Jump to content
An upgrade will take place on September 23, 2020 at 16:00 CEST (14:00 GMT). The Forum will not be accessible for a short period of time. ×

Archived

This topic is now archived and is closed to further replies.

jafarfathi

Having truble with Metatrader [Emofid Version]

Recommended Posts

Hi All.

After an database update I got in trouble with My Meta trader 4 [it's an executive version from Emofid company]

ESET detected Malware on it and removed all .exe files in this software folder.

for know I added this folder in Detection Exclusions but can someone check this app and tell me it's safe?

 

Donwload link from company site: https://emofid.com/media/45376/mofidtrader.exe

 

Share this post


Link to post
Share on other sites

The file is not detected by ESET:

mofidtrader.exe » UPX v13_m8 - is OK

Please remove the exclusions and re-scan the file(s).

Share this post


Link to post
Share on other sites

Please post the information about installed modules (Update -> Show all modules).

Share this post


Link to post
Share on other sites

It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore.

Share this post


Link to post
Share on other sites
Just now, Nightowl said:

It is your suspicious application setting that is triggering this detection , you can add this software to exclusions if you trust it so it won't be detected anymore.

That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules.

Share this post


Link to post
Share on other sites
1 minute ago, Marcos said:

That's what he did and I suggested to remove it from exclusions since the file is not detected with current modules.

But it is the machine learning that is triggering the detection , not the update database

The way this program behaves is being triggered by AUGUR that is suspicious

Share this post


Link to post
Share on other sites

So as I trust the software I can add it to exclusions without any worries?

Share this post


Link to post
Share on other sites

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

Share this post


Link to post
Share on other sites
9 minutes ago, Marcos said:

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

Isn't it the suspicious apps setting in his ESET?

Share this post


Link to post
Share on other sites
4 minutes ago, Nightowl said:

Isn't it the suspicious apps setting in his ESET?

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD.

Detection of suspicious app would look like
file.exe - a variant of Win32/Packed.VMProtect.AC suspicious application

 

Share this post


Link to post
Share on other sites
2 minutes ago, Marcos said:

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid or EDTD.

I understand that , thank you.

Share this post


Link to post
Share on other sites
17 minutes ago, Marcos said:

I would avoid using exclusions. Instead please collect logs with ESET Log Collector and post it here. It looks like the file was blocked by LiveGrid, however, the file I downloaded from the above link is not blocked by LiveGrid.

How can I do that? I did something but all files are empty

22.jpg

Share this post


Link to post
Share on other sites

Okay. so log is created but it's over than 100mb. is it safe to share it here?

Share this post


Link to post
Share on other sites

You can upload it to a safe location, e.g. OneDrive and drop me a personal message with a download link. Or generate a new archive while using the default template, I assume the size of the log should be significantly smaller.

Share this post


Link to post
Share on other sites

it was the collection mode. new file is 1.5 mb 😀 I'll send you a personal message. thanks for your help.

Share this post


Link to post
Share on other sites

Since the archive is small now, you can upload it here. Sharing via services where we must request access with our private accounts is not the right way to go.

Share this post


Link to post
Share on other sites
7 hours ago, Marcos said:

The alert reads "Suspicious" detection which means the file was blocked by LiveGrid

This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict?

Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's?

Share this post


Link to post
Share on other sites
13 minutes ago, itman said:

This is news to me. Are you stating LiveGrid actually now blocks something? Or is the blocking occurring after LiveGrid analysis has rendered a verdict?

Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced.

Quote

Also are not "Suspicious" detection's supposed to throw an Eset alert requiring user action? Or does that only apply to AML "Suspicious" detection's?

The action for "suspicious object" and Augur detections depends on the cleaning mode settings.

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

The action for "suspicious object" and Augur detections depends on the cleaning mode settings.

Ahh ...... Thanks.

Share this post


Link to post
Share on other sites
5 minutes ago, Marcos said:

Not now, it's been blocking files for several years already, probably since shortly after LiveGrid was introduced.

Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute.

Share this post


Link to post
Share on other sites
4 minutes ago, itman said:

Not based on my testing. Whenever a LiveGrid upload occurs as evidenced by corresponding Eset event log submission entry, the process is allowed to execute.

It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist. LiveGrid is not meant to provide instant results for submitted files; that's what ESET Dynamic Threat Defense was made for.

Share this post


Link to post
Share on other sites
33 minutes ago, Marcos said:

It takes some time to process the file and to delivery the result in case a detection is created for it or if the file is blocked in the LiveGrid blacklist.

OK. "We're back on the same page again"

Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset.

Share this post


Link to post
Share on other sites
Just now, itman said:

Also the difference between LiveGrid and EDTD which can block execution till Eset cloud server verdict is rendered, We just need like capability made available in the client versions of Eset.

We are going to introduce EDTD for any customers with Endpoint within the next few weeks.  As for home users, I'm not sure there would be enough of them who would be willing to pay an extra fee for EDTD.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...