Jump to content
HSS77

Eset File Security PDF/Phishing.A.Gen

Recommended Posts

Eset scan found that of flight ticket PDF from June 2018. Also real time protection found it later when I tried to remove it back for sending  to Eset for check.

12.8.2020 9.12.28    Reaaliaikainen tiedostojärjestelmän suojaus    tiedosto    /Users/xxxx/Downloads/eticket-WWOHPM.pdf    PDF/Phishing.A.Gen troijalainen    puhdistettiin poistamalla    xxxxx    Tiedostoa avattaessa ilmeni ongelma. Sovellus: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock (7C4BCE5A91D672E0B536F081947520167982C751).    A94A42DCFB82064F3BCBBFCDFEE1EA0C573634E5     6. 6.2018 22:22:00
 

Eset Cyber Security for Mac, Update version: 21808

Eset Live Grid seems to be off at the moment so cannot send the file. When I try to put the file back to the folder, Eset automatically quarantines it so impossible to send it at the moment.

Is there some false positives causing in the newest version? 

Share this post


Link to post
Share on other sites

Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com and with a link to this topic. It can be FP but also it could be that a url in the pdf points to a website that has been compromised and contains phishing.

Share this post


Link to post
Share on other sites
5 minutes ago, Marcos said:

Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com and with a link to this topic. It can be FP but also it could be that a url in the pdf points to a website that has been compromised and contains phishing.

How can I get the file back? Every time I try to restore it to folder it gets automatically quarantined.

Share this post


Link to post
Share on other sites
13 minutes ago, HSS77 said:

Eset scan found that of flight ticket PDF from June 2018. Also real time protection found it later when I tried to remove it back for sending  to Eset for check.

12.8.2020 9.12.28    Reaaliaikainen tiedostojärjestelmän suojaus    tiedosto    /Users/xxxx/Downloads/eticket-WWOHPM.pdf    PDF/Phishing.A.Gen troijalainen    puhdistettiin poistamalla    xxxxx    Tiedostoa avattaessa ilmeni ongelma. Sovellus: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock (7C4BCE5A91D672E0B536F081947520167982C751).    A94A42DCFB82064F3BCBBFCDFEE1EA0C573634E5     6. 6.2018 22:22:00
 

Eset Cyber Security for Mac, Update version: 21808

Eset Live Grid seems to be off at the moment so cannot send the file. When I try to put the file back to the folder, Eset automatically quarantines it so impossible to send it at the moment.

Is there some false positives causing in the newest version? 

Try to have the Live Grid enabled ( Reputation not Submission I mean ) It may change the detection result , as it was offline , AI will act different.

Share this post


Link to post
Share on other sites

You can temporarily pause real-time protection. Also make sure that you have the LiveGrid feedback system enabled since we have not received the file via LG yet.

Share this post


Link to post
Share on other sites
16 minutes ago, Nightowl said:

Try to have the Live Grid enabled ( Reputation not Submission I mean ) It may change the detection result , as it was offline , AI will act different.

I have it enabled and its showing grey. When trying to send it says "Sending Suspicious files is not in use at the moment" (In Finnish)  When I try to open settings it ask for username and pw. The ones I got when paying the subscription are not working. I mean username EAV.... 

Saying "franchise" user username or pw is wrong. My wifes laptop is the "admin" user or something similar. 

Share this post


Link to post
Share on other sites
15 minutes ago, HSS77 said:

I have it enabled and its showing grey. When trying to send it says "Sending Suspicious files is not in use at the moment" (In Finnish)  When I try to open settings it ask for username and pw. The ones I got when paying the subscription are not working. I mean username EAV.... 

Saying "franchise" user username or pw is wrong. My wifes laptop is the "admin" user or something similar. 

It seems your ESET isn't happy about the license details it have that's why it's not making submissions to Livegrid.

Share this post


Link to post
Share on other sites

The license is ok. If you have EAV settings protected with a password, you should get the following prompt when attempting to open advanced setup:

image.png

Share this post


Link to post
Share on other sites
4 minutes ago, Nightowl said:

It seems your ESET isn't happy about the license details it have that's why it's not making submissions to Livegrid.

I checked myEset.com. It shows my laptop activated as well and I'm gettin updates etc normally. My wifes laptop is the "admin" user, I would need username and pw to make changes (like remove realtime protection) but the ones I got when subscribing are not working. Any ideas how to get the working login details pls?

Share this post


Link to post
Share on other sites
3 minutes ago, HSS77 said:

I checked myEset.com. It shows my laptop activated as well and I'm gettin updates etc normally. My wifes laptop is the "admin" user, I would need username and pw to make changes (like remove realtime protection) but the ones I got when subscribing are not working. Any ideas how to get the working login details pls?

That's administrative permissions , it is related to Windows not ESET, That's what you mean if I am not mistaken.

Share this post


Link to post
Share on other sites
4 minutes ago, Nightowl said:

That's administrative permissions , it is related to Windows not ESET, That's what you mean if I am not mistaken.

Hah, thanks. Just different than usual MacOS admin user details box. Managed now to change the settings and allow file sending to be analysed from the quarantine. I hope the file is sent now, can someone confirm please. 

Great stuff, many thanks for the help so far!

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

You can temporarily pause real-time protection. Also make sure that you have the LiveGrid feedback system enabled since we have not received the file via LG yet.

Tried sending now as was able to allow it again. Thanks. 

Share this post


Link to post
Share on other sites
20 minutes ago, HSS77 said:

Hah, thanks. Just different than usual MacOS admin user details box. Managed now to change the settings and allow file sending to be analysed from the quarantine. I hope the file is sent now, can someone confirm please. 

Great stuff, many thanks for the help so far!

Argh didn't notice that was MacOS , Glad you sorted it out. :)

Share this post


Link to post
Share on other sites

The FP was fixed more than an hour ago, it should not be detected when scanned on your machine. VT doesn't leverage LiveGrid, hence it's still shows the file as detected.

Share this post


Link to post
Share on other sites
Just now, Marcos said:

The FP was fixed more than an hour ago, it should not be detected when scanned on your machine. VT doesn't leverage LiveGrid, hence it's still shows the file as detected.

Yes, was able to scan the file now and no threats found on that file. Glad it was FP and great help from this forum. Thanks a lot everyone!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...