jafarfathi 3 Posted July 15, 2020 Share Posted July 15, 2020 Hi All. After an database update I got in trouble with My Meta trader 4 [it's an executive version from Emofid company] ESET detected Malware on it and removed all .exe files in this software folder. for know I added this folder in Detection Exclusions but can someone check this app and tell me it's safe? Donwload link from company site: https://emofid.com/media/45376/mofidtrader.exe Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 The file is not detected by ESET: mofidtrader.exe » UPX v13_m8 - is OK Please remove the exclusions and re-scan the file(s). jafarfathi 1 Link to comment Share on other sites More sharing options...
jafarfathi 3 Posted July 15, 2020 Author Share Posted July 15, 2020 Again ESET deleted the software 😔 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 Please post the information about installed modules (Update -> Show all modules). jafarfathi 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 15, 2020 Most Valued Members Share Posted July 15, 2020 It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore. jafarfathi 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 Just now, Nightowl said: It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore. That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules. jafarfathi 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 15, 2020 Most Valued Members Share Posted July 15, 2020 (edited) 1 minute ago, Marcos said: That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules. But it is the machine learning that is triggering the detection , not the update database The way this program behaves is being triggered by AUGUR that is suspicious Edited July 15, 2020 by Nightowl jafarfathi 1 Link to comment Share on other sites More sharing options...
jafarfathi 3 Posted July 15, 2020 Author Share Posted July 15, 2020 So as I trust the software I can add it to exclusions without any worries? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 15, 2020 Most Valued Members Share Posted July 15, 2020 9 minutes ago, Marcos said: I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid. Isn't it the suspicious apps setting in his ESET? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 4 minutes ago, Nightowl said: Isn't it the suspicious apps setting in his ESET? The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD. Detection of suspicious app would look like file.exe - a variant of Win32/Packed.VMProtect.AC suspicious application Nightowl 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 15, 2020 Most Valued Members Share Posted July 15, 2020 2 minutes ago, Marcos said: The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD. I understand that , thank you. Link to comment Share on other sites More sharing options...
jafarfathi 3 Posted July 15, 2020 Author Share Posted July 15, 2020 17 minutes ago, Marcos said: I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid. How can I do that? I did something but all files are empty Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 ELC should generate a single archive, not individual files: https://support.eset.com/en/kb3466-how-do-i-use-eset-log-collector Link to comment Share on other sites More sharing options...
jafarfathi 3 Posted July 15, 2020 Author Share Posted July 15, 2020 Okay. so log is created but it's over than 100mb. is it safe to share it here? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 You can upload it to a safe location, e.g. OneDrive and drop me a personal message with a download link. Or generate a new archive while using the default template, I assume the size of the log should be significantly smaller. Link to comment Share on other sites More sharing options...
jafarfathi 3 Posted July 15, 2020 Author Share Posted July 15, 2020 it was the collection mode. new file is 1.5 mb 😀 I'll send you a personal message. thanks for your help. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 Since the archive is small now, you can upload it here. Sharing via services where we must request access with our private accounts is not the right way to go. Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 15, 2020 Share Posted July 15, 2020 (edited) 7 hours ago, Marcos said: The alert reads "Suspicious" detection which means the file was blocked by LiveGrid This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict? Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's? Edited July 15, 2020 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 13 minutes ago, itman said: This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict? Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced. Quote Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's? The action for "suspicious object" and Augur detections depends on the cleaning mode settings. Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 15, 2020 Share Posted July 15, 2020 3 minutes ago, Marcos said: The action for "suspicious object" and Augur detections depends on the cleaning mode settings. Ahh ...... Thanks. Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 15, 2020 Share Posted July 15, 2020 5 minutes ago, Marcos said: Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced. Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 4 minutes ago, itman said: Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute. It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist. LiveGrid is not meant to provide instant results for submitted files; that's what ESET Dynamic Threat Defense was made for. Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 15, 2020 Share Posted July 15, 2020 33 minutes ago, Marcos said: It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist. OK. "We're back on the same page again" Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2020 Administrators Share Posted July 15, 2020 Just now, itman said: Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset. We are going to introduce EDTD for any customers with Endpoint within the next few weeks. As for home users, I'm not sure there would be enough of them who would be willing to pay an extra fee for EDTD. Link to comment Share on other sites More sharing options...
Recommended Posts