

Isn't it the suspicious apps setting in his ESET?

Link to comment
Share on other sites

  • Administrators
4 minutes ago, Nightowl said:

Isn't it the suspicious apps setting in his ESET?

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD.

Detection of suspicious app would look like
file.exe - a variant of Win32/Packed.VMProtect.AC suspicious application

 

Link to comment
Share on other sites

  • Most Valued Members
2 minutes ago, Marcos said:

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD.

I understand that , thank you.

Link to comment
Share on other sites

17 minutes ago, Marcos said:

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

How can I do that? I did something but all files are empty

22.jpg

Link to comment
Share on other sites

  • Administrators

You can upload it to a safe location, e.g. OneDrive and drop me a personal message with a download link. Or generate a new archive while using the default template, I assume the size of the log should be significantly smaller.

Link to comment
Share on other sites

  • Administrators

Since the archive is small now, you can upload it here. Sharing via services where we must request access with our private accounts is not the right way to go.

Link to comment
Share on other sites

7 hours ago, Marcos said:

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid

This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict?

Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's?

Edited by itman
Link to comment
Share on other sites

  • Administrators
13 minutes ago, itman said:

This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict?

Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced.

Quote

Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's?

The action for "suspicious object" and Augur detections depends on the cleaning mode settings.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

The action for "suspicious object" and Augur detections depends on the cleaning mode settings.

Ahh ...... Thanks.

Link to comment
Share on other sites

5 minutes ago, Marcos said:

Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced.

Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute.

Link to comment
Share on other sites

  • Administrators
4 minutes ago, itman said:

Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute.

It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist. LiveGrid is not meant to provide instant results for submitted files; that's what ESET Dynamic Threat Defense was made for.

Link to comment
Share on other sites

33 minutes ago, Marcos said:

It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist.

OK. "We're back on the same page again"

Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset.

Link to comment
Share on other sites

  • Administrators
Just now, itman said:

Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset.

We are going to introduce EDTD for any customers with Endpoint within the next few weeks.  As for home users, I'm not sure there would be enough of them who would be willing to pay an extra fee for EDTD.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...