HSS77 2 Posted August 12, 2020 Share Posted August 12, 2020 Eset scan found that of flight ticket PDF from June 2018. Also real time protection found it later when I tried to remove it back for sending to Eset for check. 12.8.2020 9.12.28 Reaaliaikainen tiedostojärjestelmän suojaus tiedosto /Users/xxxx/Downloads/eticket-WWOHPM.pdf PDF/Phishing.A.Gen troijalainen puhdistettiin poistamalla xxxxx Tiedostoa avattaessa ilmeni ongelma. Sovellus: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock (7C4BCE5A91D672E0B536F081947520167982C751). A94A42DCFB82064F3BCBBFCDFEE1EA0C573634E5 6. 6.2018 22:22:00 Eset Cyber Security for Mac, Update version: 21808 Eset Live Grid seems to be off at the moment so cannot send the file. When I try to put the file back to the folder, Eset automatically quarantines it so impossible to send it at the moment. Is there some false positives causing in the newest version? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 12, 2020 Administrators Share Posted August 12, 2020 Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com and with a link to this topic. It can be FP but also it could be that a url in the pdf points to a website that has been compromised and contains phishing. Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 5 minutes ago, Marcos said: Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com and with a link to this topic. It can be FP but also it could be that a url in the pdf points to a website that has been compromised and contains phishing. How can I get the file back? Every time I try to restore it to folder it gets automatically quarantined. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted August 12, 2020 Most Valued Members Share Posted August 12, 2020 13 minutes ago, HSS77 said: Eset scan found that of flight ticket PDF from June 2018. Also real time protection found it later when I tried to remove it back for sending to Eset for check. 12.8.2020 9.12.28 Reaaliaikainen tiedostojärjestelmän suojaus tiedosto /Users/xxxx/Downloads/eticket-WWOHPM.pdf PDF/Phishing.A.Gen troijalainen puhdistettiin poistamalla xxxxx Tiedostoa avattaessa ilmeni ongelma. Sovellus: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock (7C4BCE5A91D672E0B536F081947520167982C751). A94A42DCFB82064F3BCBBFCDFEE1EA0C573634E5 6. 6.2018 22:22:00 Eset Cyber Security for Mac, Update version: 21808 Eset Live Grid seems to be off at the moment so cannot send the file. When I try to put the file back to the folder, Eset automatically quarantines it so impossible to send it at the moment. Is there some false positives causing in the newest version? Try to have the Live Grid enabled ( Reputation not Submission I mean ) It may change the detection result , as it was offline , AI will act different. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 12, 2020 Administrators Share Posted August 12, 2020 You can temporarily pause real-time protection. Also make sure that you have the LiveGrid feedback system enabled since we have not received the file via LG yet. Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 16 minutes ago, Nightowl said: Try to have the Live Grid enabled ( Reputation not Submission I mean ) It may change the detection result , as it was offline , AI will act different. I have it enabled and its showing grey. When trying to send it says "Sending Suspicious files is not in use at the moment" (In Finnish) When I try to open settings it ask for username and pw. The ones I got when paying the subscription are not working. I mean username EAV.... Saying "franchise" user username or pw is wrong. My wifes laptop is the "admin" user or something similar. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted August 12, 2020 Most Valued Members Share Posted August 12, 2020 15 minutes ago, HSS77 said: I have it enabled and its showing grey. When trying to send it says "Sending Suspicious files is not in use at the moment" (In Finnish) When I try to open settings it ask for username and pw. The ones I got when paying the subscription are not working. I mean username EAV.... Saying "franchise" user username or pw is wrong. My wifes laptop is the "admin" user or something similar. It seems your ESET isn't happy about the license details it have that's why it's not making submissions to Livegrid. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 12, 2020 Administrators Share Posted August 12, 2020 The license is ok. If you have EAV settings protected with a password, you should get the following prompt when attempting to open advanced setup: Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 4 minutes ago, Nightowl said: It seems your ESET isn't happy about the license details it have that's why it's not making submissions to Livegrid. I checked myEset.com. It shows my laptop activated as well and I'm gettin updates etc normally. My wifes laptop is the "admin" user, I would need username and pw to make changes (like remove realtime protection) but the ones I got when subscribing are not working. Any ideas how to get the working login details pls? Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted August 12, 2020 Most Valued Members Share Posted August 12, 2020 3 minutes ago, HSS77 said: I checked myEset.com. It shows my laptop activated as well and I'm gettin updates etc normally. My wifes laptop is the "admin" user, I would need username and pw to make changes (like remove realtime protection) but the ones I got when subscribing are not working. Any ideas how to get the working login details pls? That's administrative permissions , it is related to Windows not ESET, That's what you mean if I am not mistaken. Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 4 minutes ago, Nightowl said: That's administrative permissions , it is related to Windows not ESET, That's what you mean if I am not mistaken. Hah, thanks. Just different than usual MacOS admin user details box. Managed now to change the settings and allow file sending to be analysed from the quarantine. I hope the file is sent now, can someone confirm please. Great stuff, many thanks for the help so far! Nightowl 1 Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 1 hour ago, Marcos said: You can temporarily pause real-time protection. Also make sure that you have the LiveGrid feedback system enabled since we have not received the file via LG yet. Tried sending now as was able to allow it again. Thanks. Nightowl 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted August 12, 2020 Most Valued Members Share Posted August 12, 2020 20 minutes ago, HSS77 said: Hah, thanks. Just different than usual MacOS admin user details box. Managed now to change the settings and allow file sending to be analysed from the quarantine. I hope the file is sent now, can someone confirm please. Great stuff, many thanks for the help so far! Argh didn't notice that was MacOS , Glad you sorted it out. HSS77 1 Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 Sent the file by email. Here Virustotal: https://www.virustotal.com/gui/file/362d4cfa6d36b3e2bcbf6a220ef120c7df50c1545f77c90690b8c0e4b75579ed/detection Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 12, 2020 Administrators Share Posted August 12, 2020 The FP was fixed more than an hour ago, it should not be detected when scanned on your machine. VT doesn't leverage LiveGrid, hence it's still shows the file as detected. HSS77 1 Link to comment Share on other sites More sharing options...
HSS77 2 Posted August 12, 2020 Author Share Posted August 12, 2020 Just now, Marcos said: The FP was fixed more than an hour ago, it should not be detected when scanned on your machine. VT doesn't leverage LiveGrid, hence it's still shows the file as detected. Yes, was able to scan the file now and no threats found on that file. Glad it was FP and great help from this forum. Thanks a lot everyone! Link to comment Share on other sites More sharing options...
Recommended Posts